JKM .NET Core
.NET (5/6/7/8+)?
+
A unified, cross-platform, high-performance framework for building desktop,
web, mobile, cloud, and IoT apps.
.NET Core?
+
A fast, modular, cross-platform, open-source framework for building modern
cloud and web apps.
.NET Framework?
+
A Windows-only framework with CLR and rich libraries for building desktop
and legacy ASP.NET apps.
.NET Platform Standards?
+
pecifications that ensure shared APIs and cross-platform compatibility
across .NET runtimes.
.NET?
+
A software framework with libraries, runtime, and tools for building
applications.
@Html.AntiForgeryToken()?
+
Token used to prevent CSRF attacks.
3 important segments for routing?
+
Controller name, Action name, and optional Parameter (id).
3-tier focuses on application architecture.
+
MVC focuses on UI interaction and request handling.
ABAC?
+
Attribute-Based Access Control.
Abstract Class vs Interface?
+
Abstract class can have implementation; interface cannot.
Abstraction?
+
Hiding complex implementation details.
Access Control Matrix?
+
Table mapping users/roles to permissions.
Access Review?
+
Periodic review of user permissions.
Access Token Audience?
+
Specifies which API the token is intended for.
Access Token Leakage?
+
Unauthorized party obtains a token.
Access Token?
+
Token used to access protected APIs.
Accessing HttpContext
+
Access HttpContext via dependency injection using IHttpContextAccessor;
controllers/middleware access directly, services via
IHttpContextAccessor.HttpContext.
ACL?
+
Access Control List defining user permissions for a resource.
Action Filter?
+
Code executed before or after controller action execution.
Action Filters?
+
Attributes executed before/after controller actions.
Action Method?
+
A public method inside controller handling client requests.
Action Selector?
+
Attributes like [HttpGet], [HttpPost], [Route].
ActionInvoker?
+
Executes selected MVC action method.
ActionName attribute?
+
Maps method to a different public action name.
ActionResult is a base type that can return
various results.
+
ViewResult specifically returns a View response.
ActionResult?
+
Base type for all responses returned from action methods. A return type in
MVC representing HTTP responses returned from controller actions.
AD Group?
+
A collection of users with shared permissions.
ADO.NET?
+
Data access framework for relational databases.
AdRotator Control:
+
Displays banner ads from an XML file randomly or by weight, supporting URL
redirection for dynamic ad management.
Advantages of ASP.NET?
+
High-performance, secure server-side framework supporting WebForms, MVC, Web
API, caching, authentication, and rapid development.
Advantages of MVC:
+
Provides testability, clean separation, faster development, reusable code,
and SEO-friendly URLs.
Ajax in ASP.NET?
+
Enables asynchronous browser-server communication to update page parts
without full reload, using controls like UpdatePanel and ScriptManager.
AJAX in MVC?
+
Asynchronous calls to server without full page reload.
AllowAnonymous?
+
Attribute used to skip authorization.
ANCM?
+
ASP.NET Core Module enables hosting .NET Core under IIS reverse proxy.
Anti-forgery middleware?
+
Middleware enforcing CSRF protection in .NET Core.
AntiForgeryToken validation attribute?
+
[ValidateAntiForgeryToken] ensures request includes valid token.
AntiXSS?
+
Technique for preventing cross-site scripting.
AOT Compilation?
+
Compiles .NET apps to native code for faster startup and lower memory use.
API Documentation?
+
Swagger/OpenAPI.
API Gateway?
+
Single entry point for routing, auth, rate limiting.
API Key Authentication?
+
Custom header with an API key.
API Key Authorization?
+
Simple authorization using an API key header.
API Versioning Methods?
+
URL, Header, Query, Media Type.
API Versioning?
+
Supporting multiple versions of an API using routes, headers, or query
params.
API Versioning?
+
Supporting multiple API versions to maintain backward compatibility.
ApiController attribute do?
+
Enables auto-validation and improved routing.
App Domain Concept in ASP.NET?
+
AppDomain isolates applications within a web server. It provides security,
reliability, and memory isolation. Each website runs in its own AppDomain.
If one crashes, others remain unaffected.
app.Run vs app.Use?
+
app.Use() continues the pipeline; app.Run() terminates it.
app.UseDeveloperExceptionPage()?
+
Displays detailed errors in development mode.
app.UseExceptionHandler()?
+
Middleware for centralized exception handling.
AppDomain?
+
Isolated region where a .NET application runs.
Application Insights?
+
Azure monitoring platform for performance and telemetry.
Application Model
+
The application model determines how controllers, actions, and routing
behave. It helps apply conventions and filters across the application.
Application Pool in IIS?
+
Worker process isolation unit.
appsettings.json used for?
+
Stores configuration values like connection strings, logging, and custom
settings.
appsettings.json?
+
Primary configuration file in ASP.NET Core.
appsettings.json?
+
Stores key/value settings for the application, commonly used in ASP.NET Core
MVC.
Area in MVC?
+
Module-level grouping for large applications (Admin, Customer, User).
ASP.NET Core host apps without IIS?
+
Yes, it can run standalone using Kestrel.
ASP.NET Core run in Docker?
+
Yes, it supports containerization with official runtime and SDK images.
ASP.NET Core serve static files?
+
By enabling app.UseStaticFiles() and placing files in wwwroot.
ASP.NET Core?
+
A cross-platform, high-performance web framework for APIs, MVC, and
real-time apps.
ASP.NET Core?
+
A cross-platform, high-performance web framework for building modern
cloud-based applications.
ASP.NET filters run at the end?
+
Exception Filters are executed last. They handle unhandled errors during
action or result processing. Used for logging and custom error pages.
Ensures graceful error handling.
ASP.NET Identity?
+
Framework for user management, roles, claims.
ASP.NET MVC?
+
Model–View–Controller pattern for web applications.
ASP.NET page life cycle?
+
ASP.NET page life cycle defines stages a page goes through when processing.
Key stages: Page Request, Initialization, View State Load, Postback Event
Handling, Rendering, and Unload. Events allow custom logic execution at each
phase. It controls how data is processed and displayed.
ASP.NET Web Forms?
+
Event-driven web framework using drag-and-drop UI.
ASP.NET?
+
A server-side .NET framework for building dynamic websites, APIs, and
enterprise web apps.
ASP.NET?
+
Microsoft’s web framework for building dynamic, high-performance web apps
with MVC, Web API, and WebForms.
Assemblies?
+
Compiled .NET code units containing code, metadata, and manifests (DLL or
EXE) for deploying
Assembly defining MVC:
+
MVC components are defined in System.Web.Mvc.dll.
Assign an alias name for ASP.NET Web API Action?
+
You can use the [ActionName] attribute to give an alias to an action.
Example: [ActionName("GetStudentInfo")]. This helps when method names and
route names need to differ. It's useful for versioning and friendly URLs.
async action method?
+
Action using async/await for non-blocking operations.
Async operations in EF Core?
+
Perform database tasks asynchronously to improve responsiveness and
scalability.Use ToListAsync(), FirstAsync(), etc.
Async programming?
+
Non-blocking programming using async/await.
async/await?
+
Asynchronous programming model avoiding blocking operations.
async/await?
+
Keywords enabling non-blocking asynchronous code execution.
Attribute Routing
+
Defines routes directly on controllers and actions using attributes like
[Route("api/[controller]")].
Attribute-based routing?
+
Routing using attributes above controller/action.
Attributes?
+
Metadata annotations used for declaring properties about code.
authentication and authorization in ASP.NET?
+
Authentication verifies user identity (who they are). Authorization defines
access permissions for authenticated users. ASP.NET supports built-in
security mechanisms. Both ensure secure application access.
Authentication in ASP.NET Core?
+
Process of verifying user identity.
Authentication modes in ASP.NET for security?
+
ASP.NET supports Windows, Forms, Passport, and Anonymous authentication.
Forms authentication is common for web apps. Security is configured in
Web.config. Each mode provides a method to validate users.
Authentication vs Authorization?
+
Authentication verifies identity; authorization verifies access rights.
Authentication?
+
Identifying the user.
authentication?
+
Process of verifying user identity.
Authentication?
+
Verifying user identity.
Authorization Audit Trail?
+
Logs that track authorization decisions.
Authorization Cache?
+
Caching authorization decisions for performance.
Authorization Drift?
+
Outdated or incorrectly configured permissions.
Authorization Filter?
+
Executes before controller actions to enforce permissions.
Authorization Handler?
+
Custom logic to evaluate authorization requirements.
Authorization Pipeline?
+
Sequence of steps evaluating user access.
Authorization Policy?
+
Named group of requirements.
Authorization Requirement?
+
Represents a condition to fulfill authorization.
Authorization Server?
+
Server that issues access tokens.
Authorization types?
+
Role-based, Claim-based, Policy-based, Resource-based.
Authorization?
+
Authorization determines what a user is allowed to access after
authentication.
authorization?
+
Process of verifying user access rights based on roles or claims.
Authorization?
+
Verifies if authenticated user has access rights.
Authorization?
+
Checking user access rights after authentication.
Authorize attribute?
+
Enforces authorization using roles, policies, or claims.
AutoMapper?
+
Object mapping library.
AutoMapper?
+
Library for mapping objects automatically.
Azure App Service?
+
Cloud hosting platform for ASP.NET Core applications.
Azure Key Vault?
+
Secure storage for secrets, keys, and credentials.
B2B Authorization?
+
Authorization in multi-tenant business apps.
B2C Authorization?
+
Authorization in consumer-facing apps.
Backchannel Communication?
+
Secure server-server communication for token exchange.
Background worker coding?
+
Inherit from BackgroundService.
BackgroundService class?
+
Runs long-lived background tasks in .NET apps, e.g., for messaging or
monitoring.
Basic Authentication?
+
Authentication using Base64 encoded username and password.
Basic Authorization?
+
Credentials sent as Base64 encoded username:password.
Bearer Authentication?
+
Token-based authentication mechanism where tokens are sent in request
headers.
Bearer Token?
+
Authorization token sent in Authorization header.
beforeFilter(), beforeRender(), afterFilter():
+
beforeFilter() runs before action, beforeRender() runs before view
rendering, and afterFilter() runs after the response.
Benefits of ASP.NET Core?
+
Cross-platform, Cloud-ready, container friendly, modular, and fast runtime.
Benefits of using MVC:
+
MVC gives separation of concerns, supports testability, clean URLs,
maintainability, and scalability.
Blazor Server and WebAssembly?
+
Server-side rendering vs client-side execution in browser.
Blazor?
+
Framework for building interactive web UIs using C# instead of JavaScript.
Boxing?
+
Converting a value type to an object type.
Build in .NET?
+
Compilation of code into IL.
Bundling and Minification?
+
Improves performance by reducing file sizes and number of requests.
Bundling and Minification?
+
Optimizing CSS and JS for performance.
Cache Tag Helper
+
This helper caches rendered HTML output on the server, improving performance
for static or rarely changing UI sections.
Caching / Response Caching
+
Caching stores output to improve performance and reduce processing. Response
caching stores HTTP responses, improving load time for repeated requests.
Caching in ASP.NET Core?
+
Improves performance by storing frequently accessed data.
Caching in ASP.NET?
+
Technique to store frequently used data for performance.
Caching in ASP.NET?
+
Caching stores frequently accessed data to improve performance using Output,
Data, or Object Caching.It reduces server load, speeds up responses, and is
ideal for static or rarely changing data.
caching?
+
Storing frequently accessed data in memory for faster response.
Can you create an app using both WebForms and
MVC?
+
Yes, it is possible to host both in the same project. MVC can coexist with
WebForms when routing is configured properly. This allows gradual migration.
Both frameworks share the same runtime environment.
Cases where routing is not needed:
+
Routing is unnecessary for requests for static files like images/CSS or for
direct WebForms/WebService calls.
Change Token
+
A Change Token is a notification mechanism used to monitor changes, such as
configuration files or file-based caching. When a change occurs, the token
triggers refresh or rebuild actions.
CI/CD?
+
Automation pipeline for building, testing, and deploying applications.
CI/CD?
+
Continuous Integration and Continuous Deployment pipeline automation.
CIL/IL?
+
Intermediate code that the CLR JIT-compiles into machine code, enabling
language-independence and runtime optimization.
Circuit Breaker?
+
Polly-based approach to handle failing services.
Claim?
+
A user attribute such as name, email, role, or permission.
Claim-Based Authorization?
+
Authorization based on user claims such as email, age, department.
Claims?
+
User-specific attributes like name, id, role.
Claims-based authorization?
+
Authorization using claims stored in user identity.
class is used to return JSON in MVC?
+
JsonResult class is used to return JSON formatted data.
Class library?
+
A project that compiles to reusable DLL.
Client-side validation?
+
Validation executed in browser using JavaScript.
CLR?
+
Common Language Runtime that manages execution, memory, garbage collection,
and security.
CLR?
+
Common Language Runtime executes .NET applications and manages memory,
security, and exceptions.
CLS?
+
Common Language Specification – rules that all .NET languages must follow.
CLS?
+
Common Language Specification defines language rules .NET languages must
follow.
Coarse-Grained Authorization?
+
Role-level access control.
Code behind an Inline Code?
+
Code-behind keeps design and logic separate using external .cs files. Inline
code is written directly inside .aspx pages. Code-behind improves
maintainability and reusability. Inline code is simpler but less structured.
Code First Migration?
+
Approach where database schema is created from C# models.
Column-Level Security?
+
Restricts access to specific columns.
command builds project?
+
dotnet build
command is used to scaffold projects?
+
dotnet new
command restores packages?
+
dotnet restore
command runs app?
+
dotnet run
Concepts of Globalization and Localization in
.NET?
+
Globalization prepares an app to support multiple languages and cultures.
Localization customizes the app for a specific culture using resource files.
ASP.NET uses .resx files for language translation. These features help
create multilingual web applications.
Conditional Access?
+
Authorization based on conditions like location or device.
Configuration / appsettings.json
+
Settings are stored in appsettings.json and accessed using IConfiguration.
Configuration System in .NET Core?
+
Instead of Web.config, .NET Core uses appsettings.json, environment
variables, user secrets, and Azure KeyVault. It supports hierarchical and
strongly typed configuration.
ConfigurationBuilder?
+
ConfigurationBuilder loads settings from multiple sources like JSON, XML,
Azure, or environment variables. It provides flexible app configuration.
Connection Pooling?
+
Reuse of open database connections for performance.
Consent Screen?
+
User approval of requested permissions.
Containerization in ASP.NET Core?
+
Running application inside lightweight containers instead of full VMs.
Content Negotiation?
+
Mechanism to return JSON/XML based on Accept headers.
Content Negotiation?
+
Determines response format (JSON/XML) based on client request headers.
Controller in MVC?
+
Controller handles incoming requests, processes data, and returns responses.
Controller?
+
A controller handles incoming HTTP requests and returns responses such as
JSON, views, or status codes. It follows MVC (Model-View-Controller)
pattern.
ControllerBase?
+
Base class for API controllers (no views).
Convention-based routing?
+
Routing following default predefined conventions.
Cookie vs Token Auth?
+
Cookie is server-based; token is stateless.
Cookie-less Session:
+
When cookies are disabled, session data is tracked using URL rewriting.
Session ID appears in the URL. Helps maintain session without browser
cookies.
Cookies in ASP.NET?
+
Cookies store user data in the browser, such as username or session ID, for
future requests.ASP.NET supports persistent and non-persistent cookies to
enhance personalization and authentication.
CORS?
+
CORS (Cross-Origin Resource Sharing) allows or restricts browser requests
from different origins. ASP.NET Core allows configuring allowed methods,
headers, and domains.
CORS?
+
Security feature controlling which external domains may access server
resources.
CORS?
+
Cross-Origin Resource Sharing that controls external access permissions.
Create .NET Core API project?
+
Use: dotnet new webapi -n MyApi
Cross-page posting in ASP.NET:
+
Cross-page posting allows a form to post data to another page using
PostBackUrl property. The target page can access source page controls using
PreviousPage property. Useful for multi-step forms.
Cross-Platform Compilation?
+
.NET Core/.NET can compile and run on Windows, Linux, or macOS. Developers
can build apps once and run them anywhere.
CRUD API coding question?
+
Implement GET, POST, PUT, DELETE endpoints.
CSRF Protection
+
CSRF attacks force users to perform unintended actions. ASP.NET Core
mitigates it using anti-forgery tokens and validation attributes.
CSRF?
+
Cross-site request forgery attack.
CSRF?
+
Cross-site request forgery where attackers perform unauthorized actions on
behalf of users.
CSRF?
+
Cross-Site Request Forgery attack forcing authenticated users to execute
unwanted actions.
CTS?
+
Common Type System – defines how types are declared and used in .NET.
CTS?
+
Common Type System ensures consistency of data types across all .NET
languages.
Custom Action Filter coding?
+
Extend ActionFilterAttribute.
Custom Exception?
+
User-defined exception class.
Custom Middleware in ASP.NET Core
+
Custom middleware is created by writing a class with an Invoke or
InvokeAsync method that accepts HttpContext. It is registered in the
pipeline using app.Use(). Middleware can modify requests, responses, or pass
control to the next component.
Custom Model Binding
+
Implement IModelBinder and register it using ModelBinderProvider.
Data Annotation?
+
Attribute-based validation such as [Required], [Email], [StringLength].
Data Annotations?
+
Attributes used for validation like [Required], [Email], [StringLength].
Data Binding?
+
Connecting UI elements with data sources.
Data Cache:
+
Data Cache stores frequently used data to improve performance. It supports
expiration policies and dependency-based invalidation. Accessed through
HttpRuntime.Cache.
Data controls available in ASP.NET?
+
ASP.NET provides several data-bound controls like GridView, ListView,
Repeater, DataList, and FormView. These controls display and manipulate
database records. They support sorting, paging, and editing features. They
simplify data presentation.
Data Masking?
+
Hiding sensitive data based on policies.
Data Protection API?
+
Encrypting sensitive data.
Data Seeding?
+
Preloading default or sample data into database.
DbContext?
+
Class managing database connection and entity tracking.
DbSet?
+
Represents a database table.
Default project structure?
+
Minimal hosting model with Program.cs and optional folders for Models,
Controllers, Services.
Default route format?
+
{controller}/{action}/{id}
Define Default Route:
+
The default route is {controller}/{action}/{id} with default values like
Home/Index. It helps map incoming requests automatically.
Define DTO.
+
Data Transfer Object—used to expose safe API models.
Define Filters in MVC.
+
Filters allow custom logic before or after controller actions, such as
authentication, logging, or error handling.
Define Output Caching in MVC.
+
Output caching stores the rendered output of an action to improve
performance and reduce server processing.
Define Scaffolding in MVC:
+
Scaffolding automatically generates CRUD code and views based on the model.
It speeds up development by providing a code structure quickly.
Define the 3 logical layers of MVC?
+
Presentation layer → View Business logic layer → Controller Data layer →
Model
Delegate?
+
Type-safe function pointer.
Delegation?
+
Forwarding user's identity to downstream systems.
DenyAnonymousAuthorization?
+
Policy that allows only authenticated users.
Dependency Injection?
+
Dependency Injection (DI) is a design pattern where dependencies are
injected rather than created internally. .NET Core has built-in DI support.
It improves testability, maintainability, and loose coupling.
dependency injection?
+
A pattern where dependent services are injected rather than created inside a
class.
Dependency Injection?
+
Improves maintainability, testability, and reduces coupling.
Dependency Injection?
+
Injecting required objects rather than creating them inside controller.
Deployment Slot?
+
Environment preview before production deployment, commonly in Azure.
Deployment?
+
Publishing application to server.
Describe application state management in
ASP.NET.
+
Application State stores global data accessible to all sessions. It is
stored in server memory and persists until restart. Useful for shared
counters or configuration data. It reduces repeated data loading.
Describe ASP.NET MVC.
+
It is a lightweight Microsoft framework that follows MVC architecture for
building scalable, testable web applications.
Describe login Controls in ASP.
+
Login controls simplify user authentication. Examples include Login,
LoginView, LoginStatus, PasswordRecovery, and CreateUserWizard. They handle
username validation, password reset, and security membership. They reduce
custom coding effort.
DI (Dependency Injection)?
+
A design pattern where dependencies are provided rather than created inside
a class.
DI Container?
+
Object lifetime and dependency management system.
DI for Controllers
+
ASP.NET Core injects dependencies into controllers via constructor
injection. Services must be registered in ConfigureServices.
DI for Views
+
Views receive dependencies using @inject directive. This helps share
services such as logging or localization.
DifBet .NET Core and .NET Framework?
+
.NET Core is cross-platform and modular; .NET Framework is Windows-only and
monolithic.
DifBet ASP.NET MVC and WebForms?
+
MVC follows separation of concerns and doesn’t use ViewState, while WebForms
uses event-driven model with ViewState.
DifBet Authentication and Authorization?
+
Authentication verifies identity; Authorization verifies permissions.
DifBet Claims and Roles?
+
Role is a type of claim for grouping permissions.
DifBet Code First and DB First in EF?
+
Code First generates DB from classes, Database First generates classes from
DB.
DifBet Dataset and DataReader?
+
Dataset is disconnected; DataReader is connected and forward-only.
DifBet EF and EF Core?
+
EF Core is cross-platform, lightweight, and supports LINQ to SQL.
DifBet EXE and DLL?
+
EXE is an executable process; DLL is a reusable library.
DifBet GET and POST?
+
GET retrieves data; POST submits or modifies server data.
DifBet LINQ to SQL and Entity Framework?
+
LINQ to SQL is limited to SQL Server; EF supports multiple databases.
DifBet PUT and PATCH?
+
PUT replaces entire resource; PATCH updates part of it.
DifBet Razor and ASPX view engine?
+
Razor is cleaner, faster, and uses minimal markup compared to ASPX.
DifBet REST and SOAP?
+
REST is lightweight and stateless using JSON, while SOAP uses XML and is
more structured.
DifBet Role-Based vs Permission-Based?
+
Role groups permissions, permission defines specific capability.
DifBet session and cookies?
+
Cookies store on client browser, sessions store on server.
DifBet Thread and Task?
+
Thread is OS-level entity; Task is a higher-level abstraction.
DifBet Value type and Reference type?
+
Value types stored in stack, reference types stored in heap.
DifBet ViewBag and ViewData?
+
ViewData is dictionary-based; ViewBag uses dynamic properties. Both are
temporary and request-scoped.
DifBet WCF and Web API?
+
WCF supports protocols like TCP/SOAP; Web API is REST-based.
DifBet worker process and app pool?
+
App pool groups worker processes; worker process executes application.
DiffBet 3-tier and MVC?
+
3-tier architecture has Presentation, Business, and Data layers. MVC has
Model, View, and Controller roles for UI pattern.
DiffBet ActionResult and ViewResult.
+
ActionResult is a base type that can return various results.
DiffBet ActionResult and ViewResult?
+
ActionResult is a base class for various result types (JsonResult,
RedirectResult, etc.). ViewResult specifically returns a View. Controller
methods can return either. ActionResult provides flexibility for different
response formats.
DiffBet adding routes in WebForms and MVC.
+
WebForms uses file-based routing whereas MVC uses pattern-based routing.MVC
routing maps URLs directly to controllers and actions.
DiffBet AddTransient, AddScoped, and
AddSingleton?
+
Transient: New instance every request,Scoped: One instance per HTTP
request,Singleton: Same instance for entire application lifetime
DiffBet ASP.NET Core and ASP.NET?
+
Core is cross-platform, lightweight, modular, and faster. Classic ASP.NET is
Windows-only, uses System.Web, and is heavier.
DiffBet ASP.NET MVC 5 and ASP.NET Core MVC?
+
ASP.NET Core MVC is cross-platform, modular, open-source, and integrates Web
API into MVC. MVC 5 works only on Windows and is more monolithic. Core also
uses middleware instead of pipeline handlers.
DiffBet EF Core and EF Framework?
+
EF Core is lightweight, cross-platform, extensible, and faster than EF
Framework. EF Framework supports only .NET Framework and lacks many modern
features like batching, no-tracking queries, and shadow properties.
DiffBet HTTP Handler and HTTP Module:
+
Handlers handle and respond to specific requests directly. Modules work in
the pipeline and intercept requests during processing. Multiple modules can
exist for one request, but only one handler processes it.
DiffBet HttpContext.Current.Items and
HttpContext.Current.Session:
+
Items is used to store data for a single HTTP request and is cleared after
the request ends. Session stores data across multiple requests for the same
user. Items is faster and used for request-level sharing.
DiffBet MVVM and MVC?
+
MVC uses Controller for request handling, View for UI, and Model for data.
MVVM uses ViewModel to handle binding logic between View and Model. MVVM
supports two-way binding, especially in UI frameworks. MVC is better for web
apps, MVVM suits rich UIs.
DiffBet Server.Transfer and Response.Redirect:
+
Server.Transfer transfers execution to another page on the server without
changing the URL. Response.Redirect sends the browser to a new page and
changes the URL. Redirect performs a round trip to the client; Transfer does
not.
DiffBet session and caching:
+
Session stores user-specific data and is used per user. Cache stores
application-wide frequently used data to improve performance. Session
expires when the user ends or times out, while cache expiry depends on
policies like sliding or absolute expiration.
DiffBet TempData, ViewData, and ViewBag?
+
ViewData: Dictionary-based, valid only for current request. ViewBag: Wrapper
around ViewData using dynamic properties. TempData: Persists only for the
next request (used for redirects). 18) What is a partial view in MVC?
DiffBet View and Partial View.
+
A View renders the full UI while a Partial View renders a reusable section
of the UI.
DiffBet View and Partial View?
+
A View renders a complete page layout. A Partial View renders only a portion
of UI. Partial View does not include layout pages by default. Useful for
reusable components.
DiffBet Web API and WCF:
+
Web API is lightweight and designed for RESTful services using HTTP. WCF
supports multiple protocols like HTTP, TCP, and MSMQ. Web API is best for
modern web/mobile services, WCF for enterprise SOA.
DiffBet Web Forms and MVC?
+
MVC is lightweight and testable; Web Forms is event-driven and stateful.
DiffBet WebForms and MVC?
+
WebForms are event-driven and stateful. MVC is lightweight, stateless, and
supports testability. MVC offers full control over HTML. WebForms use
server-side controls and ViewState.
Difference: app.Use vs app.Run?
+
app.Use() allows multiple middlewares; app.Run() terminates the pipeline and
passes no further requests.
Different approaches to implement Ajax in MVC.
+
Using Ajax.BeginForm(), jQuery Ajax(), or Fetch API.
Different properties of MVC routes?
+
Key properties are URL, Defaults, Constraints, and DataTokens.
Different return types used by the controller
action method in MVC?
+
Common return types are ViewResult, JsonResult, RedirectResult,
ContentResult, FileResult, and ActionResult. ActionResult is the base type
for most results.
Different Session state management options
available in ASP.NET?
+
ASP.NET stores user-specific data across requests using InProc, StateServer,
SQL Server, or Custom modes.InProc keeps data in memory, while StateServer
and SQL Server store it externally, all server-side and secure.
Different validators in ASP.NET?
+
Controls like RequiredField, Range, Compare, Regex, Custom, and
ValidationSummary ensure correct input on client and server sides.
Different ways for bundling and minification in
ASP.NET Core?
+
Combine and compress scripts/styles to reduce size and improve performance,
using tools like Webpack or NUglify.
directive reads environment?
+
app.Environment.IsDevelopment()
Directory Service?
+
Stores users, groups, and permissions (AD, LDAP).
Display something in CodeIgniter?
+
Use the controller to load a view. Example:
$this->load->view("welcome_message"); The view outputs content to the
browser. Models supply data if required.
DisplayFor vs EditorFor?
+
DisplayFor shows read-only UI; EditorFor creates editable fields.
DisplayTemplate?
+
Reusable Display UI with @Html.DisplayFor.
distributed cache providers are supported?
+
Redis, SQL Server, NCache.
Distributed Cache?
+
Cache shared across multiple servers (Redis, SQL).
Distributed Tracing?
+
Tracing requests across microservices.
Distributed Tracing?
+
Tracking request flow through microservices with correlation IDs.
do you mean by partial view of MVC?
+
A partial view is a reusable view component used to render partial UI, such
as headers or menus.
Docker in .NET context?
+
Run .NET apps in portable containers for easy deployment, scaling, and
microservices.
Docker?
+
Containerization platform used to package and deploy applications.
Docker?
+
Container platform for packaging and deploying applications.
does MVC represent?
+
Model = business logic/data, View = UI, Controller = handles request and
updates View.
dotnet CLI?
+
Command line interface for building and running .NET applications.
Drawbacks of MVC model:
+
More development complexity, steep learning curve, and requires stronger
knowledge of patterns.
DTO?
+
Data Transfer Object used to transfer lightweight data.
Dynamic Authorization?
+
Real-time decision-based authorization.
Eager Loading?
+
Loads related data via Include().
EditorTemplate?
+
Reusable Editable UI with @Html.EditorFor.
EF Core optimization coding?
+
Use Select, AsNoTracking, Include.
EF Core?
+
Object-relational mapper for .NET Core.
EF Core?
+
Modern lightweight ORM for database access.
EF Migration?
+
Feature to update database schema using version-controlled code.
Enable CORS
+
CORS is configured using services.AddCors() and enabled with app.UseCors().
It allows cross-domain API access.
Enable CORS in API?
+
services.AddCors(); app.UseCors(...);
Enable CORS?
+
Using middleware: app.UseCors()
Enable JWT in API?
+
AddAuthentication().AddJwtBearer(...).
Enable Response Caching?
+
services.AddResponseCaching(); app.UseResponseCaching();
Encapsulation?
+
Bundling data and methods inside a class.
Endpoint Routing?
+
Modern routing system introduced to unify MVC, Razor Pages, and SignalR
routing.
Ensure Web API returns JSON only?
+
Remove XML formatters and keep only JSON formatter in WebApiConfig. Example:
config.Formatters.Remove(config.Formatters.XmlFormatter);. Now the API
always responds in JSON format. Useful for modern REST services.
Enterprise Library:
+
Enterprise Library provides reusable software components like Logging, Data
Access, Validation, and Exception Handling. Helps build enterprise-level
maintainable applications.
Entity Framework?
+
ORM for accessing databases using objects.
Entity Framework?
+
An ORM that maps databases to .NET objects, supporting LINQ, migrations, and
simplified data access.
Entity Framework?
+
ORM framework to interact with database using C# objects.
Environment Variable in ASP.NET Core?
+
External configuration determining environment (Development, Staging,
Production).
Environment Variable?
+
Configuration used to define environment (Development, Staging, Production).
Error handling middleware?
+
Middleware for diagnostics and custom error responses (e.g.,
DeveloperExceptionPage, ExceptionHandler).
Error Handling Strategies
+
Use middleware like UseExceptionHandler, logging, global filters, and status
code pages.
Event?
+
Notification triggered using delegates.
Examples of HTML Helpers?
+
TextBoxFor, DropDownListFor, LabelFor, HiddenFor.
Exception Handling?
+
Mechanism to handle runtime errors using try/catch/finally.
Execute any MVC project?
+
Build the project → Run IIS Express/Local host → Routing selects controller
→ Action returns view → Output is rendered in browser.
Explain ASP.NET Core.
+
It is a cross-platform, open-source framework for building modern web
applications. It provides high performance, modular design, and supports
MVC, Razor Pages, Web APIs, and SignalR.
Explain Dependency Injection.
+
DI provides loose coupling by injecting required services at runtime.
ASP.NET Core has DI support built-in.
Explain in brief the role of different MVC
components.
+
Model manages logic and data. View is responsible for UI.Controller acts as
a bridge processing user requests and returning responses.
Explain Model, View, and Controller in Brief.
+
Model holds application logic and data. View displays data to the user.
Controller handles user input, interacts with Model, and selects the View to
render.
Explain Request Pipeline.
+
Request flows through middleware components configured in Program.cs (pre
.NET 6: Startup.cs) before generating a response.
Explain separation of concern.
+
It divides an application into distinct sections, each responsible for a
single concern, reducing dependency.
Explain some benefits of using MVC.
+
It supports separation of concerns, easy testing, clean code structure, and
supports TDD. It’s extensible and suitable for large applications.
Explain TempData, ViewData, ViewBag.
+
TempData: Stores data temporarily across redirects.
Explain the MVC Application life cycle.
+
It includes: Application Start → Routing → Controller Initialization →
Action Execution → Result Execution → View Rendering → Response sent to
client.
Explicit Allow?
+
Specific rule allows access.
Explicit Deny?
+
Rule that overrides all allows.
Extension Method?
+
Add new methods to existing types without modifying them.
external authentication?
+
Login using Google, Microsoft, Facebook, GitHub providers.
Feature Toggle?
+
Enables or disables features dynamically.
Features of MVC?
+
MVC supports separation of concerns. It promotes testability, flexibility,
and clean architecture. Provides routing, Razor syntax, and built-in
validation. Ideal for large, scalable web applications.
Federation in Authorization?
+
Trust relationship between identity providers and applications.
File extension for Razor views?
+
.cshtml
File extensions for Razor views?
+
Razor views use: .cshtml for C# .vbhtml for VB.NET These files support
inline Razor syntax.
file replaces Web.config in ASP.NET Core?
+
appsettings.json
FileResult?
+
Returns files like PDF, images, or documents.
Filter in MVC?
+
Reusable logic executed before or after action methods.
Filter types?
+
Authorization, Resource, Action, Exception, Result filters.
Filters executed at the end:
+
Result filters are executed at the end, just before and after the view is
rendered.
Filters in ASP.NET Core?
+
Run pre- or post-action logic like validation, logging, caching, or
authorization in controllers.
Filters in MVC Core?
+
Reusable logic executed before or after actions.
Filters?
+
Components to run code before/after actions.
Fine-Grained Authorization?
+
Permission-level control instead of role-level.
FormCollection?
+
Object storing form values submitted by user.
Forms Authentication?
+
User logs in through custom login form.
Framework-Dependent Deployment?
+
App runs on an installed .NET runtime, producing a smaller executable.
Frontchannel Communication?
+
Browser-based token communication.
GAC : Global Assembly Cache?
+
Stores shared .NET assemblies for multiple apps, supporting versioning and
avoiding DLL conflicts.
Garbage Collection (GC)?
+
Automatic memory management that removes unused objects.
Garbage Collection?
+
Automatic memory cleanup of unused objects.
GC generations?
+
Gen 0, Gen 1, Gen 2 used to optimize memory cleanup.
Generic Repository?
+
A reusable data access pattern that works with any entity type to perform
CRUD operations.
GET and POST Action types:
+
GET retrieves data and does not modify state. POST submits data and is used
for creating or updating records.
Global exception handling coding?
+
Create custom exception middleware.
Global Exception Handling?
+
Error handling applied across entire application using middleware.
Global.asax?
+
Application-level events like Start, End, Error.
GridView Control:
+
GridView displays data in a tabular format and supports sorting, paging, and
editing. It binds to data sources like SQL, lists, or datasets. It provides
templates and commands for customization.
gRPC in .NET?
+
High-performance, protocol-buffer-based communication for microservices,
faster than REST.
gRPC?
+
High-performance communication protocol using binary messaging and HTTP/2.
gRPC?
+
High-performance RPC protocol using HTTP/2 for communication.
GZip Compression?
+
Compressing responses to reduce payload size.
Handle 404 in ASP.NET Core?
+
Use middleware such as: app.UseStatusCodePages();
HATEOAS?
+
Responses include links to guide client navigation.
HATEOAS?
+
Hypermedia as Engine of Application State — constraint of REST API.
Health Check Endpoint?
+
Endpoint to verify system status and dependencies.
Health Check endpoint?
+
Used for monitoring health status and dependencies like DB or Redis.
Health Check in .NET Core?
+
Monitor app and dependency status, useful for Kubernetes and cloud
deployments.
Health Checks?
+
Endpoints that report app health.
Host in ASP.NET Core?
+
Manages DI, configuration, logging, and middleware; includes WebHost and
GenericHost.
Host?
+
Host manages app lifetime, DI container, config, and logging. It’s core
runtime container.
Host?
+
Host manages app lifetime, configuration, logging, DI, and environment.
HostedService?
+
Interface for background tasks.
Hot Reload?
+
Hot Reload allows modifying code while the application is running. It
improves productivity by reducing restart time.
Hot Reload?
+
Feature allowing code changes without restarting application.
How authorize multiple roles?
+
[Authorize(Roles=\Admin Manager\")]"
How execute Stored Procedures?
+
Use FromSqlRaw().
How implement Pagination?
+
Use Skip() and Take().
How prevent privilege escalation?
+
Validate authorization checks on every sensitive action.
How prevent SQL Injection?
+
Use parameterized queries and stored procedures.
How register EF Core?
+
services.AddDbContext(options => options.UseSqlServer(...));
How return IActionResult?
+
Use Ok(), NotFound(), BadRequest(), Created().
How Seed Data?
+
Use HasData() inside OnModelCreating().
How upload files?
+
Use IFormFile parameter.
HTML Helper?
+
Methods that generate HTML controls programmatically in views.
HTML server controls in ASP.NET?
+
HTML controls become server controls by adding runat="server". They behave
like programmable server-side objects. They allow event handling and server
processing.
HTTP Handler?
+
An HttpHandler is a component that processes individual HTTP requests. It
acts as an endpoint for file extensions like .aspx, .ashx, .jpg etc. It is
lightweight and best for custom resource generation.
HTTP Logging Middleware?
+
Logs details about incoming requests and responses.
HTTP Status Codes?
+
200 OK, 201 Created, 400 Bad Request, 401 Unauthorized, 404 Not Found, 500
Server Error.
HTTP Verb Mapping?
+
Mapping controller actions to verbs using [HttpGet], [HttpPost], etc.
HTTP Verb?
+
Operations like GET, POST, PUT, DELETE mapped to actions.
HttpClientFactory?
+
Factory pattern to create and manage HttpClient instances.
HttpModule?
+
Windows-only ASP.NET components that handle HTTP request/response events in
the pipeline.
HTTPS Redirection Middleware?
+
Forces application to use secure connection.
HTTPS Redirection?
+
Force HTTPS using app.UseHttpsRedirection().
IActionFilter?
+
Interface for implementing custom filters.
IActionResult?
+
Base interface for different action results.
IActionResult?
+
Base interface for action results in ASP.NET Core MVC.
IAM?
+
Identity and Access Management.
IAuthorizationService?
+
Service to manually invoke authorization programmatically.
IConfiguration?
+
Interface used to access application configuration values.
IConfiguration?
+
Interface used to read configuration data.
Idempotency?
+
Operation that produces the same result when repeated.
Identity Framework?
+
Built-in membership system for authentication and user roles.
Identity Provider (IdP)?
+
Service that authenticates users.
IdentityServer?
+
OAuth2/OpenID Connect framework for authentication and authorization.
IHttpClientFactory?
+
Factory for creating HttpClient instances safely.
IHttpClientFactory?
+
IHttpClientFactory creates and manages HttpClient instances to avoid socket
exhaustion and improve performance in Web API calls.
IHttpClientFactory?
+
ASP.NET Core factory for creating and managing HttpClient instances.
IHttpClientFactory?
+
Factory pattern for creating optimized HttpClient instances.
IHttpContextAccessor?
+
Used to access HTTP context in non-controller classes.
IIS Integration?
+
In Windows hosting, Kestrel works behind IIS. IIS handles SSL, load
balancing, and process management, while Kestrel executes the request
pipeline.
IIS?
+
Web server for hosting ASP.NET apps.
IIS?
+
Internet Information Services — a Windows web server.
ILogger?
+
Logging interface used for tracking application events.
Impersonation?
+
Executing code under another user's identity.
Impersonation?
+
Execute actions under another user's identity.
Implement Ajax in MVC?
+
Using @Ajax.BeginForm() and AjaxOptions. You can call actions asynchronously
using jQuery AJAX. The server returns JSON or partial views. This improves
performance without full page reloads.
Implement MVC Forms authentication:
+
Forms authentication uses login pages, authentication cookies, and
AuthorizeAttribute to protect secured pages.
Implicit Deny?
+
If no rule allows it, access is denied.
Importance of NonActionAttribute?
+
It marks a method in a controller as not an action method. This prevents it
from being executed via URL routing. Useful for helper methods within
controllers. Enhances security and routing control.
Improve API Performance?
+
Caching, AsNoTracking, async queries, efficient queries.
Improve ASP.NET performance:
+
Use caching, compression, output caching, and minimized ViewState. Optimize
SQL queries and enable async processing. Reduce server round trips and
bundling/minifying scripts.
Inheritance?
+
Deriving classes from base classes.
In-memory vs Distributed Cache
+
In-memory caching stores data on the server and is best for single-instance
apps. Distributed caching uses Redis or SQL Server and supports
load-balanced environments.
Interface?
+
Contract specifying methods without implementation.
IOptions pattern?
+
Method to bind strongly-typed settings from configuration to C# classes.
IOptions pattern?
+
Used to map configuration sections to strongly typed classes.
Is ASP.NET Core open source?
+
Yes, it is developed under the .NET Foundation and is fully open source.
Is DI built-in in ASP.NET Core?
+
Yes, ASP.NET Core has built-in DI support.
Is MVC stateless?
+
Yes, MVC follows stateless architecture where every request is independent.
JIT Compiler?
+
Just-In-Time compiler that converts IL code to native machine code.
JIT compiler?
+
Converts IL to native code at runtime, optimizing performance and memory;
types include Pre-JIT, Econo-JIT, Normal-JIT.
JIT compiler?
+
Just-in-Time compiler converts IL code to machine code during runtime.
JSON global config?
+
builder.Services.Configure(...).
JSON Serialization?
+
Converting objects into JSON format for transport or storage.
JSON Serializer used?
+
System.Text.Json (default), with option to use Newtonsoft.Json.
JSON.stringify?
+
Converts JavaScript object into JSON format for ajax posts.
JsonResult?
+
Returns JSON formatted response.
Just-In-Time Access (JIT)?
+
Provide temporary elevated permissions.
JWT Authentication?
+
JWT (JSON Web Token) is a token-based authentication method used in
microservices and APIs. It stores claims and is stateless, meaning no
session storage is required.
JWT creation coding?
+
Use JwtSecurityTokenHandler to generate token.
JWT Token?
+
Stateless token format used for authentication.
JWT?
+
A compact, self-contained token for securely transmitting claims between
parties.
JWT?
+
JSON Web Token for stateless authentication between client and server.
JWT?
+
JSON Web Token used for bearer authentication.
Kerberos?
+
Secure ticket-based authentication protocol.
Kestrel Server?
+
Kestrel is the default lightweight web server in ASP.NET Core. It is fast,
cross-platform, and optimized for high-performance apps.
Kestrel?
+
Cross-platform lightweight web server for ASP.NET Core.
Kestrel?
+
A lightweight, cross-platform web server used by ASP.NET Core applications.
Key DifBet ASP.NET and ASP.NET Core?
+
ASP.NET Core is cross-platform, modular, open-source, and faster compared to
ASP.NET Framework.
Kubernetes?
+
Container orchestration platform used to deploy microservices.
Latest version of ASP.NET Core?
+
The latest stable version of ASP.NET Core (as of December 2025) follows the
latest .NET release: ASP.NET Core 10.0 — shipped with .NET 10 on November
11, 2025.
LaunchSettings.json in ASP.NET Core?
+
This file stores environment and profile settings for the application during
development. It defines the application URL, SSL settings, and environment
variables like ASPNETCORE_ENVIRONMENT. It helps configure debugging profiles
for IIS Express or direct execution.
Layout page?
+
Template defining common design elements such as header and footer.
Layout Page?
+
Master template providing shared UI like header/footer across multiple
views.
Lazy Loading?
+
Loads navigation properties on first access.
Least Privilege Access?
+
Users receive minimal required permissions.
library supports resiliency?
+
Polly.
LINQ?
+
Query syntax integrated into C# to query collections/databases.
LINQ?
+
LINQ (Language Integrated Query) allows querying data from collections,
databases, XML, etc. using C# syntax. It improves code readability and
eliminates SQL string errors.
LINQ?
+
Query syntax for querying data collections, SQL, XML, and EF.
LINQ?
+
Query syntax used to retrieve data from collections or databases.
List HTTP methods.
+
GET, POST, PUT, PATCH, DELETE, OPTIONS.
Load Balancing?
+
Distribute requests across servers.
Load Balancing?
+
Distributing application traffic across multiple servers for performance and
redundancy.
Lock statement?
+
Prevents multiple threads from accessing code simultaneously.
Logging in .NET Core?
+
.NET Core provides built-in logging with providers like Console, Debug,
Serilog, and Application Insights. It helps monitor app behavior and errors.
Logging in ASP.NET Core?
+
Built-in framework to log information using ILogger.
Logging in MVC Core?
+
Capturing application logs via ILogger and providers.
logging providers are supported?
+
Console, Debug, Azure App Insights, Seq, Serilog.
Logging Providers?
+
Serilog, NLog, Seq, Application Insights.
Logging System
+
Built-in support for console, file, Application Insights, SeriLog, etc.
Logging?
+
System to capture and store application logs.
Machine.config?
+
System-wide configuration file for .NET Framework.
Main DiffBet MVC and Web API?
+
MVC is used to return views (HTML) for web applications. Web API is used to
build RESTful services and returns data formats like JSON or XML. MVC is
UI-focused, whereas Web API is service-focused. Web API can be used by
mobile, IoT, and web clients.
Maintain the sessions in MVC?
+
Session can be maintained using Session[], cookies, TempData, ViewBag,
QueryString, and Hidden fields.
Major events in global.aspx?
+
Common events include Application_Start, Session_Start,
Application_BeginRequest, Session_End, and Application_End. These events
manage application life cycle tasks. They handle logging, caching, and
security logic. They execute globally for the entire application.
Managed Code?
+
Code executed under the supervision of CLR.
master pages in ASP.NET?
+
Master pages define a common layout for multiple web pages. Content pages
inherit this layout to maintain consistent UI. They reduce duplication of
HTML code. Common parts like headers, footers, and menus are shared.
Master Pages:
+
Master Pages define a common layout for multiple pages. Content pages fill
placeholders within the master. Useful for consistency and easier
maintenance.
Message Queues?
+
Kafka, RabbitMQ, Azure Service Bus.
Metadata in .NET?
+
Information about types, methods, references stored with assemblies.
Methods of session maintenance in ASP.NET:
+
ASP.NET provides several ways to maintain sessions, including In-Process
(InProc), State Server, SQL Server, and Custom session state providers.
Cookies and cookieless sessions are also used. These mechanisms help store
user-specific data across requests.
MFA?
+
Multi-factor authentication using multiple methods.
Microservices Architecture?
+
Architecture pattern where the application is composed of independent
services.
Microservices architecture?
+
System divided into small loosely coupled services.
Middleware components?
+
Pipeline components that process HTTP requests and responses in sequence.
Middleware Concept
+
Middleware are components processing requests in sequence.
Middleware in ASP.NET Core?
+
Pipeline components that process HTTP requests/responses, e.g.,
authentication, routing, logging, CORS.
Middleware Pipeline?
+
Requests pass through ordered middleware, each handling logic before
forwarding.
Middleware Pipeline?
+
Sequential execution of request-processing components in ASP.NET Core.
Middleware?
+
A pipeline component that processes HTTP requests and responses. it is
lightweight, runs cross-platform, and fully configurable in code.
middleware?
+
Components that process HTTP requests in ASP.NET Core pipeline.
Migration commands?
+
dotnet ef migrations add Name; dotnet ef database update
Migrations?
+
System for applying and tracking database schema changes.
Minification and Bundling used?
+
They reduce file size and combine multiple CSS/JS files to improve
performance.
Minimal API?
+
Define routes using MapGet(), MapPost(), MapPut(), etc.,Lightweight syntax
for defining endpoints without controllers.Lightweight HTTP endpoints with
minimal code, ideal for microservices and prototypes.
Minimal API?
+
Lightweight HTTP API setup introduced in .NET 6 using minimal hosting model.
Mocking Framework?
+
Tools like MOQ used to simulate dependencies during testing.
Mocking?
+
Simulating dependencies using fake objects.
Modal Binding in Razor Pages?
+
Mapping form inputs automatically to page properties.
Model Binder?
+
Maps request data to models automatically.
Model Binding
+
Automatically maps form, query string, and JSON data to model classes.
Model Binding?
+
Maps HTTP request data to C# parameters automatically. Model binding maps
incoming request data to method parameters or model objects automatically.
It simplifies request handling in MVC and Web API.
Model Binding?
+
Automatic mapping of HTTP request data to action method parameters.
Model Binding?
+
Automatic mapping of request data to method parameters or models.
Model Binding?
+
Automatic mapping of HTTP request data to model objects.
Model in MVC?
+
Model represents application data and business logic.
Model Validation
+
Uses Data Annotations and custom validation attributes.
Model Validation?
+
Ensures incoming data meets rules via DataAnnotations.
Model Validation?
+
Ensures input values meet defined requirements before processing.
Model Validation?
+
Ensuring input meets validation rules before processing.
ModelState?
+
Stores the state of model binding and validation errors.
Model-View-Controller?
+
MVC is a design pattern that separates an application into Model, View, and
Controller components.
Monolith Architecture?
+
Single deployable unit with tightly coupled components.
Monolithic architecture?
+
Single deployable unit with tightly-coupled components.
MSIL?
+
Intermediate language generated from .NET code before JIT compilation.
Multicast Delegate?
+
Delegate pointing to multiple methods.
Multiple environments
+
Configured using ASPNETCORE_ENVIRONMENT variable (Dev, Staging, Prod).
MVC Architecture
+
Separates application logic into Model, View, Controller.
MVC Components
+
Model stores data, View displays UI, Controller handles requests.
MVC in AngularJS?
+
AngularJS follows an MVC-like architecture. Model holds data, View
represents the UI, and Controller manages logic. It helps in clear
separation of concerns in client-side apps. Angular automates data binding
between Model and View.
MVC in ASP.NET Core?
+
Model-View-Controller pattern used for web UI and API development.
MVC Page life cycle stages:
+
Stages include Routing, Controller initialization, Action execution, Result
execution, and View rendering.
MVC Routing?
+
Maps URL patterns to controller actions.
MVC works in Spring?
+
Spring MVC uses DispatcherServlet as the front controller. It routes
requests to controllers. Controllers return Model and View data. The
ViewResolver renders the final response.
MVC?
+
A design pattern dividing application logic into Model, View, Controller.
MVC?
+
MVC stands for Model-View-Controller architecture separating UI, data, and
logic.
MVC?
+
MVC (Model-View-Controller) separates business logic, UI, and request
handling into Model, View, and Controller.This improves testability,
maintainability, scalability, and is widely used for modern web
applications.
Name the assembly in which the MVC framework is
typically defined.
+
ASP.NET MVC is mainly defined in the System.Web.Mvc assembly.
Namespace?
+
A container for organizing classes and types.
Navigate from one view to another using a
hyperlink?
+
Use the Html.ActionLink() helper in MVC. Example: @Html.ActionLink("Go to
About", "About", "Home"). This generates an anchor tag with route mapping.
Clicking it redirects to the specified view.
Navigation between views example.
+
Using hyperlink: Go to About.
Navigation techniques:
+
Navigation in ASP.NET uses Hyperlinks, Response.Redirect, Server.Transfer,
Cross-page posting, and Site Navigation controls like Menu and TreeView. It
helps users move between pages.
New features in ASP.NET Core?
+
Dependency Injection built-in, cross-platform, unified MVC+Web API,
lightweight middleware pipeline, and performance improvements.Enhanced
Minimal APIs, improved performance, better real-time support, updated
security, and stronger observability tools.
New in .NET Core 2.1 / ASP.NET Core 2.1?
+
Features include Razor Class Libraries, HTTPS by default, SPA templates,
SignalR support, and GDPR compliance tools. It also introduced global tools,
improved performance, and simplified identity UI.
Non-Repudiation?
+
Ensuring actions cannot be denied by users.
N-Tier architecture?
+
Layers like UI, Business, Data Access.
NTLM?
+
Windows challenge-response authentication protocol.
NuGet?
+
NuGet is the package manager for .NET. Developers use it to download, share,
and manage libraries. It supports dependency resolution and automatic
updates.
NuGet?
+
Package manager for .NET libraries.
Nullable type?
+
Represents value types that can be null.
NUnit/MSTest?
+
Unit testing frameworks for .NET.
OAuth Refresh Token Rotation?
+
Invalidating old refresh token when issuing a new one.
OAuth vs SAML?
+
OAuth is authorization; SAML is authentication using XML.
OAuth?
+
Open standard for secure delegated access.
OAuth2 Authorization Code Flow?
+
Secure flow used by web apps requiring user login.
OAuth2 Client Credentials Flow?
+
Service-to-service authorization.
OAuth2 Implicit Flow?
+
Legacy browser flow not recommended.
OAuth2?
+
Delegated authorization framework for delegated access.
OAuth2?
+
Authorization framework allowing delegated access using tokens.
OOP?
+
Programming model using classes, inheritance, and polymorphism.
OpenID Connect?
+
Authentication layer on top of OAuth2 for user login and identity
management.
OpenID Connect?
+
Authentication layer built on top of OAuth 2.0.
OpenID Connect?
+
Identity layer on top of OAuth 2.0.
OpenID Connect?
+
Identity layer on top of OAuth for login authentication.
Optimistic Concurrency?
+
Use [Timestamp]/RowVersion to prevent data overwrites via row-version
checks.
Options Pattern
+
Used to bind strongly typed classes to configuration sections.
Order of filter execution in MVC
+
Order: 1. Authorization Filters 2. Action Filters 3. Result Filters 4.
Exception Filters Execution occurs in a defined pipeline sequence.
Ordering execution when multiple filters are
used:
+
Filters run in the order: Authorization → Action → Result → Exception
filters. Custom ordering can also be defined using the Order property.
OutputCache?
+
Caching mechanism used in MVC Framework to improve response time.
OWIN and ASP.NET Core
+
OWIN was designed to decouple web servers from web applications. ASP.NET
Core builds on the same lightweight pipeline concept but replaces OWIN with
a more flexible middleware model.
package enables Swagger?
+
Swashbuckle.AspNetCore
Page directives in ASP.NET:
+
Page directives provide configuration and instruction to the compiler.
Examples include @Page, @Import, @Master, and @Control. They define
attributes like language, inheritance, and code-behind file.
Pagination coding question?
+
Implement Skip(), Take(), and metadata.
Pagination in API?
+
Return data with totalCount, pageNo, pageSize.
Partial Class?
+
Split class across multiple files.
Partial view in MVC?
+
A partial view is a reusable piece of UI code. It works like a user control
and avoids code duplication. It is rendered inside another view. Useful for
menus, headers, and reusable content blocks.
Partial View?
+
Reusable view component shared across multiple views.
Partial View?
+
Reusable UI component used in multiple views.
Partial Views
+
Partial views reuse UI sections like menus or forms. They reduce code
duplication and improve maintainability.
Parts of JWT?
+
Header, Payload, Signature.
PBAC?
+
Policy-Based Access Control.
Permission?
+
A specific capability like Read, Write, or Delete.
Permission-Based API Authorization?
+
APIs check user permissions before actions.
PKCE?
+
Enhanced security for mobile and SPA apps.
Points to remember while creating MVC
application?
+
Maintain separation of concerns. Use routing properly for readability. Keep
business logic in the Model or services. Use ViewModels instead of exposing
database models.
Policies in authorization?
+
Reusable authorization rules defined using AddAuthorization.
Policy Decision Point (PDP)?
+
Component that evaluates authorization policy.
Policy Enforcement Point (PEP)?
+
Component that checks access rules.
Policy-Based Authorization?
+
Define custom authorization rules inside AddAuthorization().
Polymorphism?
+
Ability to override methods for different behavior.
Post-Authorization Logging?
+
Record actions taken after authorization.
PostBack property:
+
IsPostBack indicates whether the page is loaded first time or due to a user
action like a button click. It helps avoid re-binding data unnecessarily.
Useful for improving performance.
PostBack?
+
When a page sends data to the server and reloads itself.
Prevent CSRF?
+
Anti-forgery tokens and SameSite cookies.
Prevent SQL Injection?
+
Parameterized queries/EF Core.
Principle of Least Privilege?
+
Users get only required permissions.
Privilege Escalation?
+
Attack where user gains unauthorized permissions.
Privileged Access Management (PAM)?
+
System to monitor and control high-privilege accounts.
Program.cs used for?
+
Defines application bootstrap, host builder, and startup configuration.
Program.cs?
+
Entry point that configures the host, services, and middleware.
Purpose of MVC pattern?
+
To separate concerns and make application maintainable, testable, and
scalable.
Query String in ASP?
+
Query strings pass values through the URL during page requests. They are
used for lightweight data transfer. A query string starts after a ? in the
URL. It is visible to users, so sensitive data should not be stored.
Rate Limiting?
+
Restricting how many requests a client can make.
rate limiting?
+
Controlling request frequency to protect system resources.
Rate Limiting?
+
Controls request frequency to prevent abuse.
Razor Pages in ASP.NET Core?
+
Page-focused ASP.NET Core model with combined view and logic, ideal for CRUD
apps.
Razor Pages?
+
A page-focused ASP.NET Core model where each page has its own UI and logic,
ideal for simpler web apps.
Razor Pages?
+
A page-based framework for building UI similar to MVC but simpler.
Razor Pages?
+
Page-based model alternative to MVC introduced in .NET Core.
Razor View Engine?
+
Syntax for rendering HTML with C# code.
Razor View Engine?
+
Lightweight syntax for writing server-side code inside HTML.
Razor view file extensions:
+
.cshtml (C# Razor) and .vbhtml (VB Razor) are used for Razor views.
Razor?
+
Razor is a templating engine used in ASP.NET MVC and Razor Pages. It
combines C# with HTML to generate dynamic UI. It is lightweight, fast, and
easy to use.
Razor?
+
A markup syntax in ASP.NET for embedding C# into views.
RBAC?
+
Role-Based Access Control.
Real-life example of MVC?
+
A shopping website: Model: Product data View: Product display page
Controller: User actions like Add to Cart They work together to complete
functionality.
RedirectToAction()?
+
Redirects browser to another action or controller.
Redis caching coding?
+
AddStackExchangeRedisCache().
Redis?
+
Fast distributed in-memory caching system.
Redis?
+
In-memory distributed caching system.
Reflection?
+
Inspecting metadata and creating objects dynamically at runtime.
Refresh Token?
+
A long-lived token used to obtain new access tokens without re-login.
Remoting?
+
Legacy communication between .NET applications.
RenderBody vs RenderPage:
+
RenderBody() outputs the content of the child view in layout. RenderPage()
inserts another Razor page inside a view like a partial.
RenderBody() outputs the content of the child
view in layout. RenderPage() inserts another Razor page inside a view like a
partial.
+
Additional Questions
Repository Pattern?
+
Abstraction layer over data access.
Repository Pattern?
+
Abstraction layer separating business logic from data access logic.
Repository Pattern?
+
A pattern separating data access layer from business logic.
Request Delegate?
+
A delegate such as RequestDelegate handles HTTP requests and responses
inside middleware.
Resource Server?
+
API that verifies and uses access tokens.
Resource?
+
A data entity identified by a URI like /users/1.
Resource-Based Authorization?
+
Authorization rules applied based on a specific resource instance.
Response Compression?
+
Compresses HTTP responses using gzip/br or deflate.
Response Compression?
+
Compressing HTTP output for faster response.
REST API?
+
API that adheres to REST principles such as statelessness, resource
identification, caching.
REST?
+
An architectural style using stateless communication over HTTP with
resources.
REST?
+
Representational State Transfer — stateless communication using HTTP verbs.
Retry Policy?
+
Automatic retry logic for failed external calls.
Return PartialView()?
+
Returns only partial content without layout.
Return types of an action method:
+
Returns include ViewResult, JsonResult, RedirectResult, ContentResult,
FileResult, and ActionResult.
Return View()?
+
Returns a full view to the browser.
reverse proxy?
+
Middleware forwarding requests from IIS/Nginx to Kestrel.
Role of ActionFilters in MVC?
+
ActionFilters allow you to run logic before or after an action executes.
They help in cross-cutting concerns like logging, authentication, caching,
and exception handling. Filters can be applied at the controller or method
level. Examples include: Authorize, HandleError, and OutputCache.
Role of Configure() method?
+
Defines the request handling pipeline using middleware like routing,
authentication, static files, etc.
Role of ConfigureServices()
+
Used to register services like DI, EF Core, identity, logging, and custom
services.
Role of IHostingEnvironment?
+
Provides environment-specific info like Development, Production, and
staging.
Role of Middleware
+
Authentication, logging, routing, exception handling.
Role of MVC components:
+
Presentation (View) shows data, Abstraction (Model) handles logic/data,
Control (Controller) manages requests and updates.
Role of MVC in AngularJS?
+
MVC helps structure the application for maintainability. Model stores data,
View displays data using HTML, and Controller updates data. Angular’s
two-way binding keeps Model and View synchronized. It helps in scaling
complex front-end applications.
Role of Startup class?
+
It configures application services via ConfigureServices() and request
pipeline via Configure().
Role of WebHost.CreateDefaultBuilder()?
+
Configures default settings like Kestrel, logging, config, ENV detection.
Role?
+
A named group of permissions.
Role-Based Authorization?
+
Restrict access using roles, e.g., [Authorize(Roles="Admin")].
RouteConfig.cs?
+
Contains registration logic for routing in MVC Framework.
Routes difference in WebForm vs MVC:
+
WebForms use file-based routing, MVC uses pattern-based routing with
controllers and actions.
Routing
+
Maps URLs to controllers and actions using UseRouting() and
MapControllerRoute().
routing and three segments?
+
Routing is the process of mapping incoming URLs to controller actions. The
default pattern contains three segments: {controller}/{action}/{id}. It
helps in SEO-friendly and user-readable URLs.
Routing carried out in MVC?
+
Routing engine matches the URL with route patterns from the RouteConfig and
executes the mapped controller and action.
Routing in MVC?
+
Routing maps URLs to corresponding Controller actions.
routing in MVC?
+
Routing maps incoming URL requests to specific controllers and actions.
Routing is done in the MVC pattern?
+
Routing is handled by a RouteConfig.cs file (or Program.cs in .NET Core).
ASP.NET MVC uses pattern matching to map URLs to controllers. Routes are
registered at application startup. Based on the URL, MVC identifies which
controller and action to execute.
Routing is not required?
+
1. Serving static files (images, CSS, JS). 2. Accessing .axd resource
handlers. Routing bypasses these requests automatically. 31) Features of
MVC?
Routing Types
+
Convention-based routing and attribute routing.
Routing?
+
Matches HTTP requests to endpoints.
routing?
+
Route mapping of URLs to controller actions.
Routing?
+
Mapping incoming URLs to controller actions or endpoints.
Row-Level Security?
+
User can only access specific rows based on rules.
Rules of Razor syntax:
+
Razor starts with @, supports IntelliSense, has clean HTML mixing, and
minimizes closing tags compared to ASPX.
runtime does ASP.NET Core use?
+
.NET 5/6/7/8 (Unified .NET runtime).
Runtime Identifiers (RID)?
+
RID represents the platform where an app runs (e.g., win-x64, linux-arm64).
Used for publishing self-contained apps.
Scaffolding?
+
Automatic generation of CRUD code for model and views.
Scope Creep?
+
Unauthorized expansion of delegated access.
Scope in OAuth2?
+
Defines what access the client is requesting.
Scoped lifetime?
+
Service created once per request.
Scoped lifetime?
+
One instance per HTTP request.
Scoped lifetime?
+
Creates one instance per client request.
Sealed class?
+
Class that cannot be inherited.
Security & Authorization
+
ASP.NET Core uses policies, role-based access, authentication middleware,
and secure coding to protect resources. Best practices include HTTPS, input
validation, and secure tokens.
Self-Authorization Design?
+
User automatically given access to own resources.
Self-Contained Deployment?
+
The app includes its own .NET runtime. It does not require .NET to be
installed on the host machine.
Send JSON result in MVC?
+
Use return Json(object, JsonRequestBehavior.AllowGet);. This serializes the
object into JSON format. Useful in AJAX-based applications. It is commonly
used in API responses.
Separation of Duties?
+
Critical tasks split among multiple users.
Serialization Libraries?
+
System.Text.Json, Newtonsoft.Json.
Serialization?
+
Converting objects to byte streams, JSON, or XML.
Serilog?
+
Third-party structured logging library.
Serverless Computing?
+
Execution model where cloud runs functions without managing servers.
Server-side validation?
+
Validation performed on server during HTTP request processing.
Service Lifetimes
+
Transient, Scoped, Singleton.
Service Lifetimes?
+
Singleton, Scoped, Transient.
Session Fixation?
+
Attack that hijacks a valid session.
Session in MVC Core?
+
Stores user state data server-side while maintaining stateless nature.
Session State Management
+
Uses cookies, TempData, distributed caching, or session middleware.
Session State?
+
Server-side storage for user data.
session?
+
Server-side state management storing user data across requests.
Sessions maintained in MVC?
+
Sessions can be maintained using Session[] variables. Example:
Session["User"] = "John";. ASP.NET uses server-side storage for session
values. Cookies or session identifiers track user session state.
SignalR?
+
SignalR is a .NET library for real-time communication. It supports
WebSockets and used for chat apps, live dashboards, and notifications.
SignalR?
+
Real-time communication framework for push notifications, chat, live
updates.
SignalR?
+
Framework for real-time communication like chat, live updates.
Significance of NonActionAttribute:
+
NonActionAttribute is used in MVC to prevent a public method inside a
controller from being treated as an action method. It tells the framework
not to expose or invoke the method via routing. This is useful for helper or
private logic inside controllers.
Singleton lifetime?
+
Service instance created once for entire application lifetime.
Singleton lifetime?
+
Single instance for the entire application lifecycle.
Singleton lifetime?
+
One instance shared across application lifetime.
Soft Delete in API?
+
Use IsDeleted filter globally.
Soft Delete?
+
Mark record as deleted instead of physically removing.
SOLID?
+
Five design principles: SRP, OCP, LSP, ISP, DIP.
Spring MVC?
+
Spring MVC is a Java-based MVC framework used to build flexible and loosely
coupled web applications.
SQL Injection?
+
Attack using unsafe SQL input.
SQL Injection?
+
Security attack via malicious SQL input.
SSO?
+
Single Sign-On allows login once across multiple apps.
SSO?
+
Single Sign-On allowing one login for multiple applications.
Startup class used for?
+
Configures services and the HTTP request pipeline.
Startup.cs?
+
Startup.cs in ASP.NET Core configures the application’s services and
middleware pipeline. The ConfigureServices method registers services like
dependency injection, database contexts, and authentication. The Configure
method sets up middleware such as routing, error handling, and static files.
It defines how the app responds to HTTP requests during startup.
Startup.cs?
+
File configuring middleware, routing, authentication in MVC Core.
Statelessness?
+
Server stores no client session; each request is independent.
Static Authorization?
+
Predefined access rules.
Static class?
+
Class that cannot be instantiated.
Steps in the execution of an MVC project?
+
Request goes to the Routing Engine, which maps it to a controller and
action. The controller executes the required logic and interacts with the
model. A View is selected and rendered to the browser. Finally, the response
is returned to the client.
stored procedures?
+
Precompiled SQL code stored in the database.
Strong naming?
+
Assigning a unique identity using public/private key pairs.
strongly typed view?
+
A view bound to a specific model class for compile-time validation.
strongly typed view?
+
A view bound to a specific model class using @model keyword.
Strongly Typed Views
+
These views are bound to a model class using @model. They improve
IntelliSense, compile-time safety, and easier data handling.
Swagger/OpenAPI?
+
Tool to document and test REST APIs.
Swagger?
+
Framework to document and test APIs interactively.
Swagger?
+
Documentation and testing tool for APIs.
Swagger?
+
Auto-documentation and testing tool for APIs.
Tag Helper in ASP.NET Core?
+
Tag helpers are server-side components that enable C# code to be used in
HTML elements. They make views cleaner and more readable, especially for
forms, routing, and validation. Examples include asp-controller, asp-route,
and asp-validation-for.
Tag Helper?
+
Server-side helpers to generate HTML in Razor views.
Tag Helper?
+
Server-side components used to generate dynamic HTML.
Tag Helpers?
+
Server-side Razor components that generate HTML in .NET Core MVC.
Task Parallel Library (TPL)?
+
Framework for parallel programming using tasks.
TempData in MVC?
+
TempData stores data temporarily and is used to pass values across requests,
especially during redirects.
TempData used for?
+
Used to pass data across redirects between actions.
TempData: Stores data temporarily across
redirects.
+
ViewData: Key-value store for passing data to view.
TempData?
+
Stores data for one request cycle.
TempData?
+
Stores data temporarily and persists across redirects.
the Base Class Library?
+
Reusable classes for IO, networking, collections, threading, XML, etc.
the DifBet early and late binding?
+
Early binding resolved at compile time, late binding at runtime.
the main components of .NET Framework?
+
CLR, Base Class Library, ASP.NET, ADO.NET, WPF, WCF.
Themes in ASP.NET application?
+
Themes style pages and controls consistently using CSS, skin files, and
images stored in the App_Themes folder;they can be applied via Page
directive, Web.config, or programmatically to maintain a uniform UI design.
Themes in ASP.NET:
+
Themes define the UI look and feel of a web application. They include
styles, skins, and images. Useful for consistent branding across pages.
Threading?
+
Executing multiple tasks concurrently.
Throttling?
+
Controlling request frequency.
Token Authentication?
+
Authentication based on tokens instead of cookies.
Token Binding?
+
Crypto mechanism tying tokens to client devices.
Token Exchange?
+
Exchanging one token for another for different scopes.
Token Introspection?
+
Process of validating token on the Authorization Server.
Token Revocation?
+
Process of invalidating tokens before expiration.
Token-Based Authorization?
+
Access granted via tokens like JWT.
tracing in .NET?
+
Tracing helps debug and analyze runtime behavior. It displays request
details, control hierarchy, and performance info. Tracing can be enabled at
page or application level. It is useful during development for
troubleshooting.
Tracking vs NoTracking?
+
AsNoTracking improves performance for reads.
Transient lifetime?
+
New instance created each time the service is requested.
Transient lifetime?
+
Creates a new instance each time requested.
Transient lifetime?
+
Creates a new instance every time requested.
Two approaches of adding constraints to a route:
+
Constraints can be added using regular expressions or built-in constraint
classes like HttpMethodConstraint.
Two ways to add constraints to a route?
+
1. Using Regular Expressions. 2. Using Parameter Constraints (like int,
guid). They restrict valid route patterns. Helps avoid ambiguity.
Two ways to add constraints:
+
Using Regex constraints or custom constraint classes/interfaces.
Types of ActionResult?
+
ViewResult, JsonResult, RedirectResult, FileResult, PartialViewResult,
ContentResult.
Types of authentication in ASP.NET?
+
Forms, Windows, Passport, Token, Basic.
Types of Caching?
+
In-memory, Distributed, Redis, Response caching.
Types of caching?
+
Output caching, Data caching, Distributed caching.
Types of caching?
+
In-Memory Cache, Distributed Cache, Response Cache.
Types of DI lifetimes?
+
Singleton, Scoped, Transient.
Types of filters?
+
Authorization, Action, Result, and Exception filters.
Types of Filters?
+
Authorization, Action, Result, Exception filters.
Types of JIT?
+
Pre-JIT, Econo-JIT, Normal-JIT.
Types of results in MVC?
+
Common types include: ViewResult JsonResult RedirectResult ContentResult
FileResult Each type corresponds to a different response format.
Types of Routing?
+
Attribute routing, Conventional routing, Minimal API routing.
Types of routing?
+
Convention-based routing and Attribute routing.
Types of Routing?
+
Convention-based and Attribute-based routing.
Types of serialization?
+
Binary, XML, SOAP, JSON.
Unboxing?
+
Extracting value type from object.
Unit of Work Pattern?
+
Manages multiple repositories under a single transaction.
Unit of Work Pattern?
+
Manages multiple repository operations under a single transaction.
Unit of Work Pattern?
+
Manages multiple repository operations under a single transaction.
Unit Testing Controllers
+
Controllers are tested using mock dependencies injected via constructor.
Frameworks like Moq help simulate external services.
Unit Testing in MVC?
+
Testing controllers, models, and logic without running UI.
Unit Testing?
+
Testing individual code components.
Unmanaged Code?
+
Code executed directly by OS outside CLR like C/C++.
URI vs URL?
+
URI identifies a resource; URL locates it.
URL Rewriting Middleware
+
This middleware modifies request URLs before routing. It is useful for SEO
redirects, legacy URL support, and HTTPS enforcement.
Use MVC in JSP?
+
Use Java Beans as Model, JSP as View, and Servlets as Controllers. The
controller receives requests, interacts with the model, and forwards output
to the view. Ensures clean separation of logic. 35) How MVC works in Spring?
Use of ActionFilters in MVC?
+
Action filters execute custom logic before or after Action methods, such as
logging, caching, or authorization.
Use of CheckBox in .NET?
+
A CheckBox allows users to select one or multiple options. It returns
true/false based on user selection. It can trigger events like
CheckedChanged. It is widely used in forms and permissions.
Use of default route {resource}.axd/{*pathinfo}?
+
It is used to ignore requests for Web Resource files. Static resources like
scripts and images are handled separately. Prevents MVC routing from
processing system files. Used mainly for performance optimization.
Use of ng-controller in external files?
+
ng-controller helps load logic defined in a separate JavaScript file. This
separation keeps code modular and manageable. It also promotes reusability
and avoids inline scripts. Used for scalable Angular applications.
Use of UseIISIntegration?
+
Configures the app to work with IIS as a reverse proxy.
Use of ViewModel:
+
A ViewModel holds data required by the view and may combine multiple models.
It improves separation of concerns.
Use repeater control in ASP.NET?
+
Repeater displays repeated data from data sources like SQL or Lists. It
provides full HTML control without predefined layout. Data is bound using
DataBind() method. Ideal for flexible UI formatting.
used to handle an error in MVC?
+
MVC uses Exception Filters, HandleErrorAttribute, custom error pages, and
global filters to handle errors. It also supports logging frameworks for
exception tracking.
Using ASP.NET Core APIs from a Class Library
+
Class libraries can reference ASP.NET Core packages and use dependency
injection to access services. Shared logic like validation or domain models
can be placed in the library for reuse.
Using hyperlink:
+
Go to About
Validation in ASP.NET Core
+
Validation uses data annotations and model binding. It ensures rules are
applied once and reused across views and APIs (DRY principle).
Validation in MVC?
+
Process ensuring user input meets defined rules before saving.
Various JSON files in ASP.NET Core?
+
appsettings.json, launchSettings.json, bundleconfig.json, and
environment-specific config files.
Various steps to create the request object?
+
MVC parses the incoming HTTP request. It identifies route data, initializes
the Controller and Action. Binding occurs to form parameters and then the
request object is passed.
View Component?
+
Reusable rendering component similar to partial views but with logic.
View Engine?
+
Component that renders UI from templates.
View in MVC?
+
View is the UI representation of model data shown to the user.
View Models
+
Custom class containing only data required by the View.
View State?
+
Preserves page and control values across postbacks in ASP.NET WebForms using
a hidden field.
ViewBag?
+
Dynamic data dictionary for passing data from controller to view.
ViewData: Key-value store for passing data to
view.
+
ViewBag: Dynamic wrapper around ViewData.
ViewData?
+
A dictionary-based container to pass data between controller and view.
ViewEngineResult?
+
Represents result of view engine locating view or partial.
ViewEngines?
+
Engines that compile and render views like RazorViewEngine.
ViewImports.cshtml?
+
Registers namespaces, helpers, and tag helpers for Razor views.
ViewModel?
+
A class combining multiple models or additional data required by the view.
ViewStart.cshtml?
+
Executes before every view and sets layout page.
ViewStart?
+
_ViewStart.cshtml runs before each view and sets common settings like
layout. It helps avoid repeating configuration in each view.
ViewState?
+
Mechanism to persist page and control values in Web Forms.
ViewState?
+
A mechanism in ASP.NET WebForms to preserve page and control state across
postbacks.
WCF bindings?
+
Transport protocols like basicHttpBinding, wsHttpBinding.
WCF?
+
Windows Communication Foundation for building service-oriented apps.
Web API in ASP.NET Core?
+
Framework for building RESTful services.
Web API in ASP.NET?
+
ASP.NET Web API is used to build RESTful services. It supports formats like
JSON and XML. It enables communication between client and server
applications. Web API is lightweight and ideal for mobile and SPA
applications.
Web API vs MVC?
+
MVC returns views while Web API returns JSON/XML data.
Web API?
+
Web API is used to build RESTful HTTP services in .NET. It supports JSON,
XML, routing, authentication, and stateless communication.
Web API?
+
A framework for building RESTful services over HTTP in ASP.NET.
Web Farm?
+
Multiple servers hosting the same application.
Web Garden?
+
Multiple worker processes in same application pool.
Web Services in ASP.NET?
+
HTTP-based services using XML/SOAP for cross-platform communication (.asmx
files). They use XML and SOAP protocols for data exchange. They help build
interoperable solutions across platforms. ASP.NET Web Services expose
methods using [.asmx] files.
Web.config file in ASP?
+
Web.config is an XML configuration file for ASP.NET applications. It stores
settings like database connections, security, and session management. It
controls application-level behavior without recompiling code. Multiple
Web.config files can exist for different directories.
Web.config?
+
Configuration file for ASP.NET application.
Web.config?
+
Configuration file for ASP.NET applications in .NET Framework.
Web.config?
+
Configuration file used in .NET MVC Framework applications.
WebListener?
+
A Windows-only web server used when advanced Windows authentication features
are required.
WebParts:
+
WebParts allow building customizable and personalized pages. Users can
rearrange, edit, or hide parts of a page. Useful in dashboards and portal
applications.
WebSocket?
+
Persistent full-duplex communication protocol for real-time applications.
WebSocket?
+
Persistent full-duplex connection used in real-time communication.
Where Startup.cs in ASP.NET Core 6.0?
+
In .NET 6+, minimal hosting model removes Startup.cs. Configuration like
services, routing, and middleware is now placed directly in Program.cs.
Why are API keys less secure?
+
No expiration and easily leaked.
Why choose .NET for development?
+
.NET provides high performance, strong ecosystem, cross-platform support,
built-in DI, cloud readiness, and great tooling like Visual Studio and
GitHub Copilot. It's ideal for enterprise, web, mobile, and microservice
applications.
Why do Access Tokens expire?
+
To reduce security risks and limit exposed lifetime.
Why not store authorization logic in UI?
+
Client-side can be tampered; authorization must be server-side.
Why use ASP.NET Core?
+
Fast, scalable, cloud-ready, open-source, modular design, and ideal for
Microservices and container deployments.
Why validate authorization on every request?
+
To ensure permissions haven't changed.
Windows Authentication?
+
Uses Windows credentials for login.
Windows Authorization?
+
Authorization using Windows identity and AD groups.
Worker Services?
+
Worker Services run background jobs without UI. They are ideal for scheduled
tasks, queue processing, and microservice background jobs.
WPF MVVM Pattern?
+
Model-View-ViewModel for UI separation.
WPF?
+
Windows Presentation Foundation for building rich desktop UIs.
wroot folder in ASP.NET Core?
+
Public web root for static files (CSS, JS, images); files outside are not
directly accessible.
XACML?
+
Authorization standard using XML-based policies.
XAML?
+
Markup language used to define UI elements in WPF.
XSS Prevention
+
XSS occurs when user input is executed as script. ASP.NET Core prevents this
through automatic HTML encoding and validation.
XSS?
+
Cross-site scripting via malicious scripts.
Zero Trust?
+
Always verify identity regardless of network.
.NET (5/6/7/8+)?
+
A unified, cross-platform, high-performance framework for building desktop,
web, mobile, cloud, and IoT apps.
.NET Core?
+
A fast, modular, cross-platform, open-source framework for building modern
cloud and web apps.
.NET Framework?
+
A Windows-only framework with CLR and rich libraries for building desktop
and legacy ASP.NET apps.
.NET Platform Standards?
+
pecifications that ensure shared APIs and cross-platform compatibility
across .NET runtimes.
.NET?
+
A software framework with libraries, runtime, and tools for building
applications.
@Html.AntiForgeryToken()?
+
Token used to prevent CSRF attacks.
3 important segments for routing?
+
Controller name, Action name, and optional Parameter (id).
3-tier focuses on application architecture.
+
MVC focuses on UI interaction and request handling.
ABAC?
+
Attribute-Based Access Control.
Abstract Class vs Interface?
+
Abstract class can have implementation; interface cannot.
Abstraction?
+
Hiding complex implementation details.
Access Control Matrix?
+
Table mapping users/roles to permissions.
Access Review?
+
Periodic review of user permissions.
Access Token Audience?
+
Specifies which API the token is intended for.
Access Token Leakage?
+
Unauthorized party obtains a token.
Access Token?
+
Token used to access protected APIs.
Accessing HttpContext
+
Access HttpContext via dependency injection using IHttpContextAccessor;
controllers/middleware access directly, services via
IHttpContextAccessor.HttpContext.
ACL?
+
Access Control List defining user permissions for a resource.
Action Filter?
+
Code executed before or after controller action execution.
Action Filters?
+
Attributes executed before/after controller actions.
Action Method?
+
A public method inside controller handling client requests.
Action Selector?
+
Attributes like [HttpGet], [HttpPost], [Route].
ActionInvoker?
+
Executes selected MVC action method.
ActionName attribute?
+
Maps method to a different public action name.
ActionResult is a base type that can return
various results.
+
ViewResult specifically returns a View response.
ActionResult?
+
Base type for all responses returned from action methods. A return type in
MVC representing HTTP responses returned from controller actions.
AD Group?
+
A collection of users with shared permissions.
ADO.NET?
+
Data access framework for relational databases.
AdRotator Control:
+
Displays banner ads from an XML file randomly or by weight, supporting URL
redirection for dynamic ad management.
Advantages of ASP.NET?
+
High-performance, secure server-side framework supporting WebForms, MVC, Web
API, caching, authentication, and rapid development.
Advantages of MVC:
+
Provides testability, clean separation, faster development, reusable code,
and SEO-friendly URLs.
Ajax in ASP.NET?
+
Enables asynchronous browser-server communication to update page parts
without full reload, using controls like UpdatePanel and ScriptManager.
AJAX in MVC?
+
Asynchronous calls to server without full page reload.
AllowAnonymous?
+
Attribute used to skip authorization.
ANCM?
+
ASP.NET Core Module enables hosting .NET Core under IIS reverse proxy.
Anti-forgery middleware?
+
Middleware enforcing CSRF protection in .NET Core.
AntiForgeryToken validation attribute?
+
[ValidateAntiForgeryToken] ensures request includes valid token.
AntiXSS?
+
Technique for preventing cross-site scripting.
AOT Compilation?
+
Compiles .NET apps to native code for faster startup and lower memory use.
API Documentation?
+
Swagger/OpenAPI.
API Gateway?
+
Single entry point for routing, auth, rate limiting.
API Key Authentication?
+
Custom header with an API key.
API Key Authorization?
+
Simple authorization using an API key header.
API Versioning Methods?
+
URL, Header, Query, Media Type.
API Versioning?
+
Supporting multiple versions of an API using routes, headers, or query
params.
API Versioning?
+
Supporting multiple API versions to maintain backward compatibility.
ApiController attribute do?
+
Enables auto-validation and improved routing.
App Domain Concept in ASP.NET?
+
AppDomain isolates applications within a web server. It provides security,
reliability, and memory isolation. Each website runs in its own AppDomain.
If one crashes, others remain unaffected.
app.Run vs app.Use?
+
app.Use() continues the pipeline; app.Run() terminates it.
app.UseDeveloperExceptionPage()?
+
Displays detailed errors in development mode.
app.UseExceptionHandler()?
+
Middleware for centralized exception handling.
AppDomain?
+
Isolated region where a .NET application runs.
Application Insights?
+
Azure monitoring platform for performance and telemetry.
Application Model
+
The application model determines how controllers, actions, and routing
behave. It helps apply conventions and filters across the application.
Application Pool in IIS?
+
Worker process isolation unit.
appsettings.json used for?
+
Stores configuration values like connection strings, logging, and custom
settings.
appsettings.json?
+
Primary configuration file in ASP.NET Core.
appsettings.json?
+
Stores key/value settings for the application, commonly used in ASP.NET Core
MVC.
Area in MVC?
+
Module-level grouping for large applications (Admin, Customer, User).
ASP.NET Core host apps without IIS?
+
Yes, it can run standalone using Kestrel.
ASP.NET Core run in Docker?
+
Yes, it supports containerization with official runtime and SDK images.
ASP.NET Core serve static files?
+
By enabling app.UseStaticFiles() and placing files in wwwroot.
ASP.NET Core?
+
A cross-platform, high-performance web framework for APIs, MVC, and
real-time apps.
ASP.NET Core?
+
A cross-platform, high-performance web framework for building modern
cloud-based applications.
ASP.NET filters run at the end?
+
Exception Filters are executed last. They handle unhandled errors during
action or result processing. Used for logging and custom error pages.
Ensures graceful error handling.
ASP.NET Identity?
+
Framework for user management, roles, claims.
ASP.NET MVC?
+
Model–View–Controller pattern for web applications.
ASP.NET page life cycle?
+
ASP.NET page life cycle defines stages a page goes through when processing.
Key stages: Page Request, Initialization, View State Load, Postback Event
Handling, Rendering, and Unload. Events allow custom logic execution at each
phase. It controls how data is processed and displayed.
ASP.NET Web Forms?
+
Event-driven web framework using drag-and-drop UI.
ASP.NET?
+
A server-side .NET framework for building dynamic websites, APIs, and
enterprise web apps.
ASP.NET?
+
Microsoft’s web framework for building dynamic, high-performance web apps
with MVC, Web API, and WebForms.
Assemblies?
+
Compiled .NET code units containing code, metadata, and manifests (DLL or
EXE) for deploying
Assembly defining MVC:
+
MVC components are defined in System.Web.Mvc.dll.
Assign an alias name for ASP.NET Web API Action?
+
You can use the [ActionName] attribute to give an alias to an action.
Example: [ActionName("GetStudentInfo")]. This helps when method names and
route names need to differ. It's useful for versioning and friendly URLs.
async action method?
+
Action using async/await for non-blocking operations.
Async operations in EF Core?
+
Perform database tasks asynchronously to improve responsiveness and
scalability.Use ToListAsync(), FirstAsync(), etc.
Async programming?
+
Non-blocking programming using async/await.
async/await?
+
Asynchronous programming model avoiding blocking operations.
async/await?
+
Keywords enabling non-blocking asynchronous code execution.
Attribute Routing
+
Defines routes directly on controllers and actions using attributes like
[Route("api/[controller]")].
Attribute-based routing?
+
Routing using attributes above controller/action.
Attributes?
+
Metadata annotations used for declaring properties about code.
authentication and authorization in ASP.NET?
+
Authentication verifies user identity (who they are). Authorization defines
access permissions for authenticated users. ASP.NET supports built-in
security mechanisms. Both ensure secure application access.
Authentication in ASP.NET Core?
+
Process of verifying user identity.
Authentication modes in ASP.NET for security?
+
ASP.NET supports Windows, Forms, Passport, and Anonymous authentication.
Forms authentication is common for web apps. Security is configured in
Web.config. Each mode provides a method to validate users.
Authentication vs Authorization?
+
Authentication verifies identity; authorization verifies access rights.
Authentication?
+
Identifying the user.
authentication?
+
Process of verifying user identity.
Authentication?
+
Verifying user identity.
Authorization Audit Trail?
+
Logs that track authorization decisions.
Authorization Cache?
+
Caching authorization decisions for performance.
Authorization Drift?
+
Outdated or incorrectly configured permissions.
Authorization Filter?
+
Executes before controller actions to enforce permissions.
Authorization Handler?
+
Custom logic to evaluate authorization requirements.
Authorization Pipeline?
+
Sequence of steps evaluating user access.
Authorization Policy?
+
Named group of requirements.
Authorization Requirement?
+
Represents a condition to fulfill authorization.
Authorization Server?
+
Server that issues access tokens.
Authorization types?
+
Role-based, Claim-based, Policy-based, Resource-based.
Authorization?
+
Authorization determines what a user is allowed to access after
authentication.
authorization?
+
Process of verifying user access rights based on roles or claims.
Authorization?
+
Verifies if authenticated user has access rights.
Authorization?
+
Checking user access rights after authentication.
Authorize attribute?
+
Enforces authorization using roles, policies, or claims.
AutoMapper?
+
Object mapping library.
AutoMapper?
+
Library for mapping objects automatically.
Azure App Service?
+
Cloud hosting platform for ASP.NET Core applications.
Azure Key Vault?
+
Secure storage for secrets, keys, and credentials.
B2B Authorization?
+
Authorization in multi-tenant business apps.
B2C Authorization?
+
Authorization in consumer-facing apps.
Backchannel Communication?
+
Secure server-server communication for token exchange.
Background worker coding?
+
Inherit from BackgroundService.
BackgroundService class?
+
Runs long-lived background tasks in .NET apps, e.g., for messaging or
monitoring.
Basic Authentication?
+
Authentication using Base64 encoded username and password.
Basic Authorization?
+
Credentials sent as Base64 encoded username:password.
Bearer Authentication?
+
Token-based authentication mechanism where tokens are sent in request
headers.
Bearer Token?
+
Authorization token sent in Authorization header.
beforeFilter(), beforeRender(), afterFilter():
+
beforeFilter() runs before action, beforeRender() runs before view
rendering, and afterFilter() runs after the response.
Benefits of ASP.NET Core?
+
Cross-platform, Cloud-ready, container friendly, modular, and fast runtime.
Benefits of using MVC:
+
MVC gives separation of concerns, supports testability, clean URLs,
maintainability, and scalability.
Blazor Server and WebAssembly?
+
Server-side rendering vs client-side execution in browser.
Blazor?
+
Framework for building interactive web UIs using C# instead of JavaScript.
Boxing?
+
Converting a value type to an object type.
Build in .NET?
+
Compilation of code into IL.
Bundling and Minification?
+
Improves performance by reducing file sizes and number of requests.
Bundling and Minification?
+
Optimizing CSS and JS for performance.
Cache Tag Helper
+
This helper caches rendered HTML output on the server, improving performance
for static or rarely changing UI sections.
Caching / Response Caching
+
Caching stores output to improve performance and reduce processing. Response
caching stores HTTP responses, improving load time for repeated requests.
Caching in ASP.NET Core?
+
Improves performance by storing frequently accessed data.
Caching in ASP.NET?
+
Technique to store frequently used data for performance.
Caching in ASP.NET?
+
Caching stores frequently accessed data to improve performance using Output,
Data, or Object Caching.It reduces server load, speeds up responses, and is
ideal for static or rarely changing data.
caching?
+
Storing frequently accessed data in memory for faster response.
Can you create an app using both WebForms and
MVC?
+
Yes, it is possible to host both in the same project. MVC can coexist with
WebForms when routing is configured properly. This allows gradual migration.
Both frameworks share the same runtime environment.
Cases where routing is not needed:
+
Routing is unnecessary for requests for static files like images/CSS or for
direct WebForms/WebService calls.
Change Token
+
A Change Token is a notification mechanism used to monitor changes, such as
configuration files or file-based caching. When a change occurs, the token
triggers refresh or rebuild actions.
CI/CD?
+
Automation pipeline for building, testing, and deploying applications.
CI/CD?
+
Continuous Integration and Continuous Deployment pipeline automation.
CIL/IL?
+
Intermediate code that the CLR JIT-compiles into machine code, enabling
language-independence and runtime optimization.
Circuit Breaker?
+
Polly-based approach to handle failing services.
Claim?
+
A user attribute such as name, email, role, or permission.
Claim-Based Authorization?
+
Authorization based on user claims such as email, age, department.
Claims?
+
User-specific attributes like name, id, role.
Claims-based authorization?
+
Authorization using claims stored in user identity.
class is used to return JSON in MVC?
+
JsonResult class is used to return JSON formatted data.
Class library?
+
A project that compiles to reusable DLL.
Client-side validation?
+
Validation executed in browser using JavaScript.
CLR?
+
Common Language Runtime that manages execution, memory, garbage collection,
and security.
CLR?
+
Common Language Runtime executes .NET applications and manages memory,
security, and exceptions.
CLS?
+
Common Language Specification – rules that all .NET languages must follow.
CLS?
+
Common Language Specification defines language rules .NET languages must
follow.
Coarse-Grained Authorization?
+
Role-level access control.
Code behind an Inline Code?
+
Code-behind keeps design and logic separate using external .cs files. Inline
code is written directly inside .aspx pages. Code-behind improves
maintainability and reusability. Inline code is simpler but less structured.
Code First Migration?
+
Approach where database schema is created from C# models.
Column-Level Security?
+
Restricts access to specific columns.
command builds project?
+
dotnet build
command is used to scaffold projects?
+
dotnet new
command restores packages?
+
dotnet restore
command runs app?
+
dotnet run
Concepts of Globalization and Localization in
.NET?
+
Globalization prepares an app to support multiple languages and cultures.
Localization customizes the app for a specific culture using resource files.
ASP.NET uses .resx files for language translation. These features help
create multilingual web applications.
Conditional Access?
+
Authorization based on conditions like location or device.
Configuration / appsettings.json
+
Settings are stored in appsettings.json and accessed using IConfiguration.
Configuration System in .NET Core?
+
Instead of Web.config, .NET Core uses appsettings.json, environment
variables, user secrets, and Azure KeyVault. It supports hierarchical and
strongly typed configuration.
ConfigurationBuilder?
+
ConfigurationBuilder loads settings from multiple sources like JSON, XML,
Azure, or environment variables. It provides flexible app configuration.
Connection Pooling?
+
Reuse of open database connections for performance.
Consent Screen?
+
User approval of requested permissions.
Containerization in ASP.NET Core?
+
Running application inside lightweight containers instead of full VMs.
Content Negotiation?
+
Mechanism to return JSON/XML based on Accept headers.
Content Negotiation?
+
Determines response format (JSON/XML) based on client request headers.
Controller in MVC?
+
Controller handles incoming requests, processes data, and returns responses.
Controller?
+
A controller handles incoming HTTP requests and returns responses such as
JSON, views, or status codes. It follows MVC (Model-View-Controller)
pattern.
ControllerBase?
+
Base class for API controllers (no views).
Convention-based routing?
+
Routing following default predefined conventions.
Cookie vs Token Auth?
+
Cookie is server-based; token is stateless.
Cookie-less Session:
+
When cookies are disabled, session data is tracked using URL rewriting.
Session ID appears in the URL. Helps maintain session without browser
cookies.
Cookies in ASP.NET?
+
Cookies store user data in the browser, such as username or session ID, for
future requests.ASP.NET supports persistent and non-persistent cookies to
enhance personalization and authentication.
CORS?
+
CORS (Cross-Origin Resource Sharing) allows or restricts browser requests
from different origins. ASP.NET Core allows configuring allowed methods,
headers, and domains.
CORS?
+
Security feature controlling which external domains may access server
resources.
CORS?
+
Cross-Origin Resource Sharing that controls external access permissions.
Create .NET Core API project?
+
Use: dotnet new webapi -n MyApi
Cross-page posting in ASP.NET:
+
Cross-page posting allows a form to post data to another page using
PostBackUrl property. The target page can access source page controls using
PreviousPage property. Useful for multi-step forms.
Cross-Platform Compilation?
+
.NET Core/.NET can compile and run on Windows, Linux, or macOS. Developers
can build apps once and run them anywhere.
CRUD API coding question?
+
Implement GET, POST, PUT, DELETE endpoints.
CSRF Protection
+
CSRF attacks force users to perform unintended actions. ASP.NET Core
mitigates it using anti-forgery tokens and validation attributes.
CSRF?
+
Cross-site request forgery attack.
CSRF?
+
Cross-site request forgery where attackers perform unauthorized actions on
behalf of users.
CSRF?
+
Cross-Site Request Forgery attack forcing authenticated users to execute
unwanted actions.
CTS?
+
Common Type System – defines how types are declared and used in .NET.
CTS?
+
Common Type System ensures consistency of data types across all .NET
languages.
Custom Action Filter coding?
+
Extend ActionFilterAttribute.
Custom Exception?
+
User-defined exception class.
Custom Middleware in ASP.NET Core
+
Custom middleware is created by writing a class with an Invoke or
InvokeAsync method that accepts HttpContext. It is registered in the
pipeline using app.Use(). Middleware can modify requests, responses, or pass
control to the next component.
Custom Model Binding
+
Implement IModelBinder and register it using ModelBinderProvider.
Data Annotation?
+
Attribute-based validation such as [Required], [Email], [StringLength].
Data Annotations?
+
Attributes used for validation like [Required], [Email], [StringLength].
Data Binding?
+
Connecting UI elements with data sources.
Data Cache:
+
Data Cache stores frequently used data to improve performance. It supports
expiration policies and dependency-based invalidation. Accessed through
HttpRuntime.Cache.
Data controls available in ASP.NET?
+
ASP.NET provides several data-bound controls like GridView, ListView,
Repeater, DataList, and FormView. These controls display and manipulate
database records. They support sorting, paging, and editing features. They
simplify data presentation.
Data Masking?
+
Hiding sensitive data based on policies.
Data Protection API?
+
Encrypting sensitive data.
Data Seeding?
+
Preloading default or sample data into database.
DbContext?
+
Class managing database connection and entity tracking.
DbSet?
+
Represents a database table.
Default project structure?
+
Minimal hosting model with Program.cs and optional folders for Models,
Controllers, Services.
Default route format?
+
{controller}/{action}/{id}
Define Default Route:
+
The default route is {controller}/{action}/{id} with default values like
Home/Index. It helps map incoming requests automatically.
Define DTO.
+
Data Transfer Object—used to expose safe API models.
Define Filters in MVC.
+
Filters allow custom logic before or after controller actions, such as
authentication, logging, or error handling.
Define Output Caching in MVC.
+
Output caching stores the rendered output of an action to improve
performance and reduce server processing.
Define Scaffolding in MVC:
+
Scaffolding automatically generates CRUD code and views based on the model.
It speeds up development by providing a code structure quickly.
Define the 3 logical layers of MVC?
+
Presentation layer → View Business logic layer → Controller Data layer →
Model
Delegate?
+
Type-safe function pointer.
Delegation?
+
Forwarding user's identity to downstream systems.
DenyAnonymousAuthorization?
+
Policy that allows only authenticated users.
Dependency Injection?
+
Dependency Injection (DI) is a design pattern where dependencies are
injected rather than created internally. .NET Core has built-in DI support.
It improves testability, maintainability, and loose coupling.
dependency injection?
+
A pattern where dependent services are injected rather than created inside a
class.
Dependency Injection?
+
Improves maintainability, testability, and reduces coupling.
Dependency Injection?
+
Injecting required objects rather than creating them inside controller.
Deployment Slot?
+
Environment preview before production deployment, commonly in Azure.
Deployment?
+
Publishing application to server.
Describe application state management in
ASP.NET.
+
Application State stores global data accessible to all sessions. It is
stored in server memory and persists until restart. Useful for shared
counters or configuration data. It reduces repeated data loading.
Describe ASP.NET MVC.
+
It is a lightweight Microsoft framework that follows MVC architecture for
building scalable, testable web applications.
Describe login Controls in ASP.
+
Login controls simplify user authentication. Examples include Login,
LoginView, LoginStatus, PasswordRecovery, and CreateUserWizard. They handle
username validation, password reset, and security membership. They reduce
custom coding effort.
DI (Dependency Injection)?
+
A design pattern where dependencies are provided rather than created inside
a class.
DI Container?
+
Object lifetime and dependency management system.
DI for Controllers
+
ASP.NET Core injects dependencies into controllers via constructor
injection. Services must be registered in ConfigureServices.
DI for Views
+
Views receive dependencies using @inject directive. This helps share
services such as logging or localization.
DifBet .NET Core and .NET Framework?
+
.NET Core is cross-platform and modular; .NET Framework is Windows-only and
monolithic.
DifBet ASP.NET MVC and WebForms?
+
MVC follows separation of concerns and doesn’t use ViewState, while WebForms
uses event-driven model with ViewState.
DifBet Authentication and Authorization?
+
Authentication verifies identity; Authorization verifies permissions.
DifBet Claims and Roles?
+
Role is a type of claim for grouping permissions.
DifBet Code First and DB First in EF?
+
Code First generates DB from classes, Database First generates classes from
DB.
DifBet Dataset and DataReader?
+
Dataset is disconnected; DataReader is connected and forward-only.
DifBet EF and EF Core?
+
EF Core is cross-platform, lightweight, and supports LINQ to SQL.
DifBet EXE and DLL?
+
EXE is an executable process; DLL is a reusable library.
DifBet GET and POST?
+
GET retrieves data; POST submits or modifies server data.
DifBet LINQ to SQL and Entity Framework?
+
LINQ to SQL is limited to SQL Server; EF supports multiple databases.
DifBet PUT and PATCH?
+
PUT replaces entire resource; PATCH updates part of it.
DifBet Razor and ASPX view engine?
+
Razor is cleaner, faster, and uses minimal markup compared to ASPX.
DifBet REST and SOAP?
+
REST is lightweight and stateless using JSON, while SOAP uses XML and is
more structured.
DifBet Role-Based vs Permission-Based?
+
Role groups permissions, permission defines specific capability.
DifBet session and cookies?
+
Cookies store on client browser, sessions store on server.
DifBet Thread and Task?
+
Thread is OS-level entity; Task is a higher-level abstraction.
DifBet Value type and Reference type?
+
Value types stored in stack, reference types stored in heap.
DifBet ViewBag and ViewData?
+
ViewData is dictionary-based; ViewBag uses dynamic properties. Both are
temporary and request-scoped.
DifBet WCF and Web API?
+
WCF supports protocols like TCP/SOAP; Web API is REST-based.
DifBet worker process and app pool?
+
App pool groups worker processes; worker process executes application.
DiffBet 3-tier and MVC?
+
3-tier architecture has Presentation, Business, and Data layers. MVC has
Model, View, and Controller roles for UI pattern.
DiffBet ActionResult and ViewResult.
+
ActionResult is a base type that can return various results.
DiffBet ActionResult and ViewResult?
+
ActionResult is a base class for various result types (JsonResult,
RedirectResult, etc.). ViewResult specifically returns a View. Controller
methods can return either. ActionResult provides flexibility for different
response formats.
DiffBet adding routes in WebForms and MVC.
+
WebForms uses file-based routing whereas MVC uses pattern-based routing.MVC
routing maps URLs directly to controllers and actions.
DiffBet AddTransient, AddScoped, and
AddSingleton?
+
Transient: New instance every request,Scoped: One instance per HTTP
request,Singleton: Same instance for entire application lifetime
DiffBet ASP.NET Core and ASP.NET?
+
Core is cross-platform, lightweight, modular, and faster. Classic ASP.NET is
Windows-only, uses System.Web, and is heavier.
DiffBet ASP.NET MVC 5 and ASP.NET Core MVC?
+
ASP.NET Core MVC is cross-platform, modular, open-source, and integrates Web
API into MVC. MVC 5 works only on Windows and is more monolithic. Core also
uses middleware instead of pipeline handlers.
DiffBet EF Core and EF Framework?
+
EF Core is lightweight, cross-platform, extensible, and faster than EF
Framework. EF Framework supports only .NET Framework and lacks many modern
features like batching, no-tracking queries, and shadow properties.
DiffBet HTTP Handler and HTTP Module:
+
Handlers handle and respond to specific requests directly. Modules work in
the pipeline and intercept requests during processing. Multiple modules can
exist for one request, but only one handler processes it.
DiffBet HttpContext.Current.Items and
HttpContext.Current.Session:
+
Items is used to store data for a single HTTP request and is cleared after
the request ends. Session stores data across multiple requests for the same
user. Items is faster and used for request-level sharing.
DiffBet MVVM and MVC?
+
MVC uses Controller for request handling, View for UI, and Model for data.
MVVM uses ViewModel to handle binding logic between View and Model. MVVM
supports two-way binding, especially in UI frameworks. MVC is better for web
apps, MVVM suits rich UIs.
DiffBet Server.Transfer and Response.Redirect:
+
Server.Transfer transfers execution to another page on the server without
changing the URL. Response.Redirect sends the browser to a new page and
changes the URL. Redirect performs a round trip to the client; Transfer does
not.
DiffBet session and caching:
+
Session stores user-specific data and is used per user. Cache stores
application-wide frequently used data to improve performance. Session
expires when the user ends or times out, while cache expiry depends on
policies like sliding or absolute expiration.
DiffBet TempData, ViewData, and ViewBag?
+
ViewData: Dictionary-based, valid only for current request. ViewBag: Wrapper
around ViewData using dynamic properties. TempData: Persists only for the
next request (used for redirects). 18) What is a partial view in MVC?
DiffBet View and Partial View.
+
A View renders the full UI while a Partial View renders a reusable section
of the UI.
DiffBet View and Partial View?
+
A View renders a complete page layout. A Partial View renders only a portion
of UI. Partial View does not include layout pages by default. Useful for
reusable components.
DiffBet Web API and WCF:
+
Web API is lightweight and designed for RESTful services using HTTP. WCF
supports multiple protocols like HTTP, TCP, and MSMQ. Web API is best for
modern web/mobile services, WCF for enterprise SOA.
DiffBet Web Forms and MVC?
+
MVC is lightweight and testable; Web Forms is event-driven and stateful.
DiffBet WebForms and MVC?
+
WebForms are event-driven and stateful. MVC is lightweight, stateless, and
supports testability. MVC offers full control over HTML. WebForms use
server-side controls and ViewState.
Difference: app.Use vs app.Run?
+
app.Use() allows multiple middlewares; app.Run() terminates the pipeline and
passes no further requests.
Different approaches to implement Ajax in MVC.
+
Using Ajax.BeginForm(), jQuery Ajax(), or Fetch API.
Different properties of MVC routes?
+
Key properties are URL, Defaults, Constraints, and DataTokens.
Different return types used by the controller
action method in MVC?
+
Common return types are ViewResult, JsonResult, RedirectResult,
ContentResult, FileResult, and ActionResult. ActionResult is the base type
for most results.
Different Session state management options
available in ASP.NET?
+
ASP.NET stores user-specific data across requests using InProc, StateServer,
SQL Server, or Custom modes.InProc keeps data in memory, while StateServer
and SQL Server store it externally, all server-side and secure.
Different validators in ASP.NET?
+
Controls like RequiredField, Range, Compare, Regex, Custom, and
ValidationSummary ensure correct input on client and server sides.
Different ways for bundling and minification in
ASP.NET Core?
+
Combine and compress scripts/styles to reduce size and improve performance,
using tools like Webpack or NUglify.
directive reads environment?
+
app.Environment.IsDevelopment()
Directory Service?
+
Stores users, groups, and permissions (AD, LDAP).
Display something in CodeIgniter?
+
Use the controller to load a view. Example:
$this->load->view("welcome_message"); The view outputs content to the
browser. Models supply data if required.
DisplayFor vs EditorFor?
+
DisplayFor shows read-only UI; EditorFor creates editable fields.
DisplayTemplate?
+
Reusable Display UI with @Html.DisplayFor.
distributed cache providers are supported?
+
Redis, SQL Server, NCache.
Distributed Cache?
+
Cache shared across multiple servers (Redis, SQL).
Distributed Tracing?
+
Tracing requests across microservices.
Distributed Tracing?
+
Tracking request flow through microservices with correlation IDs.
do you mean by partial view of MVC?
+
A partial view is a reusable view component used to render partial UI, such
as headers or menus.
Docker in .NET context?
+
Run .NET apps in portable containers for easy deployment, scaling, and
microservices.
Docker?
+
Containerization platform used to package and deploy applications.
Docker?
+
Container platform for packaging and deploying applications.
does MVC represent?
+
Model = business logic/data, View = UI, Controller = handles request and
updates View.
dotnet CLI?
+
Command line interface for building and running .NET applications.
Drawbacks of MVC model:
+
More development complexity, steep learning curve, and requires stronger
knowledge of patterns.
DTO?
+
Data Transfer Object used to transfer lightweight data.
Dynamic Authorization?
+
Real-time decision-based authorization.
Eager Loading?
+
Loads related data via Include().
EditorTemplate?
+
Reusable Editable UI with @Html.EditorFor.
EF Core optimization coding?
+
Use Select, AsNoTracking, Include.
EF Core?
+
Object-relational mapper for .NET Core.
EF Core?
+
Modern lightweight ORM for database access.
EF Migration?
+
Feature to update database schema using version-controlled code.
Enable CORS
+
CORS is configured using services.AddCors() and enabled with app.UseCors().
It allows cross-domain API access.
Enable CORS in API?
+
services.AddCors(); app.UseCors(...);
Enable CORS?
+
Using middleware: app.UseCors()
Enable JWT in API?
+
AddAuthentication().AddJwtBearer(...).
Enable Response Caching?
+
services.AddResponseCaching(); app.UseResponseCaching();
Encapsulation?
+
Bundling data and methods inside a class.
Endpoint Routing?
+
Modern routing system introduced to unify MVC, Razor Pages, and SignalR
routing.
Ensure Web API returns JSON only?
+
Remove XML formatters and keep only JSON formatter in WebApiConfig. Example:
config.Formatters.Remove(config.Formatters.XmlFormatter);. Now the API
always responds in JSON format. Useful for modern REST services.
Enterprise Library:
+
Enterprise Library provides reusable software components like Logging, Data
Access, Validation, and Exception Handling. Helps build enterprise-level
maintainable applications.
Entity Framework?
+
ORM for accessing databases using objects.
Entity Framework?
+
An ORM that maps databases to .NET objects, supporting LINQ, migrations, and
simplified data access.
Entity Framework?
+
ORM framework to interact with database using C# objects.
Environment Variable in ASP.NET Core?
+
External configuration determining environment (Development, Staging,
Production).
Environment Variable?
+
Configuration used to define environment (Development, Staging, Production).
Error handling middleware?
+
Middleware for diagnostics and custom error responses (e.g.,
DeveloperExceptionPage, ExceptionHandler).
Error Handling Strategies
+
Use middleware like UseExceptionHandler, logging, global filters, and status
code pages.
Event?
+
Notification triggered using delegates.
Examples of HTML Helpers?
+
TextBoxFor, DropDownListFor, LabelFor, HiddenFor.
Exception Handling?
+
Mechanism to handle runtime errors using try/catch/finally.
Execute any MVC project?
+
Build the project → Run IIS Express/Local host → Routing selects controller
→ Action returns view → Output is rendered in browser.
Explain ASP.NET Core.
+
It is a cross-platform, open-source framework for building modern web
applications. It provides high performance, modular design, and supports
MVC, Razor Pages, Web APIs, and SignalR.
Explain Dependency Injection.
+
DI provides loose coupling by injecting required services at runtime.
ASP.NET Core has DI support built-in.
Explain in brief the role of different MVC
components.
+
Model manages logic and data. View is responsible for UI.Controller acts as
a bridge processing user requests and returning responses.
Explain Model, View, and Controller in Brief.
+
Model holds application logic and data. View displays data to the user.
Controller handles user input, interacts with Model, and selects the View to
render.
Explain Request Pipeline.
+
Request flows through middleware components configured in Program.cs (pre
.NET 6: Startup.cs) before generating a response.
Explain separation of concern.
+
It divides an application into distinct sections, each responsible for a
single concern, reducing dependency.
Explain some benefits of using MVC.
+
It supports separation of concerns, easy testing, clean code structure, and
supports TDD. It’s extensible and suitable for large applications.
Explain TempData, ViewData, ViewBag.
+
TempData: Stores data temporarily across redirects.
Explain the MVC Application life cycle.
+
It includes: Application Start → Routing → Controller Initialization →
Action Execution → Result Execution → View Rendering → Response sent to
client.
Explicit Allow?
+
Specific rule allows access.
Explicit Deny?
+
Rule that overrides all allows.
Extension Method?
+
Add new methods to existing types without modifying them.
external authentication?
+
Login using Google, Microsoft, Facebook, GitHub providers.
Feature Toggle?
+
Enables or disables features dynamically.
Features of MVC?
+
MVC supports separation of concerns. It promotes testability, flexibility,
and clean architecture. Provides routing, Razor syntax, and built-in
validation. Ideal for large, scalable web applications.
Federation in Authorization?
+
Trust relationship between identity providers and applications.
File extension for Razor views?
+
.cshtml
File extensions for Razor views?
+
Razor views use: .cshtml for C# .vbhtml for VB.NET These files support
inline Razor syntax.
file replaces Web.config in ASP.NET Core?
+
appsettings.json
FileResult?
+
Returns files like PDF, images, or documents.
Filter in MVC?
+
Reusable logic executed before or after action methods.
Filter types?
+
Authorization, Resource, Action, Exception, Result filters.
Filters executed at the end:
+
Result filters are executed at the end, just before and after the view is
rendered.
Filters in ASP.NET Core?
+
Run pre- or post-action logic like validation, logging, caching, or
authorization in controllers.
Filters in MVC Core?
+
Reusable logic executed before or after actions.
Filters?
+
Components to run code before/after actions.
Fine-Grained Authorization?
+
Permission-level control instead of role-level.
FormCollection?
+
Object storing form values submitted by user.
Forms Authentication?
+
User logs in through custom login form.
Framework-Dependent Deployment?
+
App runs on an installed .NET runtime, producing a smaller executable.
Frontchannel Communication?
+
Browser-based token communication.
GAC : Global Assembly Cache?
+
Stores shared .NET assemblies for multiple apps, supporting versioning and
avoiding DLL conflicts.
Garbage Collection (GC)?
+
Automatic memory management that removes unused objects.
Garbage Collection?
+
Automatic memory cleanup of unused objects.
GC generations?
+
Gen 0, Gen 1, Gen 2 used to optimize memory cleanup.
Generic Repository?
+
A reusable data access pattern that works with any entity type to perform
CRUD operations.
GET and POST Action types:
+
GET retrieves data and does not modify state. POST submits data and is used
for creating or updating records.
Global exception handling coding?
+
Create custom exception middleware.
Global Exception Handling?
+
Error handling applied across entire application using middleware.
Global.asax?
+
Application-level events like Start, End, Error.
GridView Control:
+
GridView displays data in a tabular format and supports sorting, paging, and
editing. It binds to data sources like SQL, lists, or datasets. It provides
templates and commands for customization.
gRPC in .NET?
+
High-performance, protocol-buffer-based communication for microservices,
faster than REST.
gRPC?
+
High-performance communication protocol using binary messaging and HTTP/2.
gRPC?
+
High-performance RPC protocol using HTTP/2 for communication.
GZip Compression?
+
Compressing responses to reduce payload size.
Handle 404 in ASP.NET Core?
+
Use middleware such as: app.UseStatusCodePages();
HATEOAS?
+
Responses include links to guide client navigation.
HATEOAS?
+
Hypermedia as Engine of Application State — constraint of REST API.
Health Check Endpoint?
+
Endpoint to verify system status and dependencies.
Health Check endpoint?
+
Used for monitoring health status and dependencies like DB or Redis.
Health Check in .NET Core?
+
Monitor app and dependency status, useful for Kubernetes and cloud
deployments.
Health Checks?
+
Endpoints that report app health.
Host in ASP.NET Core?
+
Manages DI, configuration, logging, and middleware; includes WebHost and
GenericHost.
Host?
+
Host manages app lifetime, DI container, config, and logging. It’s core
runtime container.
Host?
+
Host manages app lifetime, configuration, logging, DI, and environment.
HostedService?
+
Interface for background tasks.
Hot Reload?
+
Hot Reload allows modifying code while the application is running. It
improves productivity by reducing restart time.
Hot Reload?
+
Feature allowing code changes without restarting application.
How authorize multiple roles?
+
[Authorize(Roles=\Admin Manager\")]"
How execute Stored Procedures?
+
Use FromSqlRaw().
How implement Pagination?
+
Use Skip() and Take().
How prevent privilege escalation?
+
Validate authorization checks on every sensitive action.
How prevent SQL Injection?
+
Use parameterized queries and stored procedures.
How register EF Core?
+
services.AddDbContext(options => options.UseSqlServer(...));
How return IActionResult?
+
Use Ok(), NotFound(), BadRequest(), Created().
How Seed Data?
+
Use HasData() inside OnModelCreating().
How upload files?
+
Use IFormFile parameter.
HTML Helper?
+
Methods that generate HTML controls programmatically in views.
HTML server controls in ASP.NET?
+
HTML controls become server controls by adding runat="server". They behave
like programmable server-side objects. They allow event handling and server
processing.
HTTP Handler?
+
An HttpHandler is a component that processes individual HTTP requests. It
acts as an endpoint for file extensions like .aspx, .ashx, .jpg etc. It is
lightweight and best for custom resource generation.
HTTP Logging Middleware?
+
Logs details about incoming requests and responses.
HTTP Status Codes?
+
200 OK, 201 Created, 400 Bad Request, 401 Unauthorized, 404 Not Found, 500
Server Error.
HTTP Verb Mapping?
+
Mapping controller actions to verbs using [HttpGet], [HttpPost], etc.
HTTP Verb?
+
Operations like GET, POST, PUT, DELETE mapped to actions.
HttpClientFactory?
+
Factory pattern to create and manage HttpClient instances.
HttpModule?
+
Windows-only ASP.NET components that handle HTTP request/response events in
the pipeline.
HTTPS Redirection Middleware?
+
Forces application to use secure connection.
HTTPS Redirection?
+
Force HTTPS using app.UseHttpsRedirection().
IActionFilter?
+
Interface for implementing custom filters.
IActionResult?
+
Base interface for different action results.
IActionResult?
+
Base interface for action results in ASP.NET Core MVC.
IAM?
+
Identity and Access Management.
IAuthorizationService?
+
Service to manually invoke authorization programmatically.
IConfiguration?
+
Interface used to access application configuration values.
IConfiguration?
+
Interface used to read configuration data.
Idempotency?
+
Operation that produces the same result when repeated.
Identity Framework?
+
Built-in membership system for authentication and user roles.
Identity Provider (IdP)?
+
Service that authenticates users.
IdentityServer?
+
OAuth2/OpenID Connect framework for authentication and authorization.
IHttpClientFactory?
+
Factory for creating HttpClient instances safely.
IHttpClientFactory?
+
IHttpClientFactory creates and manages HttpClient instances to avoid socket
exhaustion and improve performance in Web API calls.
IHttpClientFactory?
+
ASP.NET Core factory for creating and managing HttpClient instances.
IHttpClientFactory?
+
Factory pattern for creating optimized HttpClient instances.
IHttpContextAccessor?
+
Used to access HTTP context in non-controller classes.
IIS Integration?
+
In Windows hosting, Kestrel works behind IIS. IIS handles SSL, load
balancing, and process management, while Kestrel executes the request
pipeline.
IIS?
+
Web server for hosting ASP.NET apps.
IIS?
+
Internet Information Services — a Windows web server.
ILogger?
+
Logging interface used for tracking application events.
Impersonation?
+
Executing code under another user's identity.
Impersonation?
+
Execute actions under another user's identity.
Implement Ajax in MVC?
+
Using @Ajax.BeginForm() and AjaxOptions. You can call actions asynchronously
using jQuery AJAX. The server returns JSON or partial views. This improves
performance without full page reloads.
Implement MVC Forms authentication:
+
Forms authentication uses login pages, authentication cookies, and
AuthorizeAttribute to protect secured pages.
Implicit Deny?
+
If no rule allows it, access is denied.
Importance of NonActionAttribute?
+
It marks a method in a controller as not an action method. This prevents it
from being executed via URL routing. Useful for helper methods within
controllers. Enhances security and routing control.
Improve API Performance?
+
Caching, AsNoTracking, async queries, efficient queries.
Improve ASP.NET performance:
+
Use caching, compression, output caching, and minimized ViewState. Optimize
SQL queries and enable async processing. Reduce server round trips and
bundling/minifying scripts.
Inheritance?
+
Deriving classes from base classes.
In-memory vs Distributed Cache
+
In-memory caching stores data on the server and is best for single-instance
apps. Distributed caching uses Redis or SQL Server and supports
load-balanced environments.
Interface?
+
Contract specifying methods without implementation.
IOptions pattern?
+
Method to bind strongly-typed settings from configuration to C# classes.
IOptions pattern?
+
Used to map configuration sections to strongly typed classes.
Is ASP.NET Core open source?
+
Yes, it is developed under the .NET Foundation and is fully open source.
Is DI built-in in ASP.NET Core?
+
Yes, ASP.NET Core has built-in DI support.
Is MVC stateless?
+
Yes, MVC follows stateless architecture where every request is independent.
JIT Compiler?
+
Just-In-Time compiler that converts IL code to native machine code.
JIT compiler?
+
Converts IL to native code at runtime, optimizing performance and memory;
types include Pre-JIT, Econo-JIT, Normal-JIT.
JIT compiler?
+
Just-in-Time compiler converts IL code to machine code during runtime.
JSON global config?
+
builder.Services.Configure(...).
JSON Serialization?
+
Converting objects into JSON format for transport or storage.
JSON Serializer used?
+
System.Text.Json (default), with option to use Newtonsoft.Json.
JSON.stringify?
+
Converts JavaScript object into JSON format for ajax posts.
JsonResult?
+
Returns JSON formatted response.
Just-In-Time Access (JIT)?
+
Provide temporary elevated permissions.
JWT Authentication?
+
JWT (JSON Web Token) is a token-based authentication method used in
microservices and APIs. It stores claims and is stateless, meaning no
session storage is required.
JWT creation coding?
+
Use JwtSecurityTokenHandler to generate token.
JWT Token?
+
Stateless token format used for authentication.
JWT?
+
A compact, self-contained token for securely transmitting claims between
parties.
JWT?
+
JSON Web Token for stateless authentication between client and server.
JWT?
+
JSON Web Token used for bearer authentication.
Kerberos?
+
Secure ticket-based authentication protocol.
Kestrel Server?
+
Kestrel is the default lightweight web server in ASP.NET Core. It is fast,
cross-platform, and optimized for high-performance apps.
Kestrel?
+
Cross-platform lightweight web server for ASP.NET Core.
Kestrel?
+
A lightweight, cross-platform web server used by ASP.NET Core applications.
Key DifBet ASP.NET and ASP.NET Core?
+
ASP.NET Core is cross-platform, modular, open-source, and faster compared to
ASP.NET Framework.
Kubernetes?
+
Container orchestration platform used to deploy microservices.
Latest version of ASP.NET Core?
+
The latest stable version of ASP.NET Core (as of December 2025) follows the
latest .NET release: ASP.NET Core 10.0 — shipped with .NET 10 on November
11, 2025.
LaunchSettings.json in ASP.NET Core?
+
This file stores environment and profile settings for the application during
development. It defines the application URL, SSL settings, and environment
variables like ASPNETCORE_ENVIRONMENT. It helps configure debugging profiles
for IIS Express or direct execution.
Layout page?
+
Template defining common design elements such as header and footer.
Layout Page?
+
Master template providing shared UI like header/footer across multiple
views.
Lazy Loading?
+
Loads navigation properties on first access.
Least Privilege Access?
+
Users receive minimal required permissions.
library supports resiliency?
+
Polly.
LINQ?
+
Query syntax integrated into C# to query collections/databases.
LINQ?
+
LINQ (Language Integrated Query) allows querying data from collections,
databases, XML, etc. using C# syntax. It improves code readability and
eliminates SQL string errors.
LINQ?
+
Query syntax for querying data collections, SQL, XML, and EF.
LINQ?
+
Query syntax used to retrieve data from collections or databases.
List HTTP methods.
+
GET, POST, PUT, PATCH, DELETE, OPTIONS.
Load Balancing?
+
Distribute requests across servers.
Load Balancing?
+
Distributing application traffic across multiple servers for performance and
redundancy.
Lock statement?
+
Prevents multiple threads from accessing code simultaneously.
Logging in .NET Core?
+
.NET Core provides built-in logging with providers like Console, Debug,
Serilog, and Application Insights. It helps monitor app behavior and errors.
Logging in ASP.NET Core?
+
Built-in framework to log information using ILogger.
Logging in MVC Core?
+
Capturing application logs via ILogger and providers.
logging providers are supported?
+
Console, Debug, Azure App Insights, Seq, Serilog.
Logging Providers?
+
Serilog, NLog, Seq, Application Insights.
Logging System
+
Built-in support for console, file, Application Insights, SeriLog, etc.
Logging?
+
System to capture and store application logs.
Machine.config?
+
System-wide configuration file for .NET Framework.
Main DiffBet MVC and Web API?
+
MVC is used to return views (HTML) for web applications. Web API is used to
build RESTful services and returns data formats like JSON or XML. MVC is
UI-focused, whereas Web API is service-focused. Web API can be used by
mobile, IoT, and web clients.
Maintain the sessions in MVC?
+
Session can be maintained using Session[], cookies, TempData, ViewBag,
QueryString, and Hidden fields.
Major events in global.aspx?
+
Common events include Application_Start, Session_Start,
Application_BeginRequest, Session_End, and Application_End. These events
manage application life cycle tasks. They handle logging, caching, and
security logic. They execute globally for the entire application.
Managed Code?
+
Code executed under the supervision of CLR.
master pages in ASP.NET?
+
Master pages define a common layout for multiple web pages. Content pages
inherit this layout to maintain consistent UI. They reduce duplication of
HTML code. Common parts like headers, footers, and menus are shared.
Master Pages:
+
Master Pages define a common layout for multiple pages. Content pages fill
placeholders within the master. Useful for consistency and easier
maintenance.
Message Queues?
+
Kafka, RabbitMQ, Azure Service Bus.
Metadata in .NET?
+
Information about types, methods, references stored with assemblies.
Methods of session maintenance in ASP.NET:
+
ASP.NET provides several ways to maintain sessions, including In-Process
(InProc), State Server, SQL Server, and Custom session state providers.
Cookies and cookieless sessions are also used. These mechanisms help store
user-specific data across requests.
MFA?
+
Multi-factor authentication using multiple methods.
Microservices Architecture?
+
Architecture pattern where the application is composed of independent
services.
Microservices architecture?
+
System divided into small loosely coupled services.
Middleware components?
+
Pipeline components that process HTTP requests and responses in sequence.
Middleware Concept
+
Middleware are components processing requests in sequence.
Middleware in ASP.NET Core?
+
Pipeline components that process HTTP requests/responses, e.g.,
authentication, routing, logging, CORS.
Middleware Pipeline?
+
Requests pass through ordered middleware, each handling logic before
forwarding.
Middleware Pipeline?
+
Sequential execution of request-processing components in ASP.NET Core.
Middleware?
+
A pipeline component that processes HTTP requests and responses. it is
lightweight, runs cross-platform, and fully configurable in code.
middleware?
+
Components that process HTTP requests in ASP.NET Core pipeline.
Migration commands?
+
dotnet ef migrations add Name; dotnet ef database update
Migrations?
+
System for applying and tracking database schema changes.
Minification and Bundling used?
+
They reduce file size and combine multiple CSS/JS files to improve
performance.
Minimal API?
+
Define routes using MapGet(), MapPost(), MapPut(), etc.,Lightweight syntax
for defining endpoints without controllers.Lightweight HTTP endpoints with
minimal code, ideal for microservices and prototypes.
Minimal API?
+
Lightweight HTTP API setup introduced in .NET 6 using minimal hosting model.
Mocking Framework?
+
Tools like MOQ used to simulate dependencies during testing.
Mocking?
+
Simulating dependencies using fake objects.
Modal Binding in Razor Pages?
+
Mapping form inputs automatically to page properties.
Model Binder?
+
Maps request data to models automatically.
Model Binding
+
Automatically maps form, query string, and JSON data to model classes.
Model Binding?
+
Maps HTTP request data to C# parameters automatically. Model binding maps
incoming request data to method parameters or model objects automatically.
It simplifies request handling in MVC and Web API.
Model Binding?
+
Automatic mapping of HTTP request data to action method parameters.
Model Binding?
+
Automatic mapping of request data to method parameters or models.
Model Binding?
+
Automatic mapping of HTTP request data to model objects.
Model in MVC?
+
Model represents application data and business logic.
Model Validation
+
Uses Data Annotations and custom validation attributes.
Model Validation?
+
Ensures incoming data meets rules via DataAnnotations.
Model Validation?
+
Ensures input values meet defined requirements before processing.
Model Validation?
+
Ensuring input meets validation rules before processing.
ModelState?
+
Stores the state of model binding and validation errors.
Model-View-Controller?
+
MVC is a design pattern that separates an application into Model, View, and
Controller components.
Monolith Architecture?
+
Single deployable unit with tightly coupled components.
Monolithic architecture?
+
Single deployable unit with tightly-coupled components.
MSIL?
+
Intermediate language generated from .NET code before JIT compilation.
Multicast Delegate?
+
Delegate pointing to multiple methods.
Multiple environments
+
Configured using ASPNETCORE_ENVIRONMENT variable (Dev, Staging, Prod).
MVC Architecture
+
Separates application logic into Model, View, Controller.
MVC Components
+
Model stores data, View displays UI, Controller handles requests.
MVC in AngularJS?
+
AngularJS follows an MVC-like architecture. Model holds data, View
represents the UI, and Controller manages logic. It helps in clear
separation of concerns in client-side apps. Angular automates data binding
between Model and View.
MVC in ASP.NET Core?
+
Model-View-Controller pattern used for web UI and API development.
MVC Page life cycle stages:
+
Stages include Routing, Controller initialization, Action execution, Result
execution, and View rendering.
MVC Routing?
+
Maps URL patterns to controller actions.
MVC works in Spring?
+
Spring MVC uses DispatcherServlet as the front controller. It routes
requests to controllers. Controllers return Model and View data. The
ViewResolver renders the final response.
MVC?
+
A design pattern dividing application logic into Model, View, Controller.
MVC?
+
MVC stands for Model-View-Controller architecture separating UI, data, and
logic.
MVC?
+
MVC (Model-View-Controller) separates business logic, UI, and request
handling into Model, View, and Controller.This improves testability,
maintainability, scalability, and is widely used for modern web
applications.
Name the assembly in which the MVC framework is
typically defined.
+
ASP.NET MVC is mainly defined in the System.Web.Mvc assembly.
Namespace?
+
A container for organizing classes and types.
Navigate from one view to another using a
hyperlink?
+
Use the Html.ActionLink() helper in MVC. Example: @Html.ActionLink("Go to
About", "About", "Home"). This generates an anchor tag with route mapping.
Clicking it redirects to the specified view.
Navigation between views example.
+
Using hyperlink: Go to About.
Navigation techniques:
+
Navigation in ASP.NET uses Hyperlinks, Response.Redirect, Server.Transfer,
Cross-page posting, and Site Navigation controls like Menu and TreeView. It
helps users move between pages.
New features in ASP.NET Core?
+
Dependency Injection built-in, cross-platform, unified MVC+Web API,
lightweight middleware pipeline, and performance improvements.Enhanced
Minimal APIs, improved performance, better real-time support, updated
security, and stronger observability tools.
New in .NET Core 2.1 / ASP.NET Core 2.1?
+
Features include Razor Class Libraries, HTTPS by default, SPA templates,
SignalR support, and GDPR compliance tools. It also introduced global tools,
improved performance, and simplified identity UI.
Non-Repudiation?
+
Ensuring actions cannot be denied by users.
N-Tier architecture?
+
Layers like UI, Business, Data Access.
NTLM?
+
Windows challenge-response authentication protocol.
NuGet?
+
NuGet is the package manager for .NET. Developers use it to download, share,
and manage libraries. It supports dependency resolution and automatic
updates.
NuGet?
+
Package manager for .NET libraries.
Nullable type?
+
Represents value types that can be null.
NUnit/MSTest?
+
Unit testing frameworks for .NET.
OAuth Refresh Token Rotation?
+
Invalidating old refresh token when issuing a new one.
OAuth vs SAML?
+
OAuth is authorization; SAML is authentication using XML.
OAuth?
+
Open standard for secure delegated access.
OAuth2 Authorization Code Flow?
+
Secure flow used by web apps requiring user login.
OAuth2 Client Credentials Flow?
+
Service-to-service authorization.
OAuth2 Implicit Flow?
+
Legacy browser flow not recommended.
OAuth2?
+
Delegated authorization framework for delegated access.
OAuth2?
+
Authorization framework allowing delegated access using tokens.
OOP?
+
Programming model using classes, inheritance, and polymorphism.
OpenID Connect?
+
Authentication layer on top of OAuth2 for user login and identity
management.
OpenID Connect?
+
Authentication layer built on top of OAuth 2.0.
OpenID Connect?
+
Identity layer on top of OAuth 2.0.
OpenID Connect?
+
Identity layer on top of OAuth for login authentication.
Optimistic Concurrency?
+
Use [Timestamp]/RowVersion to prevent data overwrites via row-version
checks.
Options Pattern
+
Used to bind strongly typed classes to configuration sections.
Order of filter execution in MVC
+
Order: 1. Authorization Filters 2. Action Filters 3. Result Filters 4.
Exception Filters Execution occurs in a defined pipeline sequence.
Ordering execution when multiple filters are
used:
+
Filters run in the order: Authorization → Action → Result → Exception
filters. Custom ordering can also be defined using the Order property.
OutputCache?
+
Caching mechanism used in MVC Framework to improve response time.
OWIN and ASP.NET Core
+
OWIN was designed to decouple web servers from web applications. ASP.NET
Core builds on the same lightweight pipeline concept but replaces OWIN with
a more flexible middleware model.
package enables Swagger?
+
Swashbuckle.AspNetCore
Page directives in ASP.NET:
+
Page directives provide configuration and instruction to the compiler.
Examples include @Page, @Import, @Master, and @Control. They define
attributes like language, inheritance, and code-behind file.
Pagination coding question?
+
Implement Skip(), Take(), and metadata.
Pagination in API?
+
Return data with totalCount, pageNo, pageSize.
Partial Class?
+
Split class across multiple files.
Partial view in MVC?
+
A partial view is a reusable piece of UI code. It works like a user control
and avoids code duplication. It is rendered inside another view. Useful for
menus, headers, and reusable content blocks.
Partial View?
+
Reusable view component shared across multiple views.
Partial View?
+
Reusable UI component used in multiple views.
Partial Views
+
Partial views reuse UI sections like menus or forms. They reduce code
duplication and improve maintainability.
Parts of JWT?
+
Header, Payload, Signature.
PBAC?
+
Policy-Based Access Control.
Permission?
+
A specific capability like Read, Write, or Delete.
Permission-Based API Authorization?
+
APIs check user permissions before actions.
PKCE?
+
Enhanced security for mobile and SPA apps.
Points to remember while creating MVC
application?
+
Maintain separation of concerns. Use routing properly for readability. Keep
business logic in the Model or services. Use ViewModels instead of exposing
database models.
Policies in authorization?
+
Reusable authorization rules defined using AddAuthorization.
Policy Decision Point (PDP)?
+
Component that evaluates authorization policy.
Policy Enforcement Point (PEP)?
+
Component that checks access rules.
Policy-Based Authorization?
+
Define custom authorization rules inside AddAuthorization().
Polymorphism?
+
Ability to override methods for different behavior.
Post-Authorization Logging?
+
Record actions taken after authorization.
PostBack property:
+
IsPostBack indicates whether the page is loaded first time or due to a user
action like a button click. It helps avoid re-binding data unnecessarily.
Useful for improving performance.
PostBack?
+
When a page sends data to the server and reloads itself.
Prevent CSRF?
+
Anti-forgery tokens and SameSite cookies.
Prevent SQL Injection?
+
Parameterized queries/EF Core.
Principle of Least Privilege?
+
Users get only required permissions.
Privilege Escalation?
+
Attack where user gains unauthorized permissions.
Privileged Access Management (PAM)?
+
System to monitor and control high-privilege accounts.
Program.cs used for?
+
Defines application bootstrap, host builder, and startup configuration.
Program.cs?
+
Entry point that configures the host, services, and middleware.
Purpose of MVC pattern?
+
To separate concerns and make application maintainable, testable, and
scalable.
Query String in ASP?
+
Query strings pass values through the URL during page requests. They are
used for lightweight data transfer. A query string starts after a ? in the
URL. It is visible to users, so sensitive data should not be stored.
Rate Limiting?
+
Restricting how many requests a client can make.
rate limiting?
+
Controlling request frequency to protect system resources.
Rate Limiting?
+
Controls request frequency to prevent abuse.
Razor Pages in ASP.NET Core?
+
Page-focused ASP.NET Core model with combined view and logic, ideal for CRUD
apps.
Razor Pages?
+
A page-focused ASP.NET Core model where each page has its own UI and logic,
ideal for simpler web apps.
Razor Pages?
+
A page-based framework for building UI similar to MVC but simpler.
Razor Pages?
+
Page-based model alternative to MVC introduced in .NET Core.
Razor View Engine?
+
Syntax for rendering HTML with C# code.
Razor View Engine?
+
Lightweight syntax for writing server-side code inside HTML.
Razor view file extensions:
+
.cshtml (C# Razor) and .vbhtml (VB Razor) are used for Razor views.
Razor?
+
Razor is a templating engine used in ASP.NET MVC and Razor Pages. It
combines C# with HTML to generate dynamic UI. It is lightweight, fast, and
easy to use.
Razor?
+
A markup syntax in ASP.NET for embedding C# into views.
RBAC?
+
Role-Based Access Control.
Real-life example of MVC?
+
A shopping website: Model: Product data View: Product display page
Controller: User actions like Add to Cart They work together to complete
functionality.
RedirectToAction()?
+
Redirects browser to another action or controller.
Redis caching coding?
+
AddStackExchangeRedisCache().
Redis?
+
Fast distributed in-memory caching system.
Redis?
+
In-memory distributed caching system.
Reflection?
+
Inspecting metadata and creating objects dynamically at runtime.
Refresh Token?
+
A long-lived token used to obtain new access tokens without re-login.
Remoting?
+
Legacy communication between .NET applications.
RenderBody vs RenderPage:
+
RenderBody() outputs the content of the child view in layout. RenderPage()
inserts another Razor page inside a view like a partial.
RenderBody() outputs the content of the child
view in layout. RenderPage() inserts another Razor page inside a view like a
partial.
+
Additional Questions
Repository Pattern?
+
Abstraction layer over data access.
Repository Pattern?
+
Abstraction layer separating business logic from data access logic.
Repository Pattern?
+
A pattern separating data access layer from business logic.
Request Delegate?
+
A delegate such as RequestDelegate handles HTTP requests and responses
inside middleware.
Resource Server?
+
API that verifies and uses access tokens.
Resource?
+
A data entity identified by a URI like /users/1.
Resource-Based Authorization?
+
Authorization rules applied based on a specific resource instance.
Response Compression?
+
Compresses HTTP responses using gzip/br or deflate.
Response Compression?
+
Compressing HTTP output for faster response.
REST API?
+
API that adheres to REST principles such as statelessness, resource
identification, caching.
REST?
+
An architectural style using stateless communication over HTTP with
resources.
REST?
+
Representational State Transfer — stateless communication using HTTP verbs.
Retry Policy?
+
Automatic retry logic for failed external calls.
Return PartialView()?
+
Returns only partial content without layout.
Return types of an action method:
+
Returns include ViewResult, JsonResult, RedirectResult, ContentResult,
FileResult, and ActionResult.
Return View()?
+
Returns a full view to the browser.
reverse proxy?
+
Middleware forwarding requests from IIS/Nginx to Kestrel.
Role of ActionFilters in MVC?
+
ActionFilters allow you to run logic before or after an action executes.
They help in cross-cutting concerns like logging, authentication, caching,
and exception handling. Filters can be applied at the controller or method
level. Examples include: Authorize, HandleError, and OutputCache.
Role of Configure() method?
+
Defines the request handling pipeline using middleware like routing,
authentication, static files, etc.
Role of ConfigureServices()
+
Used to register services like DI, EF Core, identity, logging, and custom
services.
Role of IHostingEnvironment?
+
Provides environment-specific info like Development, Production, and
staging.
Role of Middleware
+
Authentication, logging, routing, exception handling.
Role of MVC components:
+
Presentation (View) shows data, Abstraction (Model) handles logic/data,
Control (Controller) manages requests and updates.
Role of MVC in AngularJS?
+
MVC helps structure the application for maintainability. Model stores data,
View displays data using HTML, and Controller updates data. Angular’s
two-way binding keeps Model and View synchronized. It helps in scaling
complex front-end applications.
Role of Startup class?
+
It configures application services via ConfigureServices() and request
pipeline via Configure().
Role of WebHost.CreateDefaultBuilder()?
+
Configures default settings like Kestrel, logging, config, ENV detection.
Role?
+
A named group of permissions.
Role-Based Authorization?
+
Restrict access using roles, e.g., [Authorize(Roles="Admin")].
RouteConfig.cs?
+
Contains registration logic for routing in MVC Framework.
Routes difference in WebForm vs MVC:
+
WebForms use file-based routing, MVC uses pattern-based routing with
controllers and actions.
Routing
+
Maps URLs to controllers and actions using UseRouting() and
MapControllerRoute().
routing and three segments?
+
Routing is the process of mapping incoming URLs to controller actions. The
default pattern contains three segments: {controller}/{action}/{id}. It
helps in SEO-friendly and user-readable URLs.
Routing carried out in MVC?
+
Routing engine matches the URL with route patterns from the RouteConfig and
executes the mapped controller and action.
Routing in MVC?
+
Routing maps URLs to corresponding Controller actions.
routing in MVC?
+
Routing maps incoming URL requests to specific controllers and actions.
Routing is done in the MVC pattern?
+
Routing is handled by a RouteConfig.cs file (or Program.cs in .NET Core).
ASP.NET MVC uses pattern matching to map URLs to controllers. Routes are
registered at application startup. Based on the URL, MVC identifies which
controller and action to execute.
Routing is not required?
+
1. Serving static files (images, CSS, JS). 2. Accessing .axd resource
handlers. Routing bypasses these requests automatically. 31) Features of
MVC?
Routing Types
+
Convention-based routing and attribute routing.
Routing?
+
Matches HTTP requests to endpoints.
routing?
+
Route mapping of URLs to controller actions.
Routing?
+
Mapping incoming URLs to controller actions or endpoints.
Row-Level Security?
+
User can only access specific rows based on rules.
Rules of Razor syntax:
+
Razor starts with @, supports IntelliSense, has clean HTML mixing, and
minimizes closing tags compared to ASPX.
runtime does ASP.NET Core use?
+
.NET 5/6/7/8 (Unified .NET runtime).
Runtime Identifiers (RID)?
+
RID represents the platform where an app runs (e.g., win-x64, linux-arm64).
Used for publishing self-contained apps.
Scaffolding?
+
Automatic generation of CRUD code for model and views.
Scope Creep?
+
Unauthorized expansion of delegated access.
Scope in OAuth2?
+
Defines what access the client is requesting.
Scoped lifetime?
+
Service created once per request.
Scoped lifetime?
+
One instance per HTTP request.
Scoped lifetime?
+
Creates one instance per client request.
Sealed class?
+
Class that cannot be inherited.
Security & Authorization
+
ASP.NET Core uses policies, role-based access, authentication middleware,
and secure coding to protect resources. Best practices include HTTPS, input
validation, and secure tokens.
Self-Authorization Design?
+
User automatically given access to own resources.
Self-Contained Deployment?
+
The app includes its own .NET runtime. It does not require .NET to be
installed on the host machine.
Send JSON result in MVC?
+
Use return Json(object, JsonRequestBehavior.AllowGet);. This serializes the
object into JSON format. Useful in AJAX-based applications. It is commonly
used in API responses.
Separation of Duties?
+
Critical tasks split among multiple users.
Serialization Libraries?
+
System.Text.Json, Newtonsoft.Json.
Serialization?
+
Converting objects to byte streams, JSON, or XML.
Serilog?
+
Third-party structured logging library.
Serverless Computing?
+
Execution model where cloud runs functions without managing servers.
Server-side validation?
+
Validation performed on server during HTTP request processing.
Service Lifetimes
+
Transient, Scoped, Singleton.
Service Lifetimes?
+
Singleton, Scoped, Transient.
Session Fixation?
+
Attack that hijacks a valid session.
Session in MVC Core?
+
Stores user state data server-side while maintaining stateless nature.
Session State Management
+
Uses cookies, TempData, distributed caching, or session middleware.
Session State?
+
Server-side storage for user data.
session?
+
Server-side state management storing user data across requests.
Sessions maintained in MVC?
+
Sessions can be maintained using Session[] variables. Example:
Session["User"] = "John";. ASP.NET uses server-side storage for session
values. Cookies or session identifiers track user session state.
SignalR?
+
SignalR is a .NET library for real-time communication. It supports
WebSockets and used for chat apps, live dashboards, and notifications.
SignalR?
+
Real-time communication framework for push notifications, chat, live
updates.
SignalR?
+
Framework for real-time communication like chat, live updates.
Significance of NonActionAttribute:
+
NonActionAttribute is used in MVC to prevent a public method inside a
controller from being treated as an action method. It tells the framework
not to expose or invoke the method via routing. This is useful for helper or
private logic inside controllers.
Singleton lifetime?
+
Service instance created once for entire application lifetime.
Singleton lifetime?
+
Single instance for the entire application lifecycle.
Singleton lifetime?
+
One instance shared across application lifetime.
Soft Delete in API?
+
Use IsDeleted filter globally.
Soft Delete?
+
Mark record as deleted instead of physically removing.
SOLID?
+
Five design principles: SRP, OCP, LSP, ISP, DIP.
Spring MVC?
+
Spring MVC is a Java-based MVC framework used to build flexible and loosely
coupled web applications.
SQL Injection?
+
Attack using unsafe SQL input.
SQL Injection?
+
Security attack via malicious SQL input.
SSO?
+
Single Sign-On allows login once across multiple apps.
SSO?
+
Single Sign-On allowing one login for multiple applications.
Startup class used for?
+
Configures services and the HTTP request pipeline.
Startup.cs?
+
Startup.cs in ASP.NET Core configures the application’s services and
middleware pipeline. The ConfigureServices method registers services like
dependency injection, database contexts, and authentication. The Configure
method sets up middleware such as routing, error handling, and static files.
It defines how the app responds to HTTP requests during startup.
Startup.cs?
+
File configuring middleware, routing, authentication in MVC Core.
Statelessness?
+
Server stores no client session; each request is independent.
Static Authorization?
+
Predefined access rules.
Static class?
+
Class that cannot be instantiated.
Steps in the execution of an MVC project?
+
Request goes to the Routing Engine, which maps it to a controller and
action. The controller executes the required logic and interacts with the
model. A View is selected and rendered to the browser. Finally, the response
is returned to the client.
stored procedures?
+
Precompiled SQL code stored in the database.
Strong naming?
+
Assigning a unique identity using public/private key pairs.
strongly typed view?
+
A view bound to a specific model class for compile-time validation.
strongly typed view?
+
A view bound to a specific model class using @model keyword.
Strongly Typed Views
+
These views are bound to a model class using @model. They improve
IntelliSense, compile-time safety, and easier data handling.
Swagger/OpenAPI?
+
Tool to document and test REST APIs.
Swagger?
+
Framework to document and test APIs interactively.
Swagger?
+
Documentation and testing tool for APIs.
Swagger?
+
Auto-documentation and testing tool for APIs.
Tag Helper in ASP.NET Core?
+
Tag helpers are server-side components that enable C# code to be used in
HTML elements. They make views cleaner and more readable, especially for
forms, routing, and validation. Examples include asp-controller, asp-route,
and asp-validation-for.
Tag Helper?
+
Server-side helpers to generate HTML in Razor views.
Tag Helper?
+
Server-side components used to generate dynamic HTML.
Tag Helpers?
+
Server-side Razor components that generate HTML in .NET Core MVC.
Task Parallel Library (TPL)?
+
Framework for parallel programming using tasks.
TempData in MVC?
+
TempData stores data temporarily and is used to pass values across requests,
especially during redirects.
TempData used for?
+
Used to pass data across redirects between actions.
TempData: Stores data temporarily across
redirects.
+
ViewData: Key-value store for passing data to view.
TempData?
+
Stores data for one request cycle.
TempData?
+
Stores data temporarily and persists across redirects.
the Base Class Library?
+
Reusable classes for IO, networking, collections, threading, XML, etc.
the DifBet early and late binding?
+
Early binding resolved at compile time, late binding at runtime.
the main components of .NET Framework?
+
CLR, Base Class Library, ASP.NET, ADO.NET, WPF, WCF.
Themes in ASP.NET application?
+
Themes style pages and controls consistently using CSS, skin files, and
images stored in the App_Themes folder;they can be applied via Page
directive, Web.config, or programmatically to maintain a uniform UI design.
Themes in ASP.NET:
+
Themes define the UI look and feel of a web application. They include
styles, skins, and images. Useful for consistent branding across pages.
Threading?
+
Executing multiple tasks concurrently.
Throttling?
+
Controlling request frequency.
Token Authentication?
+
Authentication based on tokens instead of cookies.
Token Binding?
+
Crypto mechanism tying tokens to client devices.
Token Exchange?
+
Exchanging one token for another for different scopes.
Token Introspection?
+
Process of validating token on the Authorization Server.
Token Revocation?
+
Process of invalidating tokens before expiration.
Token-Based Authorization?
+
Access granted via tokens like JWT.
tracing in .NET?
+
Tracing helps debug and analyze runtime behavior. It displays request
details, control hierarchy, and performance info. Tracing can be enabled at
page or application level. It is useful during development for
troubleshooting.
Tracking vs NoTracking?
+
AsNoTracking improves performance for reads.
Transient lifetime?
+
New instance created each time the service is requested.
Transient lifetime?
+
Creates a new instance each time requested.
Transient lifetime?
+
Creates a new instance every time requested.
Two approaches of adding constraints to a route:
+
Constraints can be added using regular expressions or built-in constraint
classes like HttpMethodConstraint.
Two ways to add constraints to a route?
+
1. Using Regular Expressions. 2. Using Parameter Constraints (like int,
guid). They restrict valid route patterns. Helps avoid ambiguity.
Two ways to add constraints:
+
Using Regex constraints or custom constraint classes/interfaces.
Types of ActionResult?
+
ViewResult, JsonResult, RedirectResult, FileResult, PartialViewResult,
ContentResult.
Types of authentication in ASP.NET?
+
Forms, Windows, Passport, Token, Basic.
Types of Caching?
+
In-memory, Distributed, Redis, Response caching.
Types of caching?
+
Output caching, Data caching, Distributed caching.
Types of caching?
+
In-Memory Cache, Distributed Cache, Response Cache.
Types of DI lifetimes?
+
Singleton, Scoped, Transient.
Types of filters?
+
Authorization, Action, Result, and Exception filters.
Types of Filters?
+
Authorization, Action, Result, Exception filters.
Types of JIT?
+
Pre-JIT, Econo-JIT, Normal-JIT.
Types of results in MVC?
+
Common types include: ViewResult JsonResult RedirectResult ContentResult
FileResult Each type corresponds to a different response format.
Types of Routing?
+
Attribute routing, Conventional routing, Minimal API routing.
Types of routing?
+
Convention-based routing and Attribute routing.
Types of Routing?
+
Convention-based and Attribute-based routing.
Types of serialization?
+
Binary, XML, SOAP, JSON.
Unboxing?
+
Extracting value type from object.
Unit of Work Pattern?
+
Manages multiple repositories under a single transaction.
Unit of Work Pattern?
+
Manages multiple repository operations under a single transaction.
Unit of Work Pattern?
+
Manages multiple repository operations under a single transaction.
Unit Testing Controllers
+
Controllers are tested using mock dependencies injected via constructor.
Frameworks like Moq help simulate external services.
Unit Testing in MVC?
+
Testing controllers, models, and logic without running UI.
Unit Testing?
+
Testing individual code components.
Unmanaged Code?
+
Code executed directly by OS outside CLR like C/C++.
URI vs URL?
+
URI identifies a resource; URL locates it.
URL Rewriting Middleware
+
This middleware modifies request URLs before routing. It is useful for SEO
redirects, legacy URL support, and HTTPS enforcement.
Use MVC in JSP?
+
Use Java Beans as Model, JSP as View, and Servlets as Controllers. The
controller receives requests, interacts with the model, and forwards output
to the view. Ensures clean separation of logic. 35) How MVC works in Spring?
Use of ActionFilters in MVC?
+
Action filters execute custom logic before or after Action methods, such as
logging, caching, or authorization.
Use of CheckBox in .NET?
+
A CheckBox allows users to select one or multiple options. It returns
true/false based on user selection. It can trigger events like
CheckedChanged. It is widely used in forms and permissions.
Use of default route {resource}.axd/{*pathinfo}?
+
It is used to ignore requests for Web Resource files. Static resources like
scripts and images are handled separately. Prevents MVC routing from
processing system files. Used mainly for performance optimization.
Use of ng-controller in external files?
+
ng-controller helps load logic defined in a separate JavaScript file. This
separation keeps code modular and manageable. It also promotes reusability
and avoids inline scripts. Used for scalable Angular applications.
Use of UseIISIntegration?
+
Configures the app to work with IIS as a reverse proxy.
Use of ViewModel:
+
A ViewModel holds data required by the view and may combine multiple models.
It improves separation of concerns.
Use repeater control in ASP.NET?
+
Repeater displays repeated data from data sources like SQL or Lists. It
provides full HTML control without predefined layout. Data is bound using
DataBind() method. Ideal for flexible UI formatting.
used to handle an error in MVC?
+
MVC uses Exception Filters, HandleErrorAttribute, custom error pages, and
global filters to handle errors. It also supports logging frameworks for
exception tracking.
Using ASP.NET Core APIs from a Class Library
+
Class libraries can reference ASP.NET Core packages and use dependency
injection to access services. Shared logic like validation or domain models
can be placed in the library for reuse.
Using hyperlink:
+
Go to About
Validation in ASP.NET Core
+
Validation uses data annotations and model binding. It ensures rules are
applied once and reused across views and APIs (DRY principle).
Validation in MVC?
+
Process ensuring user input meets defined rules before saving.
Various JSON files in ASP.NET Core?
+
appsettings.json, launchSettings.json, bundleconfig.json, and
environment-specific config files.
Various steps to create the request object?
+
MVC parses the incoming HTTP request. It identifies route data, initializes
the Controller and Action. Binding occurs to form parameters and then the
request object is passed.
View Component?
+
Reusable rendering component similar to partial views but with logic.
View Engine?
+
Component that renders UI from templates.
View in MVC?
+
View is the UI representation of model data shown to the user.
View Models
+
Custom class containing only data required by the View.
View State?
+
Preserves page and control values across postbacks in ASP.NET WebForms using
a hidden field.
ViewBag?
+
Dynamic data dictionary for passing data from controller to view.
ViewData: Key-value store for passing data to
view.
+
ViewBag: Dynamic wrapper around ViewData.
ViewData?
+
A dictionary-based container to pass data between controller and view.
ViewEngineResult?
+
Represents result of view engine locating view or partial.
ViewEngines?
+
Engines that compile and render views like RazorViewEngine.
ViewImports.cshtml?
+
Registers namespaces, helpers, and tag helpers for Razor views.
ViewModel?
+
A class combining multiple models or additional data required by the view.
ViewStart.cshtml?
+
Executes before every view and sets layout page.
ViewStart?
+
_ViewStart.cshtml runs before each view and sets common settings like
layout. It helps avoid repeating configuration in each view.
ViewState?
+
Mechanism to persist page and control values in Web Forms.
ViewState?
+
A mechanism in ASP.NET WebForms to preserve page and control state across
postbacks.
WCF bindings?
+
Transport protocols like basicHttpBinding, wsHttpBinding.
WCF?
+
Windows Communication Foundation for building service-oriented apps.
Web API in ASP.NET Core?
+
Framework for building RESTful services.
Web API in ASP.NET?
+
ASP.NET Web API is used to build RESTful services. It supports formats like
JSON and XML. It enables communication between client and server
applications. Web API is lightweight and ideal for mobile and SPA
applications.
Web API vs MVC?
+
MVC returns views while Web API returns JSON/XML data.
Web API?
+
Web API is used to build RESTful HTTP services in .NET. It supports JSON,
XML, routing, authentication, and stateless communication.
Web API?
+
A framework for building RESTful services over HTTP in ASP.NET.
Web Farm?
+
Multiple servers hosting the same application.
Web Garden?
+
Multiple worker processes in same application pool.
Web Services in ASP.NET?
+
HTTP-based services using XML/SOAP for cross-platform communication (.asmx
files). They use XML and SOAP protocols for data exchange. They help build
interoperable solutions across platforms. ASP.NET Web Services expose
methods using [.asmx] files.
Web.config file in ASP?
+
Web.config is an XML configuration file for ASP.NET applications. It stores
settings like database connections, security, and session management. It
controls application-level behavior without recompiling code. Multiple
Web.config files can exist for different directories.
Web.config?
+
Configuration file for ASP.NET application.
Web.config?
+
Configuration file for ASP.NET applications in .NET Framework.
Web.config?
+
Configuration file used in .NET MVC Framework applications.
WebListener?
+
A Windows-only web server used when advanced Windows authentication features
are required.
WebParts:
+
WebParts allow building customizable and personalized pages. Users can
rearrange, edit, or hide parts of a page. Useful in dashboards and portal
applications.
WebSocket?
+
Persistent full-duplex communication protocol for real-time applications.
WebSocket?
+
Persistent full-duplex connection used in real-time communication.
Where Startup.cs in ASP.NET Core 6.0?
+
In .NET 6+, minimal hosting model removes Startup.cs. Configuration like
services, routing, and middleware is now placed directly in Program.cs.
Why are API keys less secure?
+
No expiration and easily leaked.
Why choose .NET for development?
+
.NET provides high performance, strong ecosystem, cross-platform support,
built-in DI, cloud readiness, and great tooling like Visual Studio and
GitHub Copilot. It's ideal for enterprise, web, mobile, and microservice
applications.
Why do Access Tokens expire?
+
To reduce security risks and limit exposed lifetime.
Why not store authorization logic in UI?
+
Client-side can be tampered; authorization must be server-side.
Why use ASP.NET Core?
+
Fast, scalable, cloud-ready, open-source, modular design, and ideal for
Microservices and container deployments.
Why validate authorization on every request?
+
To ensure permissions haven't changed.
Windows Authentication?
+
Uses Windows credentials for login.
Windows Authorization?
+
Authorization using Windows identity and AD groups.
Worker Services?
+
Worker Services run background jobs without UI. They are ideal for scheduled
tasks, queue processing, and microservice background jobs.
WPF MVVM Pattern?
+
Model-View-ViewModel for UI separation.
WPF?
+
Windows Presentation Foundation for building rich desktop UIs.
wroot folder in ASP.NET Core?
+
Public web root for static files (CSS, JS, images); files outside are not
directly accessible.
XACML?
+
Authorization standard using XML-based policies.
XAML?
+
Markup language used to define UI elements in WPF.
XSS Prevention
+
XSS occurs when user input is executed as script. ASP.NET Core prevents this
through automatic HTML encoding and validation.
XSS?
+
Cross-site scripting via malicious scripts.
Zero Trust?
+
Always verify identity regardless of network.
.NET (5/6/7/8+)?
+
A unified, cross-platform, high-performance framework for building desktop,
web, mobile, cloud, and IoT apps.
.NET Core?
+
A fast, modular, cross-platform, open-source framework for building modern
cloud and web apps.
.NET Framework?
+
A Windows-only framework with CLR and rich libraries for building desktop
and legacy ASP.NET apps.
.NET Platform Standards?
+
pecifications that ensure shared APIs and cross-platform compatibility
across .NET runtimes.
.NET?
+
A software framework with libraries, runtime, and tools for building
applications.
@Html.AntiForgeryToken()?
+
Token used to prevent CSRF attacks.
3 important segments for routing?
+
Controller name, Action name, and optional Parameter (id).
3-tier focuses on application architecture.
+
MVC focuses on UI interaction and request handling.
ABAC?
+
Attribute-Based Access Control.
Abstract Class vs Interface?
+
Abstract class can have implementation; interface cannot.
Abstraction?
+
Hiding complex implementation details.
Access Control Matrix?
+
Table mapping users/roles to permissions.
Access Review?
+
Periodic review of user permissions.
Access Token Audience?
+
Specifies which API the token is intended for.
Access Token Leakage?
+
Unauthorized party obtains a token.
Access Token?
+
Token used to access protected APIs.
Accessing HttpContext
+
Access HttpContext via dependency injection using IHttpContextAccessor;
controllers/middleware access directly, services via
IHttpContextAccessor.HttpContext.
ACL?
+
Access Control List defining user permissions for a resource.
Action Filter?
+
Code executed before or after controller action execution.
Action Filters?
+
Attributes executed before/after controller actions.
Action Method?
+
A public method inside controller handling client requests.
Action Selector?
+
Attributes like [HttpGet], [HttpPost], [Route].
ActionInvoker?
+
Executes selected MVC action method.
ActionName attribute?
+
Maps method to a different public action name.
ActionResult is a base type that can return
various results.
+
ViewResult specifically returns a View response.
ActionResult?
+
Base type for all responses returned from action methods. A return type in
MVC representing HTTP responses returned from controller actions.
AD Group?
+
A collection of users with shared permissions.
ADO.NET?
+
Data access framework for relational databases.
AdRotator Control:
+
Displays banner ads from an XML file randomly or by weight, supporting URL
redirection for dynamic ad management.
Advantages of ASP.NET?
+
High-performance, secure server-side framework supporting WebForms, MVC, Web
API, caching, authentication, and rapid development.
Advantages of MVC:
+
Provides testability, clean separation, faster development, reusable code,
and SEO-friendly URLs.
Ajax in ASP.NET?
+
Enables asynchronous browser-server communication to update page parts
without full reload, using controls like UpdatePanel and ScriptManager.
AJAX in MVC?
+
Asynchronous calls to server without full page reload.
AllowAnonymous?
+
Attribute used to skip authorization.
ANCM?
+
ASP.NET Core Module enables hosting .NET Core under IIS reverse proxy.
Anti-forgery middleware?
+
Middleware enforcing CSRF protection in .NET Core.
AntiForgeryToken validation attribute?
+
[ValidateAntiForgeryToken] ensures request includes valid token.
AntiXSS?
+
Technique for preventing cross-site scripting.
AOT Compilation?
+
Compiles .NET apps to native code for faster startup and lower memory use.
API Documentation?
+
Swagger/OpenAPI.
API Gateway?
+
Single entry point for routing, auth, rate limiting.
API Key Authentication?
+
Custom header with an API key.
API Key Authorization?
+
Simple authorization using an API key header.
API Versioning Methods?
+
URL, Header, Query, Media Type.
API Versioning?
+
Supporting multiple versions of an API using routes, headers, or query
params.
API Versioning?
+
Supporting multiple API versions to maintain backward compatibility.
ApiController attribute do?
+
Enables auto-validation and improved routing.
App Domain Concept in ASP.NET?
+
AppDomain isolates applications within a web server. It provides security,
reliability, and memory isolation. Each website runs in its own AppDomain.
If one crashes, others remain unaffected.
app.Run vs app.Use?
+
app.Use() continues the pipeline; app.Run() terminates it.
app.UseDeveloperExceptionPage()?
+
Displays detailed errors in development mode.
app.UseExceptionHandler()?
+
Middleware for centralized exception handling.
AppDomain?
+
Isolated region where a .NET application runs.
Application Insights?
+
Azure monitoring platform for performance and telemetry.
Application Model
+
The application model determines how controllers, actions, and routing
behave. It helps apply conventions and filters across the application.
Application Pool in IIS?
+
Worker process isolation unit.
appsettings.json used for?
+
Stores configuration values like connection strings, logging, and custom
settings.
appsettings.json?
+
Primary configuration file in ASP.NET Core.
appsettings.json?
+
Stores key/value settings for the application, commonly used in ASP.NET Core
MVC.
Area in MVC?
+
Module-level grouping for large applications (Admin, Customer, User).
ASP.NET Core host apps without IIS?
+
Yes, it can run standalone using Kestrel.
ASP.NET Core run in Docker?
+
Yes, it supports containerization with official runtime and SDK images.
ASP.NET Core serve static files?
+
By enabling app.UseStaticFiles() and placing files in wwwroot.
ASP.NET Core?
+
A cross-platform, high-performance web framework for APIs, MVC, and
real-time apps.
ASP.NET Core?
+
A cross-platform, high-performance web framework for building modern
cloud-based applications.
ASP.NET filters run at the end?
+
Exception Filters are executed last. They handle unhandled errors during
action or result processing. Used for logging and custom error pages.
Ensures graceful error handling.
ASP.NET Identity?
+
Framework for user management, roles, claims.
ASP.NET MVC?
+
Model–View–Controller pattern for web applications.
ASP.NET page life cycle?
+
ASP.NET page life cycle defines stages a page goes through when processing.
Key stages: Page Request, Initialization, View State Load, Postback Event
Handling, Rendering, and Unload. Events allow custom logic execution at each
phase. It controls how data is processed and displayed.
ASP.NET Web Forms?
+
Event-driven web framework using drag-and-drop UI.
ASP.NET?
+
A server-side .NET framework for building dynamic websites, APIs, and
enterprise web apps.
ASP.NET?
+
Microsoft’s web framework for building dynamic, high-performance web apps
with MVC, Web API, and WebForms.
Assemblies?
+
Compiled .NET code units containing code, metadata, and manifests (DLL or
EXE) for deploying
Assembly defining MVC:
+
MVC components are defined in System.Web.Mvc.dll.
Assign an alias name for ASP.NET Web API Action?
+
You can use the [ActionName] attribute to give an alias to an action.
Example: [ActionName("GetStudentInfo")]. This helps when method names and
route names need to differ. It's useful for versioning and friendly URLs.
async action method?
+
Action using async/await for non-blocking operations.
Async operations in EF Core?
+
Perform database tasks asynchronously to improve responsiveness and
scalability.Use ToListAsync(), FirstAsync(), etc.
Async programming?
+
Non-blocking programming using async/await.
async/await?
+
Asynchronous programming model avoiding blocking operations.
async/await?
+
Keywords enabling non-blocking asynchronous code execution.
Attribute Routing
+
Defines routes directly on controllers and actions using attributes like
[Route("api/[controller]")].
Attribute-based routing?
+
Routing using attributes above controller/action.
Attributes?
+
Metadata annotations used for declaring properties about code.
authentication and authorization in ASP.NET?
+
Authentication verifies user identity (who they are). Authorization defines
access permissions for authenticated users. ASP.NET supports built-in
security mechanisms. Both ensure secure application access.
Authentication in ASP.NET Core?
+
Process of verifying user identity.
Authentication modes in ASP.NET for security?
+
ASP.NET supports Windows, Forms, Passport, and Anonymous authentication.
Forms authentication is common for web apps. Security is configured in
Web.config. Each mode provides a method to validate users.
Authentication vs Authorization?
+
Authentication verifies identity; authorization verifies access rights.
Authentication?
+
Identifying the user.
authentication?
+
Process of verifying user identity.
Authentication?
+
Verifying user identity.
Authorization Audit Trail?
+
Logs that track authorization decisions.
Authorization Cache?
+
Caching authorization decisions for performance.
Authorization Drift?
+
Outdated or incorrectly configured permissions.
Authorization Filter?
+
Executes before controller actions to enforce permissions.
Authorization Handler?
+
Custom logic to evaluate authorization requirements.
Authorization Pipeline?
+
Sequence of steps evaluating user access.
Authorization Policy?
+
Named group of requirements.
Authorization Requirement?
+
Represents a condition to fulfill authorization.
Authorization Server?
+
Server that issues access tokens.
Authorization types?
+
Role-based, Claim-based, Policy-based, Resource-based.
Authorization?
+
Authorization determines what a user is allowed to access after
authentication.
authorization?
+
Process of verifying user access rights based on roles or claims.
Authorization?
+
Verifies if authenticated user has access rights.
Authorization?
+
Checking user access rights after authentication.
Authorize attribute?
+
Enforces authorization using roles, policies, or claims.
AutoMapper?
+
Object mapping library.
AutoMapper?
+
Library for mapping objects automatically.
Azure App Service?
+
Cloud hosting platform for ASP.NET Core applications.
Azure Key Vault?
+
Secure storage for secrets, keys, and credentials.
B2B Authorization?
+
Authorization in multi-tenant business apps.
B2C Authorization?
+
Authorization in consumer-facing apps.
Backchannel Communication?
+
Secure server-server communication for token exchange.
Background worker coding?
+
Inherit from BackgroundService.
BackgroundService class?
+
Runs long-lived background tasks in .NET apps, e.g., for messaging or
monitoring.
Basic Authentication?
+
Authentication using Base64 encoded username and password.
Basic Authorization?
+
Credentials sent as Base64 encoded username:password.
Bearer Authentication?
+
Token-based authentication mechanism where tokens are sent in request
headers.
Bearer Token?
+
Authorization token sent in Authorization header.
beforeFilter(), beforeRender(), afterFilter():
+
beforeFilter() runs before action, beforeRender() runs before view
rendering, and afterFilter() runs after the response.
Benefits of ASP.NET Core?
+
Cross-platform, Cloud-ready, container friendly, modular, and fast runtime.
Benefits of using MVC:
+
MVC gives separation of concerns, supports testability, clean URLs,
maintainability, and scalability.
Blazor Server and WebAssembly?
+
Server-side rendering vs client-side execution in browser.
Blazor?
+
Framework for building interactive web UIs using C# instead of JavaScript.
Boxing?
+
Converting a value type to an object type.
Build in .NET?
+
Compilation of code into IL.
Bundling and Minification?
+
Improves performance by reducing file sizes and number of requests.
Bundling and Minification?
+
Optimizing CSS and JS for performance.
Cache Tag Helper
+
This helper caches rendered HTML output on the server, improving performance
for static or rarely changing UI sections.
Caching / Response Caching
+
Caching stores output to improve performance and reduce processing. Response
caching stores HTTP responses, improving load time for repeated requests.
Caching in ASP.NET Core?
+
Improves performance by storing frequently accessed data.
Caching in ASP.NET?
+
Technique to store frequently used data for performance.
Caching in ASP.NET?
+
Caching stores frequently accessed data to improve performance using Output,
Data, or Object Caching.It reduces server load, speeds up responses, and is
ideal for static or rarely changing data.
caching?
+
Storing frequently accessed data in memory for faster response.
Can you create an app using both WebForms and
MVC?
+
Yes, it is possible to host both in the same project. MVC can coexist with
WebForms when routing is configured properly. This allows gradual migration.
Both frameworks share the same runtime environment.
Cases where routing is not needed:
+
Routing is unnecessary for requests for static files like images/CSS or for
direct WebForms/WebService calls.
Change Token
+
A Change Token is a notification mechanism used to monitor changes, such as
configuration files or file-based caching. When a change occurs, the token
triggers refresh or rebuild actions.
CI/CD?
+
Automation pipeline for building, testing, and deploying applications.
CI/CD?
+
Continuous Integration and Continuous Deployment pipeline automation.
CIL/IL?
+
Intermediate code that the CLR JIT-compiles into machine code, enabling
language-independence and runtime optimization.
Circuit Breaker?
+
Polly-based approach to handle failing services.
Claim?
+
A user attribute such as name, email, role, or permission.
Claim-Based Authorization?
+
Authorization based on user claims such as email, age, department.
Claims?
+
User-specific attributes like name, id, role.
Claims-based authorization?
+
Authorization using claims stored in user identity.
class is used to return JSON in MVC?
+
JsonResult class is used to return JSON formatted data.
Class library?
+
A project that compiles to reusable DLL.
Client-side validation?
+
Validation executed in browser using JavaScript.
CLR?
+
Common Language Runtime that manages execution, memory, garbage collection,
and security.
CLR?
+
Common Language Runtime executes .NET applications and manages memory,
security, and exceptions.
CLS?
+
Common Language Specification – rules that all .NET languages must follow.
CLS?
+
Common Language Specification defines language rules .NET languages must
follow.
Coarse-Grained Authorization?
+
Role-level access control.
Code behind an Inline Code?
+
Code-behind keeps design and logic separate using external .cs files. Inline
code is written directly inside .aspx pages. Code-behind improves
maintainability and reusability. Inline code is simpler but less structured.
Code First Migration?
+
Approach where database schema is created from C# models.
Column-Level Security?
+
Restricts access to specific columns.
command builds project?
+
dotnet build
command is used to scaffold projects?
+
dotnet new
command restores packages?
+
dotnet restore
command runs app?
+
dotnet run
Concepts of Globalization and Localization in
.NET?
+
Globalization prepares an app to support multiple languages and cultures.
Localization customizes the app for a specific culture using resource files.
ASP.NET uses .resx files for language translation. These features help
create multilingual web applications.
Conditional Access?
+
Authorization based on conditions like location or device.
Configuration / appsettings.json
+
Settings are stored in appsettings.json and accessed using IConfiguration.
Configuration System in .NET Core?
+
Instead of Web.config, .NET Core uses appsettings.json, environment
variables, user secrets, and Azure KeyVault. It supports hierarchical and
strongly typed configuration.
ConfigurationBuilder?
+
ConfigurationBuilder loads settings from multiple sources like JSON, XML,
Azure, or environment variables. It provides flexible app configuration.
Connection Pooling?
+
Reuse of open database connections for performance.
Consent Screen?
+
User approval of requested permissions.
Containerization in ASP.NET Core?
+
Running application inside lightweight containers instead of full VMs.
Content Negotiation?
+
Mechanism to return JSON/XML based on Accept headers.
Content Negotiation?
+
Determines response format (JSON/XML) based on client request headers.
Controller in MVC?
+
Controller handles incoming requests, processes data, and returns responses.
Controller?
+
A controller handles incoming HTTP requests and returns responses such as
JSON, views, or status codes. It follows MVC (Model-View-Controller)
pattern.
ControllerBase?
+
Base class for API controllers (no views).
Convention-based routing?
+
Routing following default predefined conventions.
Cookie vs Token Auth?
+
Cookie is server-based; token is stateless.
Cookie-less Session:
+
When cookies are disabled, session data is tracked using URL rewriting.
Session ID appears in the URL. Helps maintain session without browser
cookies.
Cookies in ASP.NET?
+
Cookies store user data in the browser, such as username or session ID, for
future requests.ASP.NET supports persistent and non-persistent cookies to
enhance personalization and authentication.
CORS?
+
CORS (Cross-Origin Resource Sharing) allows or restricts browser requests
from different origins. ASP.NET Core allows configuring allowed methods,
headers, and domains.
CORS?
+
Security feature controlling which external domains may access server
resources.
CORS?
+
Cross-Origin Resource Sharing that controls external access permissions.
Create .NET Core API project?
+
Use: dotnet new webapi -n MyApi
Cross-page posting in ASP.NET:
+
Cross-page posting allows a form to post data to another page using
PostBackUrl property. The target page can access source page controls using
PreviousPage property. Useful for multi-step forms.
Cross-Platform Compilation?
+
.NET Core/.NET can compile and run on Windows, Linux, or macOS. Developers
can build apps once and run them anywhere.
CRUD API coding question?
+
Implement GET, POST, PUT, DELETE endpoints.
CSRF Protection
+
CSRF attacks force users to perform unintended actions. ASP.NET Core
mitigates it using anti-forgery tokens and validation attributes.
CSRF?
+
Cross-site request forgery attack.
CSRF?
+
Cross-site request forgery where attackers perform unauthorized actions on
behalf of users.
CSRF?
+
Cross-Site Request Forgery attack forcing authenticated users to execute
unwanted actions.
CTS?
+
Common Type System – defines how types are declared and used in .NET.
CTS?
+
Common Type System ensures consistency of data types across all .NET
languages.
Custom Action Filter coding?
+
Extend ActionFilterAttribute.
Custom Exception?
+
User-defined exception class.
Custom Middleware in ASP.NET Core
+
Custom middleware is created by writing a class with an Invoke or
InvokeAsync method that accepts HttpContext. It is registered in the
pipeline using app.Use(). Middleware can modify requests, responses, or pass
control to the next component.
Custom Model Binding
+
Implement IModelBinder and register it using ModelBinderProvider.
Data Annotation?
+
Attribute-based validation such as [Required], [Email], [StringLength].
Data Annotations?
+
Attributes used for validation like [Required], [Email], [StringLength].
Data Binding?
+
Connecting UI elements with data sources.
Data Cache:
+
Data Cache stores frequently used data to improve performance. It supports
expiration policies and dependency-based invalidation. Accessed through
HttpRuntime.Cache.
Data controls available in ASP.NET?
+
ASP.NET provides several data-bound controls like GridView, ListView,
Repeater, DataList, and FormView. These controls display and manipulate
database records. They support sorting, paging, and editing features. They
simplify data presentation.
Data Masking?
+
Hiding sensitive data based on policies.
Data Protection API?
+
Encrypting sensitive data.
Data Seeding?
+
Preloading default or sample data into database.
DbContext?
+
Class managing database connection and entity tracking.
DbSet?
+
Represents a database table.
Default project structure?
+
Minimal hosting model with Program.cs and optional folders for Models,
Controllers, Services.
Default route format?
+
{controller}/{action}/{id}
Define Default Route:
+
The default route is {controller}/{action}/{id} with default values like
Home/Index. It helps map incoming requests automatically.
Define DTO.
+
Data Transfer Object—used to expose safe API models.
Define Filters in MVC.
+
Filters allow custom logic before or after controller actions, such as
authentication, logging, or error handling.
Define Output Caching in MVC.
+
Output caching stores the rendered output of an action to improve
performance and reduce server processing.
Define Scaffolding in MVC:
+
Scaffolding automatically generates CRUD code and views based on the model.
It speeds up development by providing a code structure quickly.
Define the 3 logical layers of MVC?
+
Presentation layer → View Business logic layer → Controller Data layer →
Model
Delegate?
+
Type-safe function pointer.
Delegation?
+
Forwarding user's identity to downstream systems.
DenyAnonymousAuthorization?
+
Policy that allows only authenticated users.
Dependency Injection?
+
Dependency Injection (DI) is a design pattern where dependencies are
injected rather than created internally. .NET Core has built-in DI support.
It improves testability, maintainability, and loose coupling.
dependency injection?
+
A pattern where dependent services are injected rather than created inside a
class.
Dependency Injection?
+
Improves maintainability, testability, and reduces coupling.
Dependency Injection?
+
Injecting required objects rather than creating them inside controller.
Deployment Slot?
+
Environment preview before production deployment, commonly in Azure.
Deployment?
+
Publishing application to server.
Describe application state management in
ASP.NET.
+
Application State stores global data accessible to all sessions. It is
stored in server memory and persists until restart. Useful for shared
counters or configuration data. It reduces repeated data loading.
Describe ASP.NET MVC.
+
It is a lightweight Microsoft framework that follows MVC architecture for
building scalable, testable web applications.
Describe login Controls in ASP.
+
Login controls simplify user authentication. Examples include Login,
LoginView, LoginStatus, PasswordRecovery, and CreateUserWizard. They handle
username validation, password reset, and security membership. They reduce
custom coding effort.
DI (Dependency Injection)?
+
A design pattern where dependencies are provided rather than created inside
a class.
DI Container?
+
Object lifetime and dependency management system.
DI for Controllers
+
ASP.NET Core injects dependencies into controllers via constructor
injection. Services must be registered in ConfigureServices.
DI for Views
+
Views receive dependencies using @inject directive. This helps share
services such as logging or localization.
DifBet .NET Core and .NET Framework?
+
.NET Core is cross-platform and modular; .NET Framework is Windows-only and
monolithic.
DifBet ASP.NET MVC and WebForms?
+
MVC follows separation of concerns and doesn’t use ViewState, while WebForms
uses event-driven model with ViewState.
DifBet Authentication and Authorization?
+
Authentication verifies identity; Authorization verifies permissions.
DifBet Claims and Roles?
+
Role is a type of claim for grouping permissions.
DifBet Code First and DB First in EF?
+
Code First generates DB from classes, Database First generates classes from
DB.
DifBet Dataset and DataReader?
+
Dataset is disconnected; DataReader is connected and forward-only.
DifBet EF and EF Core?
+
EF Core is cross-platform, lightweight, and supports LINQ to SQL.
DifBet EXE and DLL?
+
EXE is an executable process; DLL is a reusable library.
DifBet GET and POST?
+
GET retrieves data; POST submits or modifies server data.
DifBet LINQ to SQL and Entity Framework?
+
LINQ to SQL is limited to SQL Server; EF supports multiple databases.
DifBet PUT and PATCH?
+
PUT replaces entire resource; PATCH updates part of it.
DifBet Razor and ASPX view engine?
+
Razor is cleaner, faster, and uses minimal markup compared to ASPX.
DifBet REST and SOAP?
+
REST is lightweight and stateless using JSON, while SOAP uses XML and is
more structured.
DifBet Role-Based vs Permission-Based?
+
Role groups permissions, permission defines specific capability.
DifBet session and cookies?
+
Cookies store on client browser, sessions store on server.
DifBet Thread and Task?
+
Thread is OS-level entity; Task is a higher-level abstraction.
DifBet Value type and Reference type?
+
Value types stored in stack, reference types stored in heap.
DifBet ViewBag and ViewData?
+
ViewData is dictionary-based; ViewBag uses dynamic properties. Both are
temporary and request-scoped.
DifBet WCF and Web API?
+
WCF supports protocols like TCP/SOAP; Web API is REST-based.
DifBet worker process and app pool?
+
App pool groups worker processes; worker process executes application.
DiffBet 3-tier and MVC?
+
3-tier architecture has Presentation, Business, and Data layers. MVC has
Model, View, and Controller roles for UI pattern.
DiffBet ActionResult and ViewResult.
+
ActionResult is a base type that can return various results.
DiffBet ActionResult and ViewResult?
+
ActionResult is a base class for various result types (JsonResult,
RedirectResult, etc.). ViewResult specifically returns a View. Controller
methods can return either. ActionResult provides flexibility for different
response formats.
DiffBet adding routes in WebForms and MVC.
+
WebForms uses file-based routing whereas MVC uses pattern-based routing.MVC
routing maps URLs directly to controllers and actions.
DiffBet AddTransient, AddScoped, and
AddSingleton?
+
Transient: New instance every request,Scoped: One instance per HTTP
request,Singleton: Same instance for entire application lifetime
DiffBet ASP.NET Core and ASP.NET?
+
Core is cross-platform, lightweight, modular, and faster. Classic ASP.NET is
Windows-only, uses System.Web, and is heavier.
DiffBet ASP.NET MVC 5 and ASP.NET Core MVC?
+
ASP.NET Core MVC is cross-platform, modular, open-source, and integrates Web
API into MVC. MVC 5 works only on Windows and is more monolithic. Core also
uses middleware instead of pipeline handlers.
DiffBet EF Core and EF Framework?
+
EF Core is lightweight, cross-platform, extensible, and faster than EF
Framework. EF Framework supports only .NET Framework and lacks many modern
features like batching, no-tracking queries, and shadow properties.
DiffBet HTTP Handler and HTTP Module:
+
Handlers handle and respond to specific requests directly. Modules work in
the pipeline and intercept requests during processing. Multiple modules can
exist for one request, but only one handler processes it.
DiffBet HttpContext.Current.Items and
HttpContext.Current.Session:
+
Items is used to store data for a single HTTP request and is cleared after
the request ends. Session stores data across multiple requests for the same
user. Items is faster and used for request-level sharing.
DiffBet MVVM and MVC?
+
MVC uses Controller for request handling, View for UI, and Model for data.
MVVM uses ViewModel to handle binding logic between View and Model. MVVM
supports two-way binding, especially in UI frameworks. MVC is better for web
apps, MVVM suits rich UIs.
DiffBet Server.Transfer and Response.Redirect:
+
Server.Transfer transfers execution to another page on the server without
changing the URL. Response.Redirect sends the browser to a new page and
changes the URL. Redirect performs a round trip to the client; Transfer does
not.
DiffBet session and caching:
+
Session stores user-specific data and is used per user. Cache stores
application-wide frequently used data to improve performance. Session
expires when the user ends or times out, while cache expiry depends on
policies like sliding or absolute expiration.
DiffBet TempData, ViewData, and ViewBag?
+
ViewData: Dictionary-based, valid only for current request. ViewBag: Wrapper
around ViewData using dynamic properties. TempData: Persists only for the
next request (used for redirects). 18) What is a partial view in MVC?
DiffBet View and Partial View.
+
A View renders the full UI while a Partial View renders a reusable section
of the UI.
DiffBet View and Partial View?
+
A View renders a complete page layout. A Partial View renders only a portion
of UI. Partial View does not include layout pages by default. Useful for
reusable components.
DiffBet Web API and WCF:
+
Web API is lightweight and designed for RESTful services using HTTP. WCF
supports multiple protocols like HTTP, TCP, and MSMQ. Web API is best for
modern web/mobile services, WCF for enterprise SOA.
DiffBet Web Forms and MVC?
+
MVC is lightweight and testable; Web Forms is event-driven and stateful.
DiffBet WebForms and MVC?
+
WebForms are event-driven and stateful. MVC is lightweight, stateless, and
supports testability. MVC offers full control over HTML. WebForms use
server-side controls and ViewState.
Difference: app.Use vs app.Run?
+
app.Use() allows multiple middlewares; app.Run() terminates the pipeline and
passes no further requests.
Different approaches to implement Ajax in MVC.
+
Using Ajax.BeginForm(), jQuery Ajax(), or Fetch API.
Different properties of MVC routes?
+
Key properties are URL, Defaults, Constraints, and DataTokens.
Different return types used by the controller
action method in MVC?
+
Common return types are ViewResult, JsonResult, RedirectResult,
ContentResult, FileResult, and ActionResult. ActionResult is the base type
for most results.
Different Session state management options
available in ASP.NET?
+
ASP.NET stores user-specific data across requests using InProc, StateServer,
SQL Server, or Custom modes.InProc keeps data in memory, while StateServer
and SQL Server store it externally, all server-side and secure.
Different validators in ASP.NET?
+
Controls like RequiredField, Range, Compare, Regex, Custom, and
ValidationSummary ensure correct input on client and server sides.
Different ways for bundling and minification in
ASP.NET Core?
+
Combine and compress scripts/styles to reduce size and improve performance,
using tools like Webpack or NUglify.
directive reads environment?
+
app.Environment.IsDevelopment()
Directory Service?
+
Stores users, groups, and permissions (AD, LDAP).
Display something in CodeIgniter?
+
Use the controller to load a view. Example:
$this->load->view("welcome_message"); The view outputs content to the
browser. Models supply data if required.
DisplayFor vs EditorFor?
+
DisplayFor shows read-only UI; EditorFor creates editable fields.
DisplayTemplate?
+
Reusable Display UI with @Html.DisplayFor.
distributed cache providers are supported?
+
Redis, SQL Server, NCache.
Distributed Cache?
+
Cache shared across multiple servers (Redis, SQL).
Distributed Tracing?
+
Tracing requests across microservices.
Distributed Tracing?
+
Tracking request flow through microservices with correlation IDs.
do you mean by partial view of MVC?
+
A partial view is a reusable view component used to render partial UI, such
as headers or menus.
Docker in .NET context?
+
Run .NET apps in portable containers for easy deployment, scaling, and
microservices.
Docker?
+
Containerization platform used to package and deploy applications.
Docker?
+
Container platform for packaging and deploying applications.
does MVC represent?
+
Model = business logic/data, View = UI, Controller = handles request and
updates View.
dotnet CLI?
+
Command line interface for building and running .NET applications.
Drawbacks of MVC model:
+
More development complexity, steep learning curve, and requires stronger
knowledge of patterns.
DTO?
+
Data Transfer Object used to transfer lightweight data.
Dynamic Authorization?
+
Real-time decision-based authorization.
Eager Loading?
+
Loads related data via Include().
EditorTemplate?
+
Reusable Editable UI with @Html.EditorFor.
EF Core optimization coding?
+
Use Select, AsNoTracking, Include.
EF Core?
+
Object-relational mapper for .NET Core.
EF Core?
+
Modern lightweight ORM for database access.
EF Migration?
+
Feature to update database schema using version-controlled code.
Enable CORS
+
CORS is configured using services.AddCors() and enabled with app.UseCors().
It allows cross-domain API access.
Enable CORS in API?
+
services.AddCors(); app.UseCors(...);
Enable CORS?
+
Using middleware: app.UseCors()
Enable JWT in API?
+
AddAuthentication().AddJwtBearer(...).
Enable Response Caching?
+
services.AddResponseCaching(); app.UseResponseCaching();
Encapsulation?
+
Bundling data and methods inside a class.
Endpoint Routing?
+
Modern routing system introduced to unify MVC, Razor Pages, and SignalR
routing.
Ensure Web API returns JSON only?
+
Remove XML formatters and keep only JSON formatter in WebApiConfig. Example:
config.Formatters.Remove(config.Formatters.XmlFormatter);. Now the API
always responds in JSON format. Useful for modern REST services.
Enterprise Library:
+
Enterprise Library provides reusable software components like Logging, Data
Access, Validation, and Exception Handling. Helps build enterprise-level
maintainable applications.
Entity Framework?
+
ORM for accessing databases using objects.
Entity Framework?
+
An ORM that maps databases to .NET objects, supporting LINQ, migrations, and
simplified data access.
Entity Framework?
+
ORM framework to interact with database using C# objects.
Environment Variable in ASP.NET Core?
+
External configuration determining environment (Development, Staging,
Production).
Environment Variable?
+
Configuration used to define environment (Development, Staging, Production).
Error handling middleware?
+
Middleware for diagnostics and custom error responses (e.g.,
DeveloperExceptionPage, ExceptionHandler).
Error Handling Strategies
+
Use middleware like UseExceptionHandler, logging, global filters, and status
code pages.
Event?
+
Notification triggered using delegates.
Examples of HTML Helpers?
+
TextBoxFor, DropDownListFor, LabelFor, HiddenFor.
Exception Handling?
+
Mechanism to handle runtime errors using try/catch/finally.
Execute any MVC project?
+
Build the project → Run IIS Express/Local host → Routing selects controller
→ Action returns view → Output is rendered in browser.
Explain ASP.NET Core.
+
It is a cross-platform, open-source framework for building modern web
applications. It provides high performance, modular design, and supports
MVC, Razor Pages, Web APIs, and SignalR.
Explain Dependency Injection.
+
DI provides loose coupling by injecting required services at runtime.
ASP.NET Core has DI support built-in.
Explain in brief the role of different MVC
components.
+
Model manages logic and data. View is responsible for UI.Controller acts as
a bridge processing user requests and returning responses.
Explain Model, View, and Controller in Brief.
+
Model holds application logic and data. View displays data to the user.
Controller handles user input, interacts with Model, and selects the View to
render.
Explain Request Pipeline.
+
Request flows through middleware components configured in Program.cs (pre
.NET 6: Startup.cs) before generating a response.
Explain separation of concern.
+
It divides an application into distinct sections, each responsible for a
single concern, reducing dependency.
Explain some benefits of using MVC.
+
It supports separation of concerns, easy testing, clean code structure, and
supports TDD. It’s extensible and suitable for large applications.
Explain TempData, ViewData, ViewBag.
+
TempData: Stores data temporarily across redirects.
Explain the MVC Application life cycle.
+
It includes: Application Start → Routing → Controller Initialization →
Action Execution → Result Execution → View Rendering → Response sent to
client.
Explicit Allow?
+
Specific rule allows access.
Explicit Deny?
+
Rule that overrides all allows.
Extension Method?
+
Add new methods to existing types without modifying them.
external authentication?
+
Login using Google, Microsoft, Facebook, GitHub providers.
Feature Toggle?
+
Enables or disables features dynamically.
Features of MVC?
+
MVC supports separation of concerns. It promotes testability, flexibility,
and clean architecture. Provides routing, Razor syntax, and built-in
validation. Ideal for large, scalable web applications.
Federation in Authorization?
+
Trust relationship between identity providers and applications.
File extension for Razor views?
+
.cshtml
File extensions for Razor views?
+
Razor views use: .cshtml for C# .vbhtml for VB.NET These files support
inline Razor syntax.
file replaces Web.config in ASP.NET Core?
+
appsettings.json
FileResult?
+
Returns files like PDF, images, or documents.
Filter in MVC?
+
Reusable logic executed before or after action methods.
Filter types?
+
Authorization, Resource, Action, Exception, Result filters.
Filters executed at the end:
+
Result filters are executed at the end, just before and after the view is
rendered.
Filters in ASP.NET Core?
+
Run pre- or post-action logic like validation, logging, caching, or
authorization in controllers.
Filters in MVC Core?
+
Reusable logic executed before or after actions.
Filters?
+
Components to run code before/after actions.
Fine-Grained Authorization?
+
Permission-level control instead of role-level.
FormCollection?
+
Object storing form values submitted by user.
Forms Authentication?
+
User logs in through custom login form.
Framework-Dependent Deployment?
+
App runs on an installed .NET runtime, producing a smaller executable.
Frontchannel Communication?
+
Browser-based token communication.
GAC : Global Assembly Cache?
+
Stores shared .NET assemblies for multiple apps, supporting versioning and
avoiding DLL conflicts.
Garbage Collection (GC)?
+
Automatic memory management that removes unused objects.
Garbage Collection?
+
Automatic memory cleanup of unused objects.
GC generations?
+
Gen 0, Gen 1, Gen 2 used to optimize memory cleanup.
Generic Repository?
+
A reusable data access pattern that works with any entity type to perform
CRUD operations.
GET and POST Action types:
+
GET retrieves data and does not modify state. POST submits data and is used
for creating or updating records.
Global exception handling coding?
+
Create custom exception middleware.
Global Exception Handling?
+
Error handling applied across entire application using middleware.
Global.asax?
+
Application-level events like Start, End, Error.
GridView Control:
+
GridView displays data in a tabular format and supports sorting, paging, and
editing. It binds to data sources like SQL, lists, or datasets. It provides
templates and commands for customization.
gRPC in .NET?
+
High-performance, protocol-buffer-based communication for microservices,
faster than REST.
gRPC?
+
High-performance communication protocol using binary messaging and HTTP/2.
gRPC?
+
High-performance RPC protocol using HTTP/2 for communication.
GZip Compression?
+
Compressing responses to reduce payload size.
Handle 404 in ASP.NET Core?
+
Use middleware such as: app.UseStatusCodePages();
HATEOAS?
+
Responses include links to guide client navigation.
HATEOAS?
+
Hypermedia as Engine of Application State — constraint of REST API.
Health Check Endpoint?
+
Endpoint to verify system status and dependencies.
Health Check endpoint?
+
Used for monitoring health status and dependencies like DB or Redis.
Health Check in .NET Core?
+
Monitor app and dependency status, useful for Kubernetes and cloud
deployments.
Health Checks?
+
Endpoints that report app health.
Host in ASP.NET Core?
+
Manages DI, configuration, logging, and middleware; includes WebHost and
GenericHost.
Host?
+
Host manages app lifetime, DI container, config, and logging. It’s core
runtime container.
Host?
+
Host manages app lifetime, configuration, logging, DI, and environment.
HostedService?
+
Interface for background tasks.
Hot Reload?
+
Hot Reload allows modifying code while the application is running. It
improves productivity by reducing restart time.
Hot Reload?
+
Feature allowing code changes without restarting application.
How authorize multiple roles?
+
[Authorize(Roles=\Admin Manager\")]"
How execute Stored Procedures?
+
Use FromSqlRaw().
How implement Pagination?
+
Use Skip() and Take().
How prevent privilege escalation?
+
Validate authorization checks on every sensitive action.
How prevent SQL Injection?
+
Use parameterized queries and stored procedures.
How register EF Core?
+
services.AddDbContext(options => options.UseSqlServer(...));
How return IActionResult?
+
Use Ok(), NotFound(), BadRequest(), Created().
How Seed Data?
+
Use HasData() inside OnModelCreating().
How upload files?
+
Use IFormFile parameter.
HTML Helper?
+
Methods that generate HTML controls programmatically in views.
HTML server controls in ASP.NET?
+
HTML controls become server controls by adding runat="server". They behave
like programmable server-side objects. They allow event handling and server
processing.
HTTP Handler?
+
An HttpHandler is a component that processes individual HTTP requests. It
acts as an endpoint for file extensions like .aspx, .ashx, .jpg etc. It is
lightweight and best for custom resource generation.
HTTP Logging Middleware?
+
Logs details about incoming requests and responses.
HTTP Status Codes?
+
200 OK, 201 Created, 400 Bad Request, 401 Unauthorized, 404 Not Found, 500
Server Error.
HTTP Verb Mapping?
+
Mapping controller actions to verbs using [HttpGet], [HttpPost], etc.
HTTP Verb?
+
Operations like GET, POST, PUT, DELETE mapped to actions.
HttpClientFactory?
+
Factory pattern to create and manage HttpClient instances.
HttpModule?
+
Windows-only ASP.NET components that handle HTTP request/response events in
the pipeline.
HTTPS Redirection Middleware?
+
Forces application to use secure connection.
HTTPS Redirection?
+
Force HTTPS using app.UseHttpsRedirection().
IActionFilter?
+
Interface for implementing custom filters.
IActionResult?
+
Base interface for different action results.
IActionResult?
+
Base interface for action results in ASP.NET Core MVC.
IAM?
+
Identity and Access Management.
IAuthorizationService?
+
Service to manually invoke authorization programmatically.
IConfiguration?
+
Interface used to access application configuration values.
IConfiguration?
+
Interface used to read configuration data.
Idempotency?
+
Operation that produces the same result when repeated.
Identity Framework?
+
Built-in membership system for authentication and user roles.
Identity Provider (IdP)?
+
Service that authenticates users.
IdentityServer?
+
OAuth2/OpenID Connect framework for authentication and authorization.
IHttpClientFactory?
+
Factory for creating HttpClient instances safely.
IHttpClientFactory?
+
IHttpClientFactory creates and manages HttpClient instances to avoid socket
exhaustion and improve performance in Web API calls.
IHttpClientFactory?
+
ASP.NET Core factory for creating and managing HttpClient instances.
IHttpClientFactory?
+
Factory pattern for creating optimized HttpClient instances.
IHttpContextAccessor?
+
Used to access HTTP context in non-controller classes.
IIS Integration?
+
In Windows hosting, Kestrel works behind IIS. IIS handles SSL, load
balancing, and process management, while Kestrel executes the request
pipeline.
IIS?
+
Web server for hosting ASP.NET apps.
IIS?
+
Internet Information Services — a Windows web server.
ILogger?
+
Logging interface used for tracking application events.
Impersonation?
+
Executing code under another user's identity.
Impersonation?
+
Execute actions under another user's identity.
Implement Ajax in MVC?
+
Using @Ajax.BeginForm() and AjaxOptions. You can call actions asynchronously
using jQuery AJAX. The server returns JSON or partial views. This improves
performance without full page reloads.
Implement MVC Forms authentication:
+
Forms authentication uses login pages, authentication cookies, and
AuthorizeAttribute to protect secured pages.
Implicit Deny?
+
If no rule allows it, access is denied.
Importance of NonActionAttribute?
+
It marks a method in a controller as not an action method. This prevents it
from being executed via URL routing. Useful for helper methods within
controllers. Enhances security and routing control.
Improve API Performance?
+
Caching, AsNoTracking, async queries, efficient queries.
Improve ASP.NET performance:
+
Use caching, compression, output caching, and minimized ViewState. Optimize
SQL queries and enable async processing. Reduce server round trips and
bundling/minifying scripts.
Inheritance?
+
Deriving classes from base classes.
In-memory vs Distributed Cache
+
In-memory caching stores data on the server and is best for single-instance
apps. Distributed caching uses Redis or SQL Server and supports
load-balanced environments.
Interface?
+
Contract specifying methods without implementation.
IOptions pattern?
+
Method to bind strongly-typed settings from configuration to C# classes.
IOptions pattern?
+
Used to map configuration sections to strongly typed classes.
Is ASP.NET Core open source?
+
Yes, it is developed under the .NET Foundation and is fully open source.
Is DI built-in in ASP.NET Core?
+
Yes, ASP.NET Core has built-in DI support.
Is MVC stateless?
+
Yes, MVC follows stateless architecture where every request is independent.
JIT Compiler?
+
Just-In-Time compiler that converts IL code to native machine code.
JIT compiler?
+
Converts IL to native code at runtime, optimizing performance and memory;
types include Pre-JIT, Econo-JIT, Normal-JIT.
JIT compiler?
+
Just-in-Time compiler converts IL code to machine code during runtime.
JSON global config?
+
builder.Services.Configure(...).
JSON Serialization?
+
Converting objects into JSON format for transport or storage.
JSON Serializer used?
+
System.Text.Json (default), with option to use Newtonsoft.Json.
JSON.stringify?
+
Converts JavaScript object into JSON format for ajax posts.
JsonResult?
+
Returns JSON formatted response.
Just-In-Time Access (JIT)?
+
Provide temporary elevated permissions.
JWT Authentication?
+
JWT (JSON Web Token) is a token-based authentication method used in
microservices and APIs. It stores claims and is stateless, meaning no
session storage is required.
JWT creation coding?
+
Use JwtSecurityTokenHandler to generate token.
JWT Token?
+
Stateless token format used for authentication.
JWT?
+
A compact, self-contained token for securely transmitting claims between
parties.
JWT?
+
JSON Web Token for stateless authentication between client and server.
JWT?
+
JSON Web Token used for bearer authentication.
Kerberos?
+
Secure ticket-based authentication protocol.
Kestrel Server?
+
Kestrel is the default lightweight web server in ASP.NET Core. It is fast,
cross-platform, and optimized for high-performance apps.
Kestrel?
+
Cross-platform lightweight web server for ASP.NET Core.
Kestrel?
+
A lightweight, cross-platform web server used by ASP.NET Core applications.
Key DifBet ASP.NET and ASP.NET Core?
+
ASP.NET Core is cross-platform, modular, open-source, and faster compared to
ASP.NET Framework.
Kubernetes?
+
Container orchestration platform used to deploy microservices.
Latest version of ASP.NET Core?
+
The latest stable version of ASP.NET Core (as of December 2025) follows the
latest .NET release: ASP.NET Core 10.0 — shipped with .NET 10 on November
11, 2025.
LaunchSettings.json in ASP.NET Core?
+
This file stores environment and profile settings for the application during
development. It defines the application URL, SSL settings, and environment
variables like ASPNETCORE_ENVIRONMENT. It helps configure debugging profiles
for IIS Express or direct execution.
Layout page?
+
Template defining common design elements such as header and footer.
Layout Page?
+
Master template providing shared UI like header/footer across multiple
views.
Lazy Loading?
+
Loads navigation properties on first access.
Least Privilege Access?
+
Users receive minimal required permissions.
library supports resiliency?
+
Polly.
LINQ?
+
Query syntax integrated into C# to query collections/databases.
LINQ?
+
LINQ (Language Integrated Query) allows querying data from collections,
databases, XML, etc. using C# syntax. It improves code readability and
eliminates SQL string errors.
LINQ?
+
Query syntax for querying data collections, SQL, XML, and EF.
LINQ?
+
Query syntax used to retrieve data from collections or databases.
List HTTP methods.
+
GET, POST, PUT, PATCH, DELETE, OPTIONS.
Load Balancing?
+
Distribute requests across servers.
Load Balancing?
+
Distributing application traffic across multiple servers for performance and
redundancy.
Lock statement?
+
Prevents multiple threads from accessing code simultaneously.
Logging in .NET Core?
+
.NET Core provides built-in logging with providers like Console, Debug,
Serilog, and Application Insights. It helps monitor app behavior and errors.
Logging in ASP.NET Core?
+
Built-in framework to log information using ILogger.
Logging in MVC Core?
+
Capturing application logs via ILogger and providers.
logging providers are supported?
+
Console, Debug, Azure App Insights, Seq, Serilog.
Logging Providers?
+
Serilog, NLog, Seq, Application Insights.
Logging System
+
Built-in support for console, file, Application Insights, SeriLog, etc.
Logging?
+
System to capture and store application logs.
Machine.config?
+
System-wide configuration file for .NET Framework.
Main DiffBet MVC and Web API?
+
MVC is used to return views (HTML) for web applications. Web API is used to
build RESTful services and returns data formats like JSON or XML. MVC is
UI-focused, whereas Web API is service-focused. Web API can be used by
mobile, IoT, and web clients.
Maintain the sessions in MVC?
+
Session can be maintained using Session[], cookies, TempData, ViewBag,
QueryString, and Hidden fields.
Major events in global.aspx?
+
Common events include Application_Start, Session_Start,
Application_BeginRequest, Session_End, and Application_End. These events
manage application life cycle tasks. They handle logging, caching, and
security logic. They execute globally for the entire application.
Managed Code?
+
Code executed under the supervision of CLR.
master pages in ASP.NET?
+
Master pages define a common layout for multiple web pages. Content pages
inherit this layout to maintain consistent UI. They reduce duplication of
HTML code. Common parts like headers, footers, and menus are shared.
Master Pages:
+
Master Pages define a common layout for multiple pages. Content pages fill
placeholders within the master. Useful for consistency and easier
maintenance.
Message Queues?
+
Kafka, RabbitMQ, Azure Service Bus.
Metadata in .NET?
+
Information about types, methods, references stored with assemblies.
Methods of session maintenance in ASP.NET:
+
ASP.NET provides several ways to maintain sessions, including In-Process
(InProc), State Server, SQL Server, and Custom session state providers.
Cookies and cookieless sessions are also used. These mechanisms help store
user-specific data across requests.
MFA?
+
Multi-factor authentication using multiple methods.
Microservices Architecture?
+
Architecture pattern where the application is composed of independent
services.
Microservices architecture?
+
System divided into small loosely coupled services.
Middleware components?
+
Pipeline components that process HTTP requests and responses in sequence.
Middleware Concept
+
Middleware are components processing requests in sequence.
Middleware in ASP.NET Core?
+
Pipeline components that process HTTP requests/responses, e.g.,
authentication, routing, logging, CORS.
Middleware Pipeline?
+
Requests pass through ordered middleware, each handling logic before
forwarding.
Middleware Pipeline?
+
Sequential execution of request-processing components in ASP.NET Core.
Middleware?
+
A pipeline component that processes HTTP requests and responses. it is
lightweight, runs cross-platform, and fully configurable in code.
middleware?
+
Components that process HTTP requests in ASP.NET Core pipeline.
Migration commands?
+
dotnet ef migrations add Name; dotnet ef database update
Migrations?
+
System for applying and tracking database schema changes.
Minification and Bundling used?
+
They reduce file size and combine multiple CSS/JS files to improve
performance.
Minimal API?
+
Define routes using MapGet(), MapPost(), MapPut(), etc.,Lightweight syntax
for defining endpoints without controllers.Lightweight HTTP endpoints with
minimal code, ideal for microservices and prototypes.
Minimal API?
+
Lightweight HTTP API setup introduced in .NET 6 using minimal hosting model.
Mocking Framework?
+
Tools like MOQ used to simulate dependencies during testing.
Mocking?
+
Simulating dependencies using fake objects.
Modal Binding in Razor Pages?
+
Mapping form inputs automatically to page properties.
Model Binder?
+
Maps request data to models automatically.
Model Binding
+
Automatically maps form, query string, and JSON data to model classes.
Model Binding?
+
Maps HTTP request data to C# parameters automatically. Model binding maps
incoming request data to method parameters or model objects automatically.
It simplifies request handling in MVC and Web API.
Model Binding?
+
Automatic mapping of HTTP request data to action method parameters.
Model Binding?
+
Automatic mapping of request data to method parameters or models.
Model Binding?
+
Automatic mapping of HTTP request data to model objects.
Model in MVC?
+
Model represents application data and business logic.
Model Validation
+
Uses Data Annotations and custom validation attributes.
Model Validation?
+
Ensures incoming data meets rules via DataAnnotations.
Model Validation?
+
Ensures input values meet defined requirements before processing.
Model Validation?
+
Ensuring input meets validation rules before processing.
ModelState?
+
Stores the state of model binding and validation errors.
Model-View-Controller?
+
MVC is a design pattern that separates an application into Model, View, and
Controller components.
Monolith Architecture?
+
Single deployable unit with tightly coupled components.
Monolithic architecture?
+
Single deployable unit with tightly-coupled components.
MSIL?
+
Intermediate language generated from .NET code before JIT compilation.
Multicast Delegate?
+
Delegate pointing to multiple methods.
Multiple environments
+
Configured using ASPNETCORE_ENVIRONMENT variable (Dev, Staging, Prod).
MVC Architecture
+
Separates application logic into Model, View, Controller.
MVC Components
+
Model stores data, View displays UI, Controller handles requests.
MVC in AngularJS?
+
AngularJS follows an MVC-like architecture. Model holds data, View
represents the UI, and Controller manages logic. It helps in clear
separation of concerns in client-side apps. Angular automates data binding
between Model and View.
MVC in ASP.NET Core?
+
Model-View-Controller pattern used for web UI and API development.
MVC Page life cycle stages:
+
Stages include Routing, Controller initialization, Action execution, Result
execution, and View rendering.
MVC Routing?
+
Maps URL patterns to controller actions.
MVC works in Spring?
+
Spring MVC uses DispatcherServlet as the front controller. It routes
requests to controllers. Controllers return Model and View data. The
ViewResolver renders the final response.
MVC?
+
A design pattern dividing application logic into Model, View, Controller.
MVC?
+
MVC stands for Model-View-Controller architecture separating UI, data, and
logic.
MVC?
+
MVC (Model-View-Controller) separates business logic, UI, and request
handling into Model, View, and Controller.This improves testability,
maintainability, scalability, and is widely used for modern web
applications.
Name the assembly in which the MVC framework is
typically defined.
+
ASP.NET MVC is mainly defined in the System.Web.Mvc assembly.
Namespace?
+
A container for organizing classes and types.
Navigate from one view to another using a
hyperlink?
+
Use the Html.ActionLink() helper in MVC. Example: @Html.ActionLink("Go to
About", "About", "Home"). This generates an anchor tag with route mapping.
Clicking it redirects to the specified view.
Navigation between views example.
+
Using hyperlink: Go to About.
Navigation techniques:
+
Navigation in ASP.NET uses Hyperlinks, Response.Redirect, Server.Transfer,
Cross-page posting, and Site Navigation controls like Menu and TreeView. It
helps users move between pages.
New features in ASP.NET Core?
+
Dependency Injection built-in, cross-platform, unified MVC+Web API,
lightweight middleware pipeline, and performance improvements.Enhanced
Minimal APIs, improved performance, better real-time support, updated
security, and stronger observability tools.
New in .NET Core 2.1 / ASP.NET Core 2.1?
+
Features include Razor Class Libraries, HTTPS by default, SPA templates,
SignalR support, and GDPR compliance tools. It also introduced global tools,
improved performance, and simplified identity UI.
Non-Repudiation?
+
Ensuring actions cannot be denied by users.
N-Tier architecture?
+
Layers like UI, Business, Data Access.
NTLM?
+
Windows challenge-response authentication protocol.
NuGet?
+
NuGet is the package manager for .NET. Developers use it to download, share,
and manage libraries. It supports dependency resolution and automatic
updates.
NuGet?
+
Package manager for .NET libraries.
Nullable type?
+
Represents value types that can be null.
NUnit/MSTest?
+
Unit testing frameworks for .NET.
OAuth Refresh Token Rotation?
+
Invalidating old refresh token when issuing a new one.
OAuth vs SAML?
+
OAuth is authorization; SAML is authentication using XML.
OAuth?
+
Open standard for secure delegated access.
OAuth2 Authorization Code Flow?
+
Secure flow used by web apps requiring user login.
OAuth2 Client Credentials Flow?
+
Service-to-service authorization.
OAuth2 Implicit Flow?
+
Legacy browser flow not recommended.
OAuth2?
+
Delegated authorization framework for delegated access.
OAuth2?
+
Authorization framework allowing delegated access using tokens.
OOP?
+
Programming model using classes, inheritance, and polymorphism.
OpenID Connect?
+
Authentication layer on top of OAuth2 for user login and identity
management.
OpenID Connect?
+
Authentication layer built on top of OAuth 2.0.
OpenID Connect?
+
Identity layer on top of OAuth 2.0.
OpenID Connect?
+
Identity layer on top of OAuth for login authentication.
Optimistic Concurrency?
+
Use [Timestamp]/RowVersion to prevent data overwrites via row-version
checks.
Options Pattern
+
Used to bind strongly typed classes to configuration sections.
Order of filter execution in MVC
+
Order: 1. Authorization Filters 2. Action Filters 3. Result Filters 4.
Exception Filters Execution occurs in a defined pipeline sequence.
Ordering execution when multiple filters are
used:
+
Filters run in the order: Authorization → Action → Result → Exception
filters. Custom ordering can also be defined using the Order property.
OutputCache?
+
Caching mechanism used in MVC Framework to improve response time.
OWIN and ASP.NET Core
+
OWIN was designed to decouple web servers from web applications. ASP.NET
Core builds on the same lightweight pipeline concept but replaces OWIN with
a more flexible middleware model.
package enables Swagger?
+
Swashbuckle.AspNetCore
Page directives in ASP.NET:
+
Page directives provide configuration and instruction to the compiler.
Examples include @Page, @Import, @Master, and @Control. They define
attributes like language, inheritance, and code-behind file.
Pagination coding question?
+
Implement Skip(), Take(), and metadata.
Pagination in API?
+
Return data with totalCount, pageNo, pageSize.
Partial Class?
+
Split class across multiple files.
Partial view in MVC?
+
A partial view is a reusable piece of UI code. It works like a user control
and avoids code duplication. It is rendered inside another view. Useful for
menus, headers, and reusable content blocks.
Partial View?
+
Reusable view component shared across multiple views.
Partial View?
+
Reusable UI component used in multiple views.
Partial Views
+
Partial views reuse UI sections like menus or forms. They reduce code
duplication and improve maintainability.
Parts of JWT?
+
Header, Payload, Signature.
PBAC?
+
Policy-Based Access Control.
Permission?
+
A specific capability like Read, Write, or Delete.
Permission-Based API Authorization?
+
APIs check user permissions before actions.
PKCE?
+
Enhanced security for mobile and SPA apps.
Points to remember while creating MVC
application?
+
Maintain separation of concerns. Use routing properly for readability. Keep
business logic in the Model or services. Use ViewModels instead of exposing
database models.
Policies in authorization?
+
Reusable authorization rules defined using AddAuthorization.
Policy Decision Point (PDP)?
+
Component that evaluates authorization policy.
Policy Enforcement Point (PEP)?
+
Component that checks access rules.
Policy-Based Authorization?
+
Define custom authorization rules inside AddAuthorization().
Polymorphism?
+
Ability to override methods for different behavior.
Post-Authorization Logging?
+
Record actions taken after authorization.
PostBack property:
+
IsPostBack indicates whether the page is loaded first time or due to a user
action like a button click. It helps avoid re-binding data unnecessarily.
Useful for improving performance.
PostBack?
+
When a page sends data to the server and reloads itself.
Prevent CSRF?
+
Anti-forgery tokens and SameSite cookies.
Prevent SQL Injection?
+
Parameterized queries/EF Core.
Principle of Least Privilege?
+
Users get only required permissions.
Privilege Escalation?
+
Attack where user gains unauthorized permissions.
Privileged Access Management (PAM)?
+
System to monitor and control high-privilege accounts.
Program.cs used for?
+
Defines application bootstrap, host builder, and startup configuration.
Program.cs?
+
Entry point that configures the host, services, and middleware.
Purpose of MVC pattern?
+
To separate concerns and make application maintainable, testable, and
scalable.
Query String in ASP?
+
Query strings pass values through the URL during page requests. They are
used for lightweight data transfer. A query string starts after a ? in the
URL. It is visible to users, so sensitive data should not be stored.
Rate Limiting?
+
Restricting how many requests a client can make.
rate limiting?
+
Controlling request frequency to protect system resources.
Rate Limiting?
+
Controls request frequency to prevent abuse.
Razor Pages in ASP.NET Core?
+
Page-focused ASP.NET Core model with combined view and logic, ideal for CRUD
apps.
Razor Pages?
+
A page-focused ASP.NET Core model where each page has its own UI and logic,
ideal for simpler web apps.
Razor Pages?
+
A page-based framework for building UI similar to MVC but simpler.
Razor Pages?
+
Page-based model alternative to MVC introduced in .NET Core.
Razor View Engine?
+
Syntax for rendering HTML with C# code.
Razor View Engine?
+
Lightweight syntax for writing server-side code inside HTML.
Razor view file extensions:
+
.cshtml (C# Razor) and .vbhtml (VB Razor) are used for Razor views.
Razor?
+
Razor is a templating engine used in ASP.NET MVC and Razor Pages. It
combines C# with HTML to generate dynamic UI. It is lightweight, fast, and
easy to use.
Razor?
+
A markup syntax in ASP.NET for embedding C# into views.
RBAC?
+
Role-Based Access Control.
Real-life example of MVC?
+
A shopping website: Model: Product data View: Product display page
Controller: User actions like Add to Cart They work together to complete
functionality.
RedirectToAction()?
+
Redirects browser to another action or controller.
Redis caching coding?
+
AddStackExchangeRedisCache().
Redis?
+
Fast distributed in-memory caching system.
Redis?
+
In-memory distributed caching system.
Reflection?
+
Inspecting metadata and creating objects dynamically at runtime.
Refresh Token?
+
A long-lived token used to obtain new access tokens without re-login.
Remoting?
+
Legacy communication between .NET applications.
RenderBody vs RenderPage:
+
RenderBody() outputs the content of the child view in layout. RenderPage()
inserts another Razor page inside a view like a partial.
RenderBody() outputs the content of the child
view in layout. RenderPage() inserts another Razor page inside a view like a
partial.
+
Additional Questions
Repository Pattern?
+
Abstraction layer over data access.
Repository Pattern?
+
Abstraction layer separating business logic from data access logic.
Repository Pattern?
+
A pattern separating data access layer from business logic.
Request Delegate?
+
A delegate such as RequestDelegate handles HTTP requests and responses
inside middleware.
Resource Server?
+
API that verifies and uses access tokens.
Resource?
+
A data entity identified by a URI like /users/1.
Resource-Based Authorization?
+
Authorization rules applied based on a specific resource instance.
Response Compression?
+
Compresses HTTP responses using gzip/br or deflate.
Response Compression?
+
Compressing HTTP output for faster response.
REST API?
+
API that adheres to REST principles such as statelessness, resource
identification, caching.
REST?
+
An architectural style using stateless communication over HTTP with
resources.
REST?
+
Representational State Transfer — stateless communication using HTTP verbs.
Retry Policy?
+
Automatic retry logic for failed external calls.
Return PartialView()?
+
Returns only partial content without layout.
Return types of an action method:
+
Returns include ViewResult, JsonResult, RedirectResult, ContentResult,
FileResult, and ActionResult.
Return View()?
+
Returns a full view to the browser.
reverse proxy?
+
Middleware forwarding requests from IIS/Nginx to Kestrel.
Role of ActionFilters in MVC?
+
ActionFilters allow you to run logic before or after an action executes.
They help in cross-cutting concerns like logging, authentication, caching,
and exception handling. Filters can be applied at the controller or method
level. Examples include: Authorize, HandleError, and OutputCache.
Role of Configure() method?
+
Defines the request handling pipeline using middleware like routing,
authentication, static files, etc.
Role of ConfigureServices()
+
Used to register services like DI, EF Core, identity, logging, and custom
services.
Role of IHostingEnvironment?
+
Provides environment-specific info like Development, Production, and
staging.
Role of Middleware
+
Authentication, logging, routing, exception handling.
Role of MVC components:
+
Presentation (View) shows data, Abstraction (Model) handles logic/data,
Control (Controller) manages requests and updates.
Role of MVC in AngularJS?
+
MVC helps structure the application for maintainability. Model stores data,
View displays data using HTML, and Controller updates data. Angular’s
two-way binding keeps Model and View synchronized. It helps in scaling
complex front-end applications.
Role of Startup class?
+
It configures application services via ConfigureServices() and request
pipeline via Configure().
Role of WebHost.CreateDefaultBuilder()?
+
Configures default settings like Kestrel, logging, config, ENV detection.
Role?
+
A named group of permissions.
Role-Based Authorization?
+
Restrict access using roles, e.g., [Authorize(Roles="Admin")].
RouteConfig.cs?
+
Contains registration logic for routing in MVC Framework.
Routes difference in WebForm vs MVC:
+
WebForms use file-based routing, MVC uses pattern-based routing with
controllers and actions.
Routing
+
Maps URLs to controllers and actions using UseRouting() and
MapControllerRoute().
routing and three segments?
+
Routing is the process of mapping incoming URLs to controller actions. The
default pattern contains three segments: {controller}/{action}/{id}. It
helps in SEO-friendly and user-readable URLs.
Routing carried out in MVC?
+
Routing engine matches the URL with route patterns from the RouteConfig and
executes the mapped controller and action.
Routing in MVC?
+
Routing maps URLs to corresponding Controller actions.
routing in MVC?
+
Routing maps incoming URL requests to specific controllers and actions.
Routing is done in the MVC pattern?
+
Routing is handled by a RouteConfig.cs file (or Program.cs in .NET Core).
ASP.NET MVC uses pattern matching to map URLs to controllers. Routes are
registered at application startup. Based on the URL, MVC identifies which
controller and action to execute.
Routing is not required?
+
1. Serving static files (images, CSS, JS). 2. Accessing .axd resource
handlers. Routing bypasses these requests automatically. 31) Features of
MVC?
Routing Types
+
Convention-based routing and attribute routing.
Routing?
+
Matches HTTP requests to endpoints.
routing?
+
Route mapping of URLs to controller actions.
Routing?
+
Mapping incoming URLs to controller actions or endpoints.
Row-Level Security?
+
User can only access specific rows based on rules.
Rules of Razor syntax:
+
Razor starts with @, supports IntelliSense, has clean HTML mixing, and
minimizes closing tags compared to ASPX.
runtime does ASP.NET Core use?
+
.NET 5/6/7/8 (Unified .NET runtime).
Runtime Identifiers (RID)?
+
RID represents the platform where an app runs (e.g., win-x64, linux-arm64).
Used for publishing self-contained apps.
Scaffolding?
+
Automatic generation of CRUD code for model and views.
Scope Creep?
+
Unauthorized expansion of delegated access.
Scope in OAuth2?
+
Defines what access the client is requesting.
Scoped lifetime?
+
Service created once per request.
Scoped lifetime?
+
One instance per HTTP request.
Scoped lifetime?
+
Creates one instance per client request.
Sealed class?
+
Class that cannot be inherited.
Security & Authorization
+
ASP.NET Core uses policies, role-based access, authentication middleware,
and secure coding to protect resources. Best practices include HTTPS, input
validation, and secure tokens.
Self-Authorization Design?
+
User automatically given access to own resources.
Self-Contained Deployment?
+
The app includes its own .NET runtime. It does not require .NET to be
installed on the host machine.
Send JSON result in MVC?
+
Use return Json(object, JsonRequestBehavior.AllowGet);. This serializes the
object into JSON format. Useful in AJAX-based applications. It is commonly
used in API responses.
Separation of Duties?
+
Critical tasks split among multiple users.
Serialization Libraries?
+
System.Text.Json, Newtonsoft.Json.
Serialization?
+
Converting objects to byte streams, JSON, or XML.
Serilog?
+
Third-party structured logging library.
Serverless Computing?
+
Execution model where cloud runs functions without managing servers.
Server-side validation?
+
Validation performed on server during HTTP request processing.
Service Lifetimes
+
Transient, Scoped, Singleton.
Service Lifetimes?
+
Singleton, Scoped, Transient.
Session Fixation?
+
Attack that hijacks a valid session.
Session in MVC Core?
+
Stores user state data server-side while maintaining stateless nature.
Session State Management
+
Uses cookies, TempData, distributed caching, or session middleware.
Session State?
+
Server-side storage for user data.
session?
+
Server-side state management storing user data across requests.
Sessions maintained in MVC?
+
Sessions can be maintained using Session[] variables. Example:
Session["User"] = "John";. ASP.NET uses server-side storage for session
values. Cookies or session identifiers track user session state.
SignalR?
+
SignalR is a .NET library for real-time communication. It supports
WebSockets and used for chat apps, live dashboards, and notifications.
SignalR?
+
Real-time communication framework for push notifications, chat, live
updates.
SignalR?
+
Framework for real-time communication like chat, live updates.
Significance of NonActionAttribute:
+
NonActionAttribute is used in MVC to prevent a public method inside a
controller from being treated as an action method. It tells the framework
not to expose or invoke the method via routing. This is useful for helper or
private logic inside controllers.
Singleton lifetime?
+
Service instance created once for entire application lifetime.
Singleton lifetime?
+
Single instance for the entire application lifecycle.
Singleton lifetime?
+
One instance shared across application lifetime.
Soft Delete in API?
+
Use IsDeleted filter globally.
Soft Delete?
+
Mark record as deleted instead of physically removing.
SOLID?
+
Five design principles: SRP, OCP, LSP, ISP, DIP.
Spring MVC?
+
Spring MVC is a Java-based MVC framework used to build flexible and loosely
coupled web applications.
SQL Injection?
+
Attack using unsafe SQL input.
SQL Injection?
+
Security attack via malicious SQL input.
SSO?
+
Single Sign-On allows login once across multiple apps.
SSO?
+
Single Sign-On allowing one login for multiple applications.
Startup class used for?
+
Configures services and the HTTP request pipeline.
Startup.cs?
+
Startup.cs in ASP.NET Core configures the application’s services and
middleware pipeline. The ConfigureServices method registers services like
dependency injection, database contexts, and authentication. The Configure
method sets up middleware such as routing, error handling, and static files.
It defines how the app responds to HTTP requests during startup.
Startup.cs?
+
File configuring middleware, routing, authentication in MVC Core.
Statelessness?
+
Server stores no client session; each request is independent.
Static Authorization?
+
Predefined access rules.
Static class?
+
Class that cannot be instantiated.
Steps in the execution of an MVC project?
+
Request goes to the Routing Engine, which maps it to a controller and
action. The controller executes the required logic and interacts with the
model. A View is selected and rendered to the browser. Finally, the response
is returned to the client.
stored procedures?
+
Precompiled SQL code stored in the database.
Strong naming?
+
Assigning a unique identity using public/private key pairs.
strongly typed view?
+
A view bound to a specific model class for compile-time validation.
strongly typed view?
+
A view bound to a specific model class using @model keyword.
Strongly Typed Views
+
These views are bound to a model class using @model. They improve
IntelliSense, compile-time safety, and easier data handling.
Swagger/OpenAPI?
+
Tool to document and test REST APIs.
Swagger?
+
Framework to document and test APIs interactively.
Swagger?
+
Documentation and testing tool for APIs.
Swagger?
+
Auto-documentation and testing tool for APIs.
Tag Helper in ASP.NET Core?
+
Tag helpers are server-side components that enable C# code to be used in
HTML elements. They make views cleaner and more readable, especially for
forms, routing, and validation. Examples include asp-controller, asp-route,
and asp-validation-for.
Tag Helper?
+
Server-side helpers to generate HTML in Razor views.
Tag Helper?
+
Server-side components used to generate dynamic HTML.
Tag Helpers?
+
Server-side Razor components that generate HTML in .NET Core MVC.
Task Parallel Library (TPL)?
+
Framework for parallel programming using tasks.
TempData in MVC?
+
TempData stores data temporarily and is used to pass values across requests,
especially during redirects.
TempData used for?
+
Used to pass data across redirects between actions.
TempData: Stores data temporarily across
redirects.
+
ViewData: Key-value store for passing data to view.
TempData?
+
Stores data for one request cycle.
TempData?
+
Stores data temporarily and persists across redirects.
the Base Class Library?
+
Reusable classes for IO, networking, collections, threading, XML, etc.
the DifBet early and late binding?
+
Early binding resolved at compile time, late binding at runtime.
the main components of .NET Framework?
+
CLR, Base Class Library, ASP.NET, ADO.NET, WPF, WCF.
Themes in ASP.NET application?
+
Themes style pages and controls consistently using CSS, skin files, and
images stored in the App_Themes folder;they can be applied via Page
directive, Web.config, or programmatically to maintain a uniform UI design.
Themes in ASP.NET:
+
Themes define the UI look and feel of a web application. They include
styles, skins, and images. Useful for consistent branding across pages.
Threading?
+
Executing multiple tasks concurrently.
Throttling?
+
Controlling request frequency.
Token Authentication?
+
Authentication based on tokens instead of cookies.
Token Binding?
+
Crypto mechanism tying tokens to client devices.
Token Exchange?
+
Exchanging one token for another for different scopes.
Token Introspection?
+
Process of validating token on the Authorization Server.
Token Revocation?
+
Process of invalidating tokens before expiration.
Token-Based Authorization?
+
Access granted via tokens like JWT.
tracing in .NET?
+
Tracing helps debug and analyze runtime behavior. It displays request
details, control hierarchy, and performance info. Tracing can be enabled at
page or application level. It is useful during development for
troubleshooting.
Tracking vs NoTracking?
+
AsNoTracking improves performance for reads.
Transient lifetime?
+
New instance created each time the service is requested.
Transient lifetime?
+
Creates a new instance each time requested.
Transient lifetime?
+
Creates a new instance every time requested.
Two approaches of adding constraints to a route:
+
Constraints can be added using regular expressions or built-in constraint
classes like HttpMethodConstraint.
Two ways to add constraints to a route?
+
1. Using Regular Expressions. 2. Using Parameter Constraints (like int,
guid). They restrict valid route patterns. Helps avoid ambiguity.
Two ways to add constraints:
+
Using Regex constraints or custom constraint classes/interfaces.
Types of ActionResult?
+
ViewResult, JsonResult, RedirectResult, FileResult, PartialViewResult,
ContentResult.
Types of authentication in ASP.NET?
+
Forms, Windows, Passport, Token, Basic.
Types of Caching?
+
In-memory, Distributed, Redis, Response caching.
Types of caching?
+
Output caching, Data caching, Distributed caching.
Types of caching?
+
In-Memory Cache, Distributed Cache, Response Cache.
Types of DI lifetimes?
+
Singleton, Scoped, Transient.
Types of filters?
+
Authorization, Action, Result, and Exception filters.
Types of Filters?
+
Authorization, Action, Result, Exception filters.
Types of JIT?
+
Pre-JIT, Econo-JIT, Normal-JIT.
Types of results in MVC?
+
Common types include: ViewResult JsonResult RedirectResult ContentResult
FileResult Each type corresponds to a different response format.
Types of Routing?
+
Attribute routing, Conventional routing, Minimal API routing.
Types of routing?
+
Convention-based routing and Attribute routing.
Types of Routing?
+
Convention-based and Attribute-based routing.
Types of serialization?
+
Binary, XML, SOAP, JSON.
Unboxing?
+
Extracting value type from object.
Unit of Work Pattern?
+
Manages multiple repositories under a single transaction.
Unit of Work Pattern?
+
Manages multiple repository operations under a single transaction.
Unit of Work Pattern?
+
Manages multiple repository operations under a single transaction.
Unit Testing Controllers
+
Controllers are tested using mock dependencies injected via constructor.
Frameworks like Moq help simulate external services.
Unit Testing in MVC?
+
Testing controllers, models, and logic without running UI.
Unit Testing?
+
Testing individual code components.
Unmanaged Code?
+
Code executed directly by OS outside CLR like C/C++.
URI vs URL?
+
URI identifies a resource; URL locates it.
URL Rewriting Middleware
+
This middleware modifies request URLs before routing. It is useful for SEO
redirects, legacy URL support, and HTTPS enforcement.
Use MVC in JSP?
+
Use Java Beans as Model, JSP as View, and Servlets as Controllers. The
controller receives requests, interacts with the model, and forwards output
to the view. Ensures clean separation of logic. 35) How MVC works in Spring?
Use of ActionFilters in MVC?
+
Action filters execute custom logic before or after Action methods, such as
logging, caching, or authorization.
Use of CheckBox in .NET?
+
A CheckBox allows users to select one or multiple options. It returns
true/false based on user selection. It can trigger events like
CheckedChanged. It is widely used in forms and permissions.
Use of default route {resource}.axd/{*pathinfo}?
+
It is used to ignore requests for Web Resource files. Static resources like
scripts and images are handled separately. Prevents MVC routing from
processing system files. Used mainly for performance optimization.
Use of ng-controller in external files?
+
ng-controller helps load logic defined in a separate JavaScript file. This
separation keeps code modular and manageable. It also promotes reusability
and avoids inline scripts. Used for scalable Angular applications.
Use of UseIISIntegration?
+
Configures the app to work with IIS as a reverse proxy.
Use of ViewModel:
+
A ViewModel holds data required by the view and may combine multiple models.
It improves separation of concerns.
Use repeater control in ASP.NET?
+
Repeater displays repeated data from data sources like SQL or Lists. It
provides full HTML control without predefined layout. Data is bound using
DataBind() method. Ideal for flexible UI formatting.
used to handle an error in MVC?
+
MVC uses Exception Filters, HandleErrorAttribute, custom error pages, and
global filters to handle errors. It also supports logging frameworks for
exception tracking.
Using ASP.NET Core APIs from a Class Library
+
Class libraries can reference ASP.NET Core packages and use dependency
injection to access services. Shared logic like validation or domain models
can be placed in the library for reuse.
Using hyperlink:
+
Go to About
Validation in ASP.NET Core
+
Validation uses data annotations and model binding. It ensures rules are
applied once and reused across views and APIs (DRY principle).
Validation in MVC?
+
Process ensuring user input meets defined rules before saving.
Various JSON files in ASP.NET Core?
+
appsettings.json, launchSettings.json, bundleconfig.json, and
environment-specific config files.
Various steps to create the request object?
+
MVC parses the incoming HTTP request. It identifies route data, initializes
the Controller and Action. Binding occurs to form parameters and then the
request object is passed.
View Component?
+
Reusable rendering component similar to partial views but with logic.
View Engine?
+
Component that renders UI from templates.
View in MVC?
+
View is the UI representation of model data shown to the user.
View Models
+
Custom class containing only data required by the View.
View State?
+
Preserves page and control values across postbacks in ASP.NET WebForms using
a hidden field.
ViewBag?
+
Dynamic data dictionary for passing data from controller to view.
ViewData: Key-value store for passing data to
view.
+
ViewBag: Dynamic wrapper around ViewData.
ViewData?
+
A dictionary-based container to pass data between controller and view.
ViewEngineResult?
+
Represents result of view engine locating view or partial.
ViewEngines?
+
Engines that compile and render views like RazorViewEngine.
ViewImports.cshtml?
+
Registers namespaces, helpers, and tag helpers for Razor views.
ViewModel?
+
A class combining multiple models or additional data required by the view.
ViewStart.cshtml?
+
Executes before every view and sets layout page.
ViewStart?
+
_ViewStart.cshtml runs before each view and sets common settings like
layout. It helps avoid repeating configuration in each view.
ViewState?
+
Mechanism to persist page and control values in Web Forms.
ViewState?
+
A mechanism in ASP.NET WebForms to preserve page and control state across
postbacks.
WCF bindings?
+
Transport protocols like basicHttpBinding, wsHttpBinding.
WCF?
+
Windows Communication Foundation for building service-oriented apps.
Web API in ASP.NET Core?
+
Framework for building RESTful services.
Web API in ASP.NET?
+
ASP.NET Web API is used to build RESTful services. It supports formats like
JSON and XML. It enables communication between client and server
applications. Web API is lightweight and ideal for mobile and SPA
applications.
Web API vs MVC?
+
MVC returns views while Web API returns JSON/XML data.
Web API?
+
Web API is used to build RESTful HTTP services in .NET. It supports JSON,
XML, routing, authentication, and stateless communication.
Web API?
+
A framework for building RESTful services over HTTP in ASP.NET.
Web Farm?
+
Multiple servers hosting the same application.
Web Garden?
+
Multiple worker processes in same application pool.
Web Services in ASP.NET?
+
HTTP-based services using XML/SOAP for cross-platform communication (.asmx
files). They use XML and SOAP protocols for data exchange. They help build
interoperable solutions across platforms. ASP.NET Web Services expose
methods using [.asmx] files.
Web.config file in ASP?
+
Web.config is an XML configuration file for ASP.NET applications. It stores
settings like database connections, security, and session management. It
controls application-level behavior without recompiling code. Multiple
Web.config files can exist for different directories.
Web.config?
+
Configuration file for ASP.NET application.
Web.config?
+
Configuration file for ASP.NET applications in .NET Framework.
Web.config?
+
Configuration file used in .NET MVC Framework applications.
WebListener?
+
A Windows-only web server used when advanced Windows authentication features
are required.
WebParts:
+
WebParts allow building customizable and personalized pages. Users can
rearrange, edit, or hide parts of a page. Useful in dashboards and portal
applications.
WebSocket?
+
Persistent full-duplex communication protocol for real-time applications.
WebSocket?
+
Persistent full-duplex connection used in real-time communication.
Where Startup.cs in ASP.NET Core 6.0?
+
In .NET 6+, minimal hosting model removes Startup.cs. Configuration like
services, routing, and middleware is now placed directly in Program.cs.
Why are API keys less secure?
+
No expiration and easily leaked.
Why choose .NET for development?
+
.NET provides high performance, strong ecosystem, cross-platform support,
built-in DI, cloud readiness, and great tooling like Visual Studio and
GitHub Copilot. It's ideal for enterprise, web, mobile, and microservice
applications.
Why do Access Tokens expire?
+
To reduce security risks and limit exposed lifetime.
Why not store authorization logic in UI?
+
Client-side can be tampered; authorization must be server-side.
Why use ASP.NET Core?
+
Fast, scalable, cloud-ready, open-source, modular design, and ideal for
Microservices and container deployments.
Why validate authorization on every request?
+
To ensure permissions haven't changed.
Windows Authentication?
+
Uses Windows credentials for login.
Windows Authorization?
+
Authorization using Windows identity and AD groups.
Worker Services?
+
Worker Services run background jobs without UI. They are ideal for scheduled
tasks, queue processing, and microservice background jobs.
WPF MVVM Pattern?
+
Model-View-ViewModel for UI separation.
WPF?
+
Windows Presentation Foundation for building rich desktop UIs.
wroot folder in ASP.NET Core?
+
Public web root for static files (CSS, JS, images); files outside are not
directly accessible.
XACML?
+
Authorization standard using XML-based policies.
XAML?
+
Markup language used to define UI elements in WPF.
XSS Prevention
+
XSS occurs when user input is executed as script. ASP.NET Core prevents this
through automatic HTML encoding and validation.
XSS?
+
Cross-site scripting via malicious scripts.
Zero Trust?
+
Always verify identity regardless of network.
.NET (5/6/7/8+)?
+
A unified, cross-platform, high-performance framework for building desktop,
web, mobile, cloud, and IoT apps.
.NET Core?
+
A fast, modular, cross-platform, open-source framework for building modern
cloud and web apps.
.NET Framework?
+
A Windows-only framework with CLR and rich libraries for building desktop
and legacy ASP.NET apps.
.NET Platform Standards?
+
pecifications that ensure shared APIs and cross-platform compatibility
across .NET runtimes.
.NET?
+
A software framework with libraries, runtime, and tools for building
applications.
@Html.AntiForgeryToken()?
+
Token used to prevent CSRF attacks.
3 important segments for routing?
+
Controller name, Action name, and optional Parameter (id).
3-tier focuses on application architecture.
+
MVC focuses on UI interaction and request handling.
ABAC?
+
Attribute-Based Access Control.
Abstract Class vs Interface?
+
Abstract class can have implementation; interface cannot.
Abstraction?
+
Hiding complex implementation details.
Access Control Matrix?
+
Table mapping users/roles to permissions.
Access Review?
+
Periodic review of user permissions.
Access Token Audience?
+
Specifies which API the token is intended for.
Access Token Leakage?
+
Unauthorized party obtains a token.
Access Token?
+
Token used to access protected APIs.
Accessing HttpContext
+
Access HttpContext via dependency injection using IHttpContextAccessor;
controllers/middleware access directly, services via
IHttpContextAccessor.HttpContext.
ACL?
+
Access Control List defining user permissions for a resource.
Action Filter?
+
Code executed before or after controller action execution.
Action Filters?
+
Attributes executed before/after controller actions.
Action Method?
+
A public method inside controller handling client requests.
Action Selector?
+
Attributes like [HttpGet], [HttpPost], [Route].
ActionInvoker?
+
Executes selected MVC action method.
ActionName attribute?
+
Maps method to a different public action name.
ActionResult is a base type that can return
various results.
+
ViewResult specifically returns a View response.
ActionResult?
+
Base type for all responses returned from action methods. A return type in
MVC representing HTTP responses returned from controller actions.
AD Group?
+
A collection of users with shared permissions.
ADO.NET?
+
Data access framework for relational databases.
AdRotator Control:
+
Displays banner ads from an XML file randomly or by weight, supporting URL
redirection for dynamic ad management.
Advantages of ASP.NET?
+
High-performance, secure server-side framework supporting WebForms, MVC, Web
API, caching, authentication, and rapid development.
Advantages of MVC:
+
Provides testability, clean separation, faster development, reusable code,
and SEO-friendly URLs.
Ajax in ASP.NET?
+
Enables asynchronous browser-server communication to update page parts
without full reload, using controls like UpdatePanel and ScriptManager.
AJAX in MVC?
+
Asynchronous calls to server without full page reload.
AllowAnonymous?
+
Attribute used to skip authorization.
ANCM?
+
ASP.NET Core Module enables hosting .NET Core under IIS reverse proxy.
Anti-forgery middleware?
+
Middleware enforcing CSRF protection in .NET Core.
AntiForgeryToken validation attribute?
+
[ValidateAntiForgeryToken] ensures request includes valid token.
AntiXSS?
+
Technique for preventing cross-site scripting.
AOT Compilation?
+
Compiles .NET apps to native code for faster startup and lower memory use.
API Documentation?
+
Swagger/OpenAPI.
API Gateway?
+
Single entry point for routing, auth, rate limiting.
API Key Authentication?
+
Custom header with an API key.
API Key Authorization?
+
Simple authorization using an API key header.
API Versioning Methods?
+
URL, Header, Query, Media Type.
API Versioning?
+
Supporting multiple versions of an API using routes, headers, or query
params.
API Versioning?
+
Supporting multiple API versions to maintain backward compatibility.
ApiController attribute do?
+
Enables auto-validation and improved routing.
App Domain Concept in ASP.NET?
+
AppDomain isolates applications within a web server. It provides security,
reliability, and memory isolation. Each website runs in its own AppDomain.
If one crashes, others remain unaffected.
app.Run vs app.Use?
+
app.Use() continues the pipeline; app.Run() terminates it.
app.UseDeveloperExceptionPage()?
+
Displays detailed errors in development mode.
app.UseExceptionHandler()?
+
Middleware for centralized exception handling.
AppDomain?
+
Isolated region where a .NET application runs.
Application Insights?
+
Azure monitoring platform for performance and telemetry.
Application Model
+
The application model determines how controllers, actions, and routing
behave. It helps apply conventions and filters across the application.
Application Pool in IIS?
+
Worker process isolation unit.
appsettings.json used for?
+
Stores configuration values like connection strings, logging, and custom
settings.
appsettings.json?
+
Primary configuration file in ASP.NET Core.
appsettings.json?
+
Stores key/value settings for the application, commonly used in ASP.NET Core
MVC.
Area in MVC?
+
Module-level grouping for large applications (Admin, Customer, User).
ASP.NET Core host apps without IIS?
+
Yes, it can run standalone using Kestrel.
ASP.NET Core run in Docker?
+
Yes, it supports containerization with official runtime and SDK images.
ASP.NET Core serve static files?
+
By enabling app.UseStaticFiles() and placing files in wwwroot.
ASP.NET Core?
+
A cross-platform, high-performance web framework for APIs, MVC, and
real-time apps.
ASP.NET Core?
+
A cross-platform, high-performance web framework for building modern
cloud-based applications.
ASP.NET filters run at the end?
+
Exception Filters are executed last. They handle unhandled errors during
action or result processing. Used for logging and custom error pages.
Ensures graceful error handling.
ASP.NET Identity?
+
Framework for user management, roles, claims.
ASP.NET MVC?
+
Model–View–Controller pattern for web applications.
ASP.NET page life cycle?
+
ASP.NET page life cycle defines stages a page goes through when processing.
Key stages: Page Request, Initialization, View State Load, Postback Event
Handling, Rendering, and Unload. Events allow custom logic execution at each
phase. It controls how data is processed and displayed.
ASP.NET Web Forms?
+
Event-driven web framework using drag-and-drop UI.
ASP.NET?
+
A server-side .NET framework for building dynamic websites, APIs, and
enterprise web apps.
ASP.NET?
+
Microsoft’s web framework for building dynamic, high-performance web apps
with MVC, Web API, and WebForms.
Assemblies?
+
Compiled .NET code units containing code, metadata, and manifests (DLL or
EXE) for deploying
Assembly defining MVC:
+
MVC components are defined in System.Web.Mvc.dll.
Assign an alias name for ASP.NET Web API Action?
+
You can use the [ActionName] attribute to give an alias to an action.
Example: [ActionName("GetStudentInfo")]. This helps when method names and
route names need to differ. It's useful for versioning and friendly URLs.
async action method?
+
Action using async/await for non-blocking operations.
Async operations in EF Core?
+
Perform database tasks asynchronously to improve responsiveness and
scalability.Use ToListAsync(), FirstAsync(), etc.
Async programming?
+
Non-blocking programming using async/await.
async/await?
+
Asynchronous programming model avoiding blocking operations.
async/await?
+
Keywords enabling non-blocking asynchronous code execution.
Attribute Routing
+
Defines routes directly on controllers and actions using attributes like
[Route("api/[controller]")].
Attribute-based routing?
+
Routing using attributes above controller/action.
Attributes?
+
Metadata annotations used for declaring properties about code.
authentication and authorization in ASP.NET?
+
Authentication verifies user identity (who they are). Authorization defines
access permissions for authenticated users. ASP.NET supports built-in
security mechanisms. Both ensure secure application access.
Authentication in ASP.NET Core?
+
Process of verifying user identity.
Authentication modes in ASP.NET for security?
+
ASP.NET supports Windows, Forms, Passport, and Anonymous authentication.
Forms authentication is common for web apps. Security is configured in
Web.config. Each mode provides a method to validate users.
Authentication vs Authorization?
+
Authentication verifies identity; authorization verifies access rights.
Authentication?
+
Identifying the user.
authentication?
+
Process of verifying user identity.
Authentication?
+
Verifying user identity.
Authorization Audit Trail?
+
Logs that track authorization decisions.
Authorization Cache?
+
Caching authorization decisions for performance.
Authorization Drift?
+
Outdated or incorrectly configured permissions.
Authorization Filter?
+
Executes before controller actions to enforce permissions.
Authorization Handler?
+
Custom logic to evaluate authorization requirements.
Authorization Pipeline?
+
Sequence of steps evaluating user access.
Authorization Policy?
+
Named group of requirements.
Authorization Requirement?
+
Represents a condition to fulfill authorization.
Authorization Server?
+
Server that issues access tokens.
Authorization types?
+
Role-based, Claim-based, Policy-based, Resource-based.
Authorization?
+
Authorization determines what a user is allowed to access after
authentication.
authorization?
+
Process of verifying user access rights based on roles or claims.
Authorization?
+
Verifies if authenticated user has access rights.
Authorization?
+
Checking user access rights after authentication.
Authorize attribute?
+
Enforces authorization using roles, policies, or claims.
AutoMapper?
+
Object mapping library.
AutoMapper?
+
Library for mapping objects automatically.
Azure App Service?
+
Cloud hosting platform for ASP.NET Core applications.
Azure Key Vault?
+
Secure storage for secrets, keys, and credentials.
B2B Authorization?
+
Authorization in multi-tenant business apps.
B2C Authorization?
+
Authorization in consumer-facing apps.
Backchannel Communication?
+
Secure server-server communication for token exchange.
Background worker coding?
+
Inherit from BackgroundService.
BackgroundService class?
+
Runs long-lived background tasks in .NET apps, e.g., for messaging or
monitoring.
Basic Authentication?
+
Authentication using Base64 encoded username and password.
Basic Authorization?
+
Credentials sent as Base64 encoded username:password.
Bearer Authentication?
+
Token-based authentication mechanism where tokens are sent in request
headers.
Bearer Token?
+
Authorization token sent in Authorization header.
beforeFilter(), beforeRender(), afterFilter():
+
beforeFilter() runs before action, beforeRender() runs before view
rendering, and afterFilter() runs after the response.
Benefits of ASP.NET Core?
+
Cross-platform, Cloud-ready, container friendly, modular, and fast runtime.
Benefits of using MVC:
+
MVC gives separation of concerns, supports testability, clean URLs,
maintainability, and scalability.
Blazor Server and WebAssembly?
+
Server-side rendering vs client-side execution in browser.
Blazor?
+
Framework for building interactive web UIs using C# instead of JavaScript.
Boxing?
+
Converting a value type to an object type.
Build in .NET?
+
Compilation of code into IL.
Bundling and Minification?
+
Improves performance by reducing file sizes and number of requests.
Bundling and Minification?
+
Optimizing CSS and JS for performance.
Cache Tag Helper
+
This helper caches rendered HTML output on the server, improving performance
for static or rarely changing UI sections.
Caching / Response Caching
+
Caching stores output to improve performance and reduce processing. Response
caching stores HTTP responses, improving load time for repeated requests.
Caching in ASP.NET Core?
+
Improves performance by storing frequently accessed data.
Caching in ASP.NET?
+
Technique to store frequently used data for performance.
Caching in ASP.NET?
+
Caching stores frequently accessed data to improve performance using Output,
Data, or Object Caching.It reduces server load, speeds up responses, and is
ideal for static or rarely changing data.
caching?
+
Storing frequently accessed data in memory for faster response.
Can you create an app using both WebForms and
MVC?
+
Yes, it is possible to host both in the same project. MVC can coexist with
WebForms when routing is configured properly. This allows gradual migration.
Both frameworks share the same runtime environment.
Cases where routing is not needed:
+
Routing is unnecessary for requests for static files like images/CSS or for
direct WebForms/WebService calls.
Change Token
+
A Change Token is a notification mechanism used to monitor changes, such as
configuration files or file-based caching. When a change occurs, the token
triggers refresh or rebuild actions.
CI/CD?
+
Automation pipeline for building, testing, and deploying applications.
CI/CD?
+
Continuous Integration and Continuous Deployment pipeline automation.
CIL/IL?
+
Intermediate code that the CLR JIT-compiles into machine code, enabling
language-independence and runtime optimization.
Circuit Breaker?
+
Polly-based approach to handle failing services.
Claim?
+
A user attribute such as name, email, role, or permission.
Claim-Based Authorization?
+
Authorization based on user claims such as email, age, department.
Claims?
+
User-specific attributes like name, id, role.
Claims-based authorization?
+
Authorization using claims stored in user identity.
class is used to return JSON in MVC?
+
JsonResult class is used to return JSON formatted data.
Class library?
+
A project that compiles to reusable DLL.
Client-side validation?
+
Validation executed in browser using JavaScript.
CLR?
+
Common Language Runtime that manages execution, memory, garbage collection,
and security.
CLR?
+
Common Language Runtime executes .NET applications and manages memory,
security, and exceptions.
CLS?
+
Common Language Specification – rules that all .NET languages must follow.
CLS?
+
Common Language Specification defines language rules .NET languages must
follow.
Coarse-Grained Authorization?
+
Role-level access control.
Code behind an Inline Code?
+
Code-behind keeps design and logic separate using external .cs files. Inline
code is written directly inside .aspx pages. Code-behind improves
maintainability and reusability. Inline code is simpler but less structured.
Code First Migration?
+
Approach where database schema is created from C# models.
Column-Level Security?
+
Restricts access to specific columns.
command builds project?
+
dotnet build
command is used to scaffold projects?
+
dotnet new
command restores packages?
+
dotnet restore
command runs app?
+
dotnet run
Concepts of Globalization and Localization in
.NET?
+
Globalization prepares an app to support multiple languages and cultures.
Localization customizes the app for a specific culture using resource files.
ASP.NET uses .resx files for language translation. These features help
create multilingual web applications.
Conditional Access?
+
Authorization based on conditions like location or device.
Configuration / appsettings.json
+
Settings are stored in appsettings.json and accessed using IConfiguration.
Configuration System in .NET Core?
+
Instead of Web.config, .NET Core uses appsettings.json, environment
variables, user secrets, and Azure KeyVault. It supports hierarchical and
strongly typed configuration.
ConfigurationBuilder?
+
ConfigurationBuilder loads settings from multiple sources like JSON, XML,
Azure, or environment variables. It provides flexible app configuration.
Connection Pooling?
+
Reuse of open database connections for performance.
Consent Screen?
+
User approval of requested permissions.
Containerization in ASP.NET Core?
+
Running application inside lightweight containers instead of full VMs.
Content Negotiation?
+
Mechanism to return JSON/XML based on Accept headers.
Content Negotiation?
+
Determines response format (JSON/XML) based on client request headers.
Controller in MVC?
+
Controller handles incoming requests, processes data, and returns responses.
Controller?
+
A controller handles incoming HTTP requests and returns responses such as
JSON, views, or status codes. It follows MVC (Model-View-Controller)
pattern.
ControllerBase?
+
Base class for API controllers (no views).
Convention-based routing?
+
Routing following default predefined conventions.
Cookie vs Token Auth?
+
Cookie is server-based; token is stateless.
Cookie-less Session:
+
When cookies are disabled, session data is tracked using URL rewriting.
Session ID appears in the URL. Helps maintain session without browser
cookies.
Cookies in ASP.NET?
+
Cookies store user data in the browser, such as username or session ID, for
future requests.ASP.NET supports persistent and non-persistent cookies to
enhance personalization and authentication.
CORS?
+
CORS (Cross-Origin Resource Sharing) allows or restricts browser requests
from different origins. ASP.NET Core allows configuring allowed methods,
headers, and domains.
CORS?
+
Security feature controlling which external domains may access server
resources.
CORS?
+
Cross-Origin Resource Sharing that controls external access permissions.
Create .NET Core API project?
+
Use: dotnet new webapi -n MyApi
Cross-page posting in ASP.NET:
+
Cross-page posting allows a form to post data to another page using
PostBackUrl property. The target page can access source page controls using
PreviousPage property. Useful for multi-step forms.
Cross-Platform Compilation?
+
.NET Core/.NET can compile and run on Windows, Linux, or macOS. Developers
can build apps once and run them anywhere.
CRUD API coding question?
+
Implement GET, POST, PUT, DELETE endpoints.
CSRF Protection
+
CSRF attacks force users to perform unintended actions. ASP.NET Core
mitigates it using anti-forgery tokens and validation attributes.
CSRF?
+
Cross-site request forgery attack.
CSRF?
+
Cross-site request forgery where attackers perform unauthorized actions on
behalf of users.
CSRF?
+
Cross-Site Request Forgery attack forcing authenticated users to execute
unwanted actions.
CTS?
+
Common Type System – defines how types are declared and used in .NET.
CTS?
+
Common Type System ensures consistency of data types across all .NET
languages.
Custom Action Filter coding?
+
Extend ActionFilterAttribute.
Custom Exception?
+
User-defined exception class.
Custom Middleware in ASP.NET Core
+
Custom middleware is created by writing a class with an Invoke or
InvokeAsync method that accepts HttpContext. It is registered in the
pipeline using app.Use(). Middleware can modify requests, responses, or pass
control to the next component.
Custom Model Binding
+
Implement IModelBinder and register it using ModelBinderProvider.
Data Annotation?
+
Attribute-based validation such as [Required], [Email], [StringLength].
Data Annotations?
+
Attributes used for validation like [Required], [Email], [StringLength].
Data Binding?
+
Connecting UI elements with data sources.
Data Cache:
+
Data Cache stores frequently used data to improve performance. It supports
expiration policies and dependency-based invalidation. Accessed through
HttpRuntime.Cache.
Data controls available in ASP.NET?
+
ASP.NET provides several data-bound controls like GridView, ListView,
Repeater, DataList, and FormView. These controls display and manipulate
database records. They support sorting, paging, and editing features. They
simplify data presentation.
Data Masking?
+
Hiding sensitive data based on policies.
Data Protection API?
+
Encrypting sensitive data.
Data Seeding?
+
Preloading default or sample data into database.
DbContext?
+
Class managing database connection and entity tracking.
DbSet?
+
Represents a database table.
Default project structure?
+
Minimal hosting model with Program.cs and optional folders for Models,
Controllers, Services.
Default route format?
+
{controller}/{action}/{id}
Define Default Route:
+
The default route is {controller}/{action}/{id} with default values like
Home/Index. It helps map incoming requests automatically.
Define DTO.
+
Data Transfer Object—used to expose safe API models.
Define Filters in MVC.
+
Filters allow custom logic before or after controller actions, such as
authentication, logging, or error handling.
Define Output Caching in MVC.
+
Output caching stores the rendered output of an action to improve
performance and reduce server processing.
Define Scaffolding in MVC:
+
Scaffolding automatically generates CRUD code and views based on the model.
It speeds up development by providing a code structure quickly.
Define the 3 logical layers of MVC?
+
Presentation layer → View Business logic layer → Controller Data layer →
Model
Delegate?
+
Type-safe function pointer.
Delegation?
+
Forwarding user's identity to downstream systems.
DenyAnonymousAuthorization?
+
Policy that allows only authenticated users.
Dependency Injection?
+
Dependency Injection (DI) is a design pattern where dependencies are
injected rather than created internally. .NET Core has built-in DI support.
It improves testability, maintainability, and loose coupling.
dependency injection?
+
A pattern where dependent services are injected rather than created inside a
class.
Dependency Injection?
+
Improves maintainability, testability, and reduces coupling.
Dependency Injection?
+
Injecting required objects rather than creating them inside controller.
Deployment Slot?
+
Environment preview before production deployment, commonly in Azure.
Deployment?
+
Publishing application to server.
Describe application state management in
ASP.NET.
+
Application State stores global data accessible to all sessions. It is
stored in server memory and persists until restart. Useful for shared
counters or configuration data. It reduces repeated data loading.
Describe ASP.NET MVC.
+
It is a lightweight Microsoft framework that follows MVC architecture for
building scalable, testable web applications.
Describe login Controls in ASP.
+
Login controls simplify user authentication. Examples include Login,
LoginView, LoginStatus, PasswordRecovery, and CreateUserWizard. They handle
username validation, password reset, and security membership. They reduce
custom coding effort.
DI (Dependency Injection)?
+
A design pattern where dependencies are provided rather than created inside
a class.
DI Container?
+
Object lifetime and dependency management system.
DI for Controllers
+
ASP.NET Core injects dependencies into controllers via constructor
injection. Services must be registered in ConfigureServices.
DI for Views
+
Views receive dependencies using @inject directive. This helps share
services such as logging or localization.
DifBet .NET Core and .NET Framework?
+
.NET Core is cross-platform and modular; .NET Framework is Windows-only and
monolithic.
DifBet ASP.NET MVC and WebForms?
+
MVC follows separation of concerns and doesn’t use ViewState, while WebForms
uses event-driven model with ViewState.
DifBet Authentication and Authorization?
+
Authentication verifies identity; Authorization verifies permissions.
DifBet Claims and Roles?
+
Role is a type of claim for grouping permissions.
DifBet Code First and DB First in EF?
+
Code First generates DB from classes, Database First generates classes from
DB.
DifBet Dataset and DataReader?
+
Dataset is disconnected; DataReader is connected and forward-only.
DifBet EF and EF Core?
+
EF Core is cross-platform, lightweight, and supports LINQ to SQL.
DifBet EXE and DLL?
+
EXE is an executable process; DLL is a reusable library.
DifBet GET and POST?
+
GET retrieves data; POST submits or modifies server data.
DifBet LINQ to SQL and Entity Framework?
+
LINQ to SQL is limited to SQL Server; EF supports multiple databases.
DifBet PUT and PATCH?
+
PUT replaces entire resource; PATCH updates part of it.
DifBet Razor and ASPX view engine?
+
Razor is cleaner, faster, and uses minimal markup compared to ASPX.
DifBet REST and SOAP?
+
REST is lightweight and stateless using JSON, while SOAP uses XML and is
more structured.
DifBet Role-Based vs Permission-Based?
+
Role groups permissions, permission defines specific capability.
DifBet session and cookies?
+
Cookies store on client browser, sessions store on server.
DifBet Thread and Task?
+
Thread is OS-level entity; Task is a higher-level abstraction.
DifBet Value type and Reference type?
+
Value types stored in stack, reference types stored in heap.
DifBet ViewBag and ViewData?
+
ViewData is dictionary-based; ViewBag uses dynamic properties. Both are
temporary and request-scoped.
DifBet WCF and Web API?
+
WCF supports protocols like TCP/SOAP; Web API is REST-based.
DifBet worker process and app pool?
+
App pool groups worker processes; worker process executes application.
DiffBet 3-tier and MVC?
+
3-tier architecture has Presentation, Business, and Data layers. MVC has
Model, View, and Controller roles for UI pattern.
DiffBet ActionResult and ViewResult.
+
ActionResult is a base type that can return various results.
DiffBet ActionResult and ViewResult?
+
ActionResult is a base class for various result types (JsonResult,
RedirectResult, etc.). ViewResult specifically returns a View. Controller
methods can return either. ActionResult provides flexibility for different
response formats.
DiffBet adding routes in WebForms and MVC.
+
WebForms uses file-based routing whereas MVC uses pattern-based routing.MVC
routing maps URLs directly to controllers and actions.
DiffBet AddTransient, AddScoped, and
AddSingleton?
+
Transient: New instance every request,Scoped: One instance per HTTP
request,Singleton: Same instance for entire application lifetime
DiffBet ASP.NET Core and ASP.NET?
+
Core is cross-platform, lightweight, modular, and faster. Classic ASP.NET is
Windows-only, uses System.Web, and is heavier.
DiffBet ASP.NET MVC 5 and ASP.NET Core MVC?
+
ASP.NET Core MVC is cross-platform, modular, open-source, and integrates Web
API into MVC. MVC 5 works only on Windows and is more monolithic. Core also
uses middleware instead of pipeline handlers.
DiffBet EF Core and EF Framework?
+
EF Core is lightweight, cross-platform, extensible, and faster than EF
Framework. EF Framework supports only .NET Framework and lacks many modern
features like batching, no-tracking queries, and shadow properties.
DiffBet HTTP Handler and HTTP Module:
+
Handlers handle and respond to specific requests directly. Modules work in
the pipeline and intercept requests during processing. Multiple modules can
exist for one request, but only one handler processes it.
DiffBet HttpContext.Current.Items and
HttpContext.Current.Session:
+
Items is used to store data for a single HTTP request and is cleared after
the request ends. Session stores data across multiple requests for the same
user. Items is faster and used for request-level sharing.
DiffBet MVVM and MVC?
+
MVC uses Controller for request handling, View for UI, and Model for data.
MVVM uses ViewModel to handle binding logic between View and Model. MVVM
supports two-way binding, especially in UI frameworks. MVC is better for web
apps, MVVM suits rich UIs.
DiffBet Server.Transfer and Response.Redirect:
+
Server.Transfer transfers execution to another page on the server without
changing the URL. Response.Redirect sends the browser to a new page and
changes the URL. Redirect performs a round trip to the client; Transfer does
not.
DiffBet session and caching:
+
Session stores user-specific data and is used per user. Cache stores
application-wide frequently used data to improve performance. Session
expires when the user ends or times out, while cache expiry depends on
policies like sliding or absolute expiration.
DiffBet TempData, ViewData, and ViewBag?
+
ViewData: Dictionary-based, valid only for current request. ViewBag: Wrapper
around ViewData using dynamic properties. TempData: Persists only for the
next request (used for redirects). 18) What is a partial view in MVC?
DiffBet View and Partial View.
+
A View renders the full UI while a Partial View renders a reusable section
of the UI.
DiffBet View and Partial View?
+
A View renders a complete page layout. A Partial View renders only a portion
of UI. Partial View does not include layout pages by default. Useful for
reusable components.
DiffBet Web API and WCF:
+
Web API is lightweight and designed for RESTful services using HTTP. WCF
supports multiple protocols like HTTP, TCP, and MSMQ. Web API is best for
modern web/mobile services, WCF for enterprise SOA.
DiffBet Web Forms and MVC?
+
MVC is lightweight and testable; Web Forms is event-driven and stateful.
DiffBet WebForms and MVC?
+
WebForms are event-driven and stateful. MVC is lightweight, stateless, and
supports testability. MVC offers full control over HTML. WebForms use
server-side controls and ViewState.
Difference: app.Use vs app.Run?
+
app.Use() allows multiple middlewares; app.Run() terminates the pipeline and
passes no further requests.
Different approaches to implement Ajax in MVC.
+
Using Ajax.BeginForm(), jQuery Ajax(), or Fetch API.
Different properties of MVC routes?
+
Key properties are URL, Defaults, Constraints, and DataTokens.
Different return types used by the controller
action method in MVC?
+
Common return types are ViewResult, JsonResult, RedirectResult,
ContentResult, FileResult, and ActionResult. ActionResult is the base type
for most results.
Different Session state management options
available in ASP.NET?
+
ASP.NET stores user-specific data across requests using InProc, StateServer,
SQL Server, or Custom modes.InProc keeps data in memory, while StateServer
and SQL Server store it externally, all server-side and secure.
Different validators in ASP.NET?
+
Controls like RequiredField, Range, Compare, Regex, Custom, and
ValidationSummary ensure correct input on client and server sides.
Different ways for bundling and minification in
ASP.NET Core?
+
Combine and compress scripts/styles to reduce size and improve performance,
using tools like Webpack or NUglify.
directive reads environment?
+
app.Environment.IsDevelopment()
Directory Service?
+
Stores users, groups, and permissions (AD, LDAP).
Display something in CodeIgniter?
+
Use the controller to load a view. Example:
$this->load->view("welcome_message"); The view outputs content to the
browser. Models supply data if required.
DisplayFor vs EditorFor?
+
DisplayFor shows read-only UI; EditorFor creates editable fields.
DisplayTemplate?
+
Reusable Display UI with @Html.DisplayFor.
distributed cache providers are supported?
+
Redis, SQL Server, NCache.
Distributed Cache?
+
Cache shared across multiple servers (Redis, SQL).
Distributed Tracing?
+
Tracing requests across microservices.
Distributed Tracing?
+
Tracking request flow through microservices with correlation IDs.
do you mean by partial view of MVC?
+
A partial view is a reusable view component used to render partial UI, such
as headers or menus.
Docker in .NET context?
+
Run .NET apps in portable containers for easy deployment, scaling, and
microservices.
Docker?
+
Containerization platform used to package and deploy applications.
Docker?
+
Container platform for packaging and deploying applications.
does MVC represent?
+
Model = business logic/data, View = UI, Controller = handles request and
updates View.
dotnet CLI?
+
Command line interface for building and running .NET applications.
Drawbacks of MVC model:
+
More development complexity, steep learning curve, and requires stronger
knowledge of patterns.
DTO?
+
Data Transfer Object used to transfer lightweight data.
Dynamic Authorization?
+
Real-time decision-based authorization.
Eager Loading?
+
Loads related data via Include().
EditorTemplate?
+
Reusable Editable UI with @Html.EditorFor.
EF Core optimization coding?
+
Use Select, AsNoTracking, Include.
EF Core?
+
Object-relational mapper for .NET Core.
EF Core?
+
Modern lightweight ORM for database access.
EF Migration?
+
Feature to update database schema using version-controlled code.
Enable CORS
+
CORS is configured using services.AddCors() and enabled with app.UseCors().
It allows cross-domain API access.
Enable CORS in API?
+
services.AddCors(); app.UseCors(...);
Enable CORS?
+
Using middleware: app.UseCors()
Enable JWT in API?
+
AddAuthentication().AddJwtBearer(...).
Enable Response Caching?
+
services.AddResponseCaching(); app.UseResponseCaching();
Encapsulation?
+
Bundling data and methods inside a class.
Endpoint Routing?
+
Modern routing system introduced to unify MVC, Razor Pages, and SignalR
routing.
Ensure Web API returns JSON only?
+
Remove XML formatters and keep only JSON formatter in WebApiConfig. Example:
config.Formatters.Remove(config.Formatters.XmlFormatter);. Now the API
always responds in JSON format. Useful for modern REST services.
Enterprise Library:
+
Enterprise Library provides reusable software components like Logging, Data
Access, Validation, and Exception Handling. Helps build enterprise-level
maintainable applications.
Entity Framework?
+
ORM for accessing databases using objects.
Entity Framework?
+
An ORM that maps databases to .NET objects, supporting LINQ, migrations, and
simplified data access.
Entity Framework?
+
ORM framework to interact with database using C# objects.
Environment Variable in ASP.NET Core?
+
External configuration determining environment (Development, Staging,
Production).
Environment Variable?
+
Configuration used to define environment (Development, Staging, Production).
Error handling middleware?
+
Middleware for diagnostics and custom error responses (e.g.,
DeveloperExceptionPage, ExceptionHandler).
Error Handling Strategies
+
Use middleware like UseExceptionHandler, logging, global filters, and status
code pages.
Event?
+
Notification triggered using delegates.
Examples of HTML Helpers?
+
TextBoxFor, DropDownListFor, LabelFor, HiddenFor.
Exception Handling?
+
Mechanism to handle runtime errors using try/catch/finally.
Execute any MVC project?
+
Build the project → Run IIS Express/Local host → Routing selects controller
→ Action returns view → Output is rendered in browser.
Explain ASP.NET Core.
+
It is a cross-platform, open-source framework for building modern web
applications. It provides high performance, modular design, and supports
MVC, Razor Pages, Web APIs, and SignalR.
Explain Dependency Injection.
+
DI provides loose coupling by injecting required services at runtime.
ASP.NET Core has DI support built-in.
Explain in brief the role of different MVC
components.
+
Model manages logic and data. View is responsible for UI.Controller acts as
a bridge processing user requests and returning responses.
Explain Model, View, and Controller in Brief.
+
Model holds application logic and data. View displays data to the user.
Controller handles user input, interacts with Model, and selects the View to
render.
Explain Request Pipeline.
+
Request flows through middleware components configured in Program.cs (pre
.NET 6: Startup.cs) before generating a response.
Explain separation of concern.
+
It divides an application into distinct sections, each responsible for a
single concern, reducing dependency.
Explain some benefits of using MVC.
+
It supports separation of concerns, easy testing, clean code structure, and
supports TDD. It’s extensible and suitable for large applications.
Explain TempData, ViewData, ViewBag.
+
TempData: Stores data temporarily across redirects.
Explain the MVC Application life cycle.
+
It includes: Application Start → Routing → Controller Initialization →
Action Execution → Result Execution → View Rendering → Response sent to
client.
Explicit Allow?
+
Specific rule allows access.
Explicit Deny?
+
Rule that overrides all allows.
Extension Method?
+
Add new methods to existing types without modifying them.
external authentication?
+
Login using Google, Microsoft, Facebook, GitHub providers.
Feature Toggle?
+
Enables or disables features dynamically.
Features of MVC?
+
MVC supports separation of concerns. It promotes testability, flexibility,
and clean architecture. Provides routing, Razor syntax, and built-in
validation. Ideal for large, scalable web applications.
Federation in Authorization?
+
Trust relationship between identity providers and applications.
File extension for Razor views?
+
.cshtml
File extensions for Razor views?
+
Razor views use: .cshtml for C# .vbhtml for VB.NET These files support
inline Razor syntax.
file replaces Web.config in ASP.NET Core?
+
appsettings.json
FileResult?
+
Returns files like PDF, images, or documents.
Filter in MVC?
+
Reusable logic executed before or after action methods.
Filter types?
+
Authorization, Resource, Action, Exception, Result filters.
Filters executed at the end:
+
Result filters are executed at the end, just before and after the view is
rendered.
Filters in ASP.NET Core?
+
Run pre- or post-action logic like validation, logging, caching, or
authorization in controllers.
Filters in MVC Core?
+
Reusable logic executed before or after actions.
Filters?
+
Components to run code before/after actions.
Fine-Grained Authorization?
+
Permission-level control instead of role-level.
FormCollection?
+
Object storing form values submitted by user.
Forms Authentication?
+
User logs in through custom login form.
Framework-Dependent Deployment?
+
App runs on an installed .NET runtime, producing a smaller executable.
Frontchannel Communication?
+
Browser-based token communication.
GAC : Global Assembly Cache?
+
Stores shared .NET assemblies for multiple apps, supporting versioning and
avoiding DLL conflicts.
Garbage Collection (GC)?
+
Automatic memory management that removes unused objects.
Garbage Collection?
+
Automatic memory cleanup of unused objects.
GC generations?
+
Gen 0, Gen 1, Gen 2 used to optimize memory cleanup.
Generic Repository?
+
A reusable data access pattern that works with any entity type to perform
CRUD operations.
GET and POST Action types:
+
GET retrieves data and does not modify state. POST submits data and is used
for creating or updating records.
Global exception handling coding?
+
Create custom exception middleware.
Global Exception Handling?
+
Error handling applied across entire application using middleware.
Global.asax?
+
Application-level events like Start, End, Error.
GridView Control:
+
GridView displays data in a tabular format and supports sorting, paging, and
editing. It binds to data sources like SQL, lists, or datasets. It provides
templates and commands for customization.
gRPC in .NET?
+
High-performance, protocol-buffer-based communication for microservices,
faster than REST.
gRPC?
+
High-performance communication protocol using binary messaging and HTTP/2.
gRPC?
+
High-performance RPC protocol using HTTP/2 for communication.
GZip Compression?
+
Compressing responses to reduce payload size.
Handle 404 in ASP.NET Core?
+
Use middleware such as: app.UseStatusCodePages();
HATEOAS?
+
Responses include links to guide client navigation.
HATEOAS?
+
Hypermedia as Engine of Application State — constraint of REST API.
Health Check Endpoint?
+
Endpoint to verify system status and dependencies.
Health Check endpoint?
+
Used for monitoring health status and dependencies like DB or Redis.
Health Check in .NET Core?
+
Monitor app and dependency status, useful for Kubernetes and cloud
deployments.
Health Checks?
+
Endpoints that report app health.
Host in ASP.NET Core?
+
Manages DI, configuration, logging, and middleware; includes WebHost and
GenericHost.
Host?
+
Host manages app lifetime, DI container, config, and logging. It’s core
runtime container.
Host?
+
Host manages app lifetime, configuration, logging, DI, and environment.
HostedService?
+
Interface for background tasks.
Hot Reload?
+
Hot Reload allows modifying code while the application is running. It
improves productivity by reducing restart time.
Hot Reload?
+
Feature allowing code changes without restarting application.
How authorize multiple roles?
+
[Authorize(Roles=\Admin Manager\")]"
How execute Stored Procedures?
+
Use FromSqlRaw().
How implement Pagination?
+
Use Skip() and Take().
How prevent privilege escalation?
+
Validate authorization checks on every sensitive action.
How prevent SQL Injection?
+
Use parameterized queries and stored procedures.
How register EF Core?
+
services.AddDbContext(options => options.UseSqlServer(...));
How return IActionResult?
+
Use Ok(), NotFound(), BadRequest(), Created().
How Seed Data?
+
Use HasData() inside OnModelCreating().
How upload files?
+
Use IFormFile parameter.
HTML Helper?
+
Methods that generate HTML controls programmatically in views.
HTML server controls in ASP.NET?
+
HTML controls become server controls by adding runat="server". They behave
like programmable server-side objects. They allow event handling and server
processing.
HTTP Handler?
+
An HttpHandler is a component that processes individual HTTP requests. It
acts as an endpoint for file extensions like .aspx, .ashx, .jpg etc. It is
lightweight and best for custom resource generation.
HTTP Logging Middleware?
+
Logs details about incoming requests and responses.
HTTP Status Codes?
+
200 OK, 201 Created, 400 Bad Request, 401 Unauthorized, 404 Not Found, 500
Server Error.
HTTP Verb Mapping?
+
Mapping controller actions to verbs using [HttpGet], [HttpPost], etc.
HTTP Verb?
+
Operations like GET, POST, PUT, DELETE mapped to actions.
HttpClientFactory?
+
Factory pattern to create and manage HttpClient instances.
HttpModule?
+
Windows-only ASP.NET components that handle HTTP request/response events in
the pipeline.
HTTPS Redirection Middleware?
+
Forces application to use secure connection.
HTTPS Redirection?
+
Force HTTPS using app.UseHttpsRedirection().
IActionFilter?
+
Interface for implementing custom filters.
IActionResult?
+
Base interface for different action results.
IActionResult?
+
Base interface for action results in ASP.NET Core MVC.
IAM?
+
Identity and Access Management.
IAuthorizationService?
+
Service to manually invoke authorization programmatically.
IConfiguration?
+
Interface used to access application configuration values.
IConfiguration?
+
Interface used to read configuration data.
Idempotency?
+
Operation that produces the same result when repeated.
Identity Framework?
+
Built-in membership system for authentication and user roles.
Identity Provider (IdP)?
+
Service that authenticates users.
IdentityServer?
+
OAuth2/OpenID Connect framework for authentication and authorization.
IHttpClientFactory?
+
Factory for creating HttpClient instances safely.
IHttpClientFactory?
+
IHttpClientFactory creates and manages HttpClient instances to avoid socket
exhaustion and improve performance in Web API calls.
IHttpClientFactory?
+
ASP.NET Core factory for creating and managing HttpClient instances.
IHttpClientFactory?
+
Factory pattern for creating optimized HttpClient instances.
IHttpContextAccessor?
+
Used to access HTTP context in non-controller classes.
IIS Integration?
+
In Windows hosting, Kestrel works behind IIS. IIS handles SSL, load
balancing, and process management, while Kestrel executes the request
pipeline.
IIS?
+
Web server for hosting ASP.NET apps.
IIS?
+
Internet Information Services — a Windows web server.
ILogger?
+
Logging interface used for tracking application events.
Impersonation?
+
Executing code under another user's identity.
Impersonation?
+
Execute actions under another user's identity.
Implement Ajax in MVC?
+
Using @Ajax.BeginForm() and AjaxOptions. You can call actions asynchronously
using jQuery AJAX. The server returns JSON or partial views. This improves
performance without full page reloads.
Implement MVC Forms authentication:
+
Forms authentication uses login pages, authentication cookies, and
AuthorizeAttribute to protect secured pages.
Implicit Deny?
+
If no rule allows it, access is denied.
Importance of NonActionAttribute?
+
It marks a method in a controller as not an action method. This prevents it
from being executed via URL routing. Useful for helper methods within
controllers. Enhances security and routing control.
Improve API Performance?
+
Caching, AsNoTracking, async queries, efficient queries.
Improve ASP.NET performance:
+
Use caching, compression, output caching, and minimized ViewState. Optimize
SQL queries and enable async processing. Reduce server round trips and
bundling/minifying scripts.
Inheritance?
+
Deriving classes from base classes.
In-memory vs Distributed Cache
+
In-memory caching stores data on the server and is best for single-instance
apps. Distributed caching uses Redis or SQL Server and supports
load-balanced environments.
Interface?
+
Contract specifying methods without implementation.
IOptions pattern?
+
Method to bind strongly-typed settings from configuration to C# classes.
IOptions pattern?
+
Used to map configuration sections to strongly typed classes.
Is ASP.NET Core open source?
+
Yes, it is developed under the .NET Foundation and is fully open source.
Is DI built-in in ASP.NET Core?
+
Yes, ASP.NET Core has built-in DI support.
Is MVC stateless?
+
Yes, MVC follows stateless architecture where every request is independent.
JIT Compiler?
+
Just-In-Time compiler that converts IL code to native machine code.
JIT compiler?
+
Converts IL to native code at runtime, optimizing performance and memory;
types include Pre-JIT, Econo-JIT, Normal-JIT.
JIT compiler?
+
Just-in-Time compiler converts IL code to machine code during runtime.
JSON global config?
+
builder.Services.Configure(...).
JSON Serialization?
+
Converting objects into JSON format for transport or storage.
JSON Serializer used?
+
System.Text.Json (default), with option to use Newtonsoft.Json.
JSON.stringify?
+
Converts JavaScript object into JSON format for ajax posts.
JsonResult?
+
Returns JSON formatted response.
Just-In-Time Access (JIT)?
+
Provide temporary elevated permissions.
JWT Authentication?
+
JWT (JSON Web Token) is a token-based authentication method used in
microservices and APIs. It stores claims and is stateless, meaning no
session storage is required.
JWT creation coding?
+
Use JwtSecurityTokenHandler to generate token.
JWT Token?
+
Stateless token format used for authentication.
JWT?
+
A compact, self-contained token for securely transmitting claims between
parties.
JWT?
+
JSON Web Token for stateless authentication between client and server.
JWT?
+
JSON Web Token used for bearer authentication.
Kerberos?
+
Secure ticket-based authentication protocol.
Kestrel Server?
+
Kestrel is the default lightweight web server in ASP.NET Core. It is fast,
cross-platform, and optimized for high-performance apps.
Kestrel?
+
Cross-platform lightweight web server for ASP.NET Core.
Kestrel?
+
A lightweight, cross-platform web server used by ASP.NET Core applications.
Key DifBet ASP.NET and ASP.NET Core?
+
ASP.NET Core is cross-platform, modular, open-source, and faster compared to
ASP.NET Framework.
Kubernetes?
+
Container orchestration platform used to deploy microservices.
Latest version of ASP.NET Core?
+
The latest stable version of ASP.NET Core (as of December 2025) follows the
latest .NET release: ASP.NET Core 10.0 — shipped with .NET 10 on November
11, 2025.
LaunchSettings.json in ASP.NET Core?
+
This file stores environment and profile settings for the application during
development. It defines the application URL, SSL settings, and environment
variables like ASPNETCORE_ENVIRONMENT. It helps configure debugging profiles
for IIS Express or direct execution.
Layout page?
+
Template defining common design elements such as header and footer.
Layout Page?
+
Master template providing shared UI like header/footer across multiple
views.
Lazy Loading?
+
Loads navigation properties on first access.
Least Privilege Access?
+
Users receive minimal required permissions.
library supports resiliency?
+
Polly.
LINQ?
+
Query syntax integrated into C# to query collections/databases.
LINQ?
+
LINQ (Language Integrated Query) allows querying data from collections,
databases, XML, etc. using C# syntax. It improves code readability and
eliminates SQL string errors.
LINQ?
+
Query syntax for querying data collections, SQL, XML, and EF.
LINQ?
+
Query syntax used to retrieve data from collections or databases.
List HTTP methods.
+
GET, POST, PUT, PATCH, DELETE, OPTIONS.
Load Balancing?
+
Distribute requests across servers.
Load Balancing?
+
Distributing application traffic across multiple servers for performance and
redundancy.
Lock statement?
+
Prevents multiple threads from accessing code simultaneously.
Logging in .NET Core?
+
.NET Core provides built-in logging with providers like Console, Debug,
Serilog, and Application Insights. It helps monitor app behavior and errors.
Logging in ASP.NET Core?
+
Built-in framework to log information using ILogger.
Logging in MVC Core?
+
Capturing application logs via ILogger and providers.
logging providers are supported?
+
Console, Debug, Azure App Insights, Seq, Serilog.
Logging Providers?
+
Serilog, NLog, Seq, Application Insights.
Logging System
+
Built-in support for console, file, Application Insights, SeriLog, etc.
Logging?
+
System to capture and store application logs.
Machine.config?
+
System-wide configuration file for .NET Framework.
Main DiffBet MVC and Web API?
+
MVC is used to return views (HTML) for web applications. Web API is used to
build RESTful services and returns data formats like JSON or XML. MVC is
UI-focused, whereas Web API is service-focused. Web API can be used by
mobile, IoT, and web clients.
Maintain the sessions in MVC?
+
Session can be maintained using Session[], cookies, TempData, ViewBag,
QueryString, and Hidden fields.
Major events in global.aspx?
+
Common events include Application_Start, Session_Start,
Application_BeginRequest, Session_End, and Application_End. These events
manage application life cycle tasks. They handle logging, caching, and
security logic. They execute globally for the entire application.
Managed Code?
+
Code executed under the supervision of CLR.
master pages in ASP.NET?
+
Master pages define a common layout for multiple web pages. Content pages
inherit this layout to maintain consistent UI. They reduce duplication of
HTML code. Common parts like headers, footers, and menus are shared.
Master Pages:
+
Master Pages define a common layout for multiple pages. Content pages fill
placeholders within the master. Useful for consistency and easier
maintenance.
Message Queues?
+
Kafka, RabbitMQ, Azure Service Bus.
Metadata in .NET?
+
Information about types, methods, references stored with assemblies.
Methods of session maintenance in ASP.NET:
+
ASP.NET provides several ways to maintain sessions, including In-Process
(InProc), State Server, SQL Server, and Custom session state providers.
Cookies and cookieless sessions are also used. These mechanisms help store
user-specific data across requests.
MFA?
+
Multi-factor authentication using multiple methods.
Microservices Architecture?
+
Architecture pattern where the application is composed of independent
services.
Microservices architecture?
+
System divided into small loosely coupled services.
Middleware components?
+
Pipeline components that process HTTP requests and responses in sequence.
Middleware Concept
+
Middleware are components processing requests in sequence.
Middleware in ASP.NET Core?
+
Pipeline components that process HTTP requests/responses, e.g.,
authentication, routing, logging, CORS.
Middleware Pipeline?
+
Requests pass through ordered middleware, each handling logic before
forwarding.
Middleware Pipeline?
+
Sequential execution of request-processing components in ASP.NET Core.
Middleware?
+
A pipeline component that processes HTTP requests and responses. it is
lightweight, runs cross-platform, and fully configurable in code.
middleware?
+
Components that process HTTP requests in ASP.NET Core pipeline.
Migration commands?
+
dotnet ef migrations add Name; dotnet ef database update
Migrations?
+
System for applying and tracking database schema changes.
Minification and Bundling used?
+
They reduce file size and combine multiple CSS/JS files to improve
performance.
Minimal API?
+
Define routes using MapGet(), MapPost(), MapPut(), etc.,Lightweight syntax
for defining endpoints without controllers.Lightweight HTTP endpoints with
minimal code, ideal for microservices and prototypes.
Minimal API?
+
Lightweight HTTP API setup introduced in .NET 6 using minimal hosting model.
Mocking Framework?
+
Tools like MOQ used to simulate dependencies during testing.
Mocking?
+
Simulating dependencies using fake objects.
Modal Binding in Razor Pages?
+
Mapping form inputs automatically to page properties.
Model Binder?
+
Maps request data to models automatically.
Model Binding
+
Automatically maps form, query string, and JSON data to model classes.
Model Binding?
+
Maps HTTP request data to C# parameters automatically. Model binding maps
incoming request data to method parameters or model objects automatically.
It simplifies request handling in MVC and Web API.
Model Binding?
+
Automatic mapping of HTTP request data to action method parameters.
Model Binding?
+
Automatic mapping of request data to method parameters or models.
Model Binding?
+
Automatic mapping of HTTP request data to model objects.
Model in MVC?
+
Model represents application data and business logic.
Model Validation
+
Uses Data Annotations and custom validation attributes.
Model Validation?
+
Ensures incoming data meets rules via DataAnnotations.
Model Validation?
+
Ensures input values meet defined requirements before processing.
Model Validation?
+
Ensuring input meets validation rules before processing.
ModelState?
+
Stores the state of model binding and validation errors.
Model-View-Controller?
+
MVC is a design pattern that separates an application into Model, View, and
Controller components.
Monolith Architecture?
+
Single deployable unit with tightly coupled components.
Monolithic architecture?
+
Single deployable unit with tightly-coupled components.
MSIL?
+
Intermediate language generated from .NET code before JIT compilation.
Multicast Delegate?
+
Delegate pointing to multiple methods.
Multiple environments
+
Configured using ASPNETCORE_ENVIRONMENT variable (Dev, Staging, Prod).
MVC Architecture
+
Separates application logic into Model, View, Controller.
MVC Components
+
Model stores data, View displays UI, Controller handles requests.
MVC in AngularJS?
+
AngularJS follows an MVC-like architecture. Model holds data, View
represents the UI, and Controller manages logic. It helps in clear
separation of concerns in client-side apps. Angular automates data binding
between Model and View.
MVC in ASP.NET Core?
+
Model-View-Controller pattern used for web UI and API development.
MVC Page life cycle stages:
+
Stages include Routing, Controller initialization, Action execution, Result
execution, and View rendering.
MVC Routing?
+
Maps URL patterns to controller actions.
MVC works in Spring?
+
Spring MVC uses DispatcherServlet as the front controller. It routes
requests to controllers. Controllers return Model and View data. The
ViewResolver renders the final response.
MVC?
+
A design pattern dividing application logic into Model, View, Controller.
MVC?
+
MVC stands for Model-View-Controller architecture separating UI, data, and
logic.
MVC?
+
MVC (Model-View-Controller) separates business logic, UI, and request
handling into Model, View, and Controller.This improves testability,
maintainability, scalability, and is widely used for modern web
applications.
Name the assembly in which the MVC framework is
typically defined.
+
ASP.NET MVC is mainly defined in the System.Web.Mvc assembly.
Namespace?
+
A container for organizing classes and types.
Navigate from one view to another using a
hyperlink?
+
Use the Html.ActionLink() helper in MVC. Example: @Html.ActionLink("Go to
About", "About", "Home"). This generates an anchor tag with route mapping.
Clicking it redirects to the specified view.
Navigation between views example.
+
Using hyperlink: Go to About.
Navigation techniques:
+
Navigation in ASP.NET uses Hyperlinks, Response.Redirect, Server.Transfer,
Cross-page posting, and Site Navigation controls like Menu and TreeView. It
helps users move between pages.
New features in ASP.NET Core?
+
Dependency Injection built-in, cross-platform, unified MVC+Web API,
lightweight middleware pipeline, and performance improvements.Enhanced
Minimal APIs, improved performance, better real-time support, updated
security, and stronger observability tools.
New in .NET Core 2.1 / ASP.NET Core 2.1?
+
Features include Razor Class Libraries, HTTPS by default, SPA templates,
SignalR support, and GDPR compliance tools. It also introduced global tools,
improved performance, and simplified identity UI.
Non-Repudiation?
+
Ensuring actions cannot be denied by users.
N-Tier architecture?
+
Layers like UI, Business, Data Access.
NTLM?
+
Windows challenge-response authentication protocol.
NuGet?
+
NuGet is the package manager for .NET. Developers use it to download, share,
and manage libraries. It supports dependency resolution and automatic
updates.
NuGet?
+
Package manager for .NET libraries.
Nullable type?
+
Represents value types that can be null.
NUnit/MSTest?
+
Unit testing frameworks for .NET.
OAuth Refresh Token Rotation?
+
Invalidating old refresh token when issuing a new one.
OAuth vs SAML?
+
OAuth is authorization; SAML is authentication using XML.
OAuth?
+
Open standard for secure delegated access.
OAuth2 Authorization Code Flow?
+
Secure flow used by web apps requiring user login.
OAuth2 Client Credentials Flow?
+
Service-to-service authorization.
OAuth2 Implicit Flow?
+
Legacy browser flow not recommended.
OAuth2?
+
Delegated authorization framework for delegated access.
OAuth2?
+
Authorization framework allowing delegated access using tokens.
OOP?
+
Programming model using classes, inheritance, and polymorphism.
OpenID Connect?
+
Authentication layer on top of OAuth2 for user login and identity
management.
OpenID Connect?
+
Authentication layer built on top of OAuth 2.0.
OpenID Connect?
+
Identity layer on top of OAuth 2.0.
OpenID Connect?
+
Identity layer on top of OAuth for login authentication.
Optimistic Concurrency?
+
Use [Timestamp]/RowVersion to prevent data overwrites via row-version
checks.
Options Pattern
+
Used to bind strongly typed classes to configuration sections.
Order of filter execution in MVC
+
Order: 1. Authorization Filters 2. Action Filters 3. Result Filters 4.
Exception Filters Execution occurs in a defined pipeline sequence.
Ordering execution when multiple filters are
used:
+
Filters run in the order: Authorization → Action → Result → Exception
filters. Custom ordering can also be defined using the Order property.
OutputCache?
+
Caching mechanism used in MVC Framework to improve response time.
OWIN and ASP.NET Core
+
OWIN was designed to decouple web servers from web applications. ASP.NET
Core builds on the same lightweight pipeline concept but replaces OWIN with
a more flexible middleware model.
package enables Swagger?
+
Swashbuckle.AspNetCore
Page directives in ASP.NET:
+
Page directives provide configuration and instruction to the compiler.
Examples include @Page, @Import, @Master, and @Control. They define
attributes like language, inheritance, and code-behind file.
Pagination coding question?
+
Implement Skip(), Take(), and metadata.
Pagination in API?
+
Return data with totalCount, pageNo, pageSize.
Partial Class?
+
Split class across multiple files.
Partial view in MVC?
+
A partial view is a reusable piece of UI code. It works like a user control
and avoids code duplication. It is rendered inside another view. Useful for
menus, headers, and reusable content blocks.
Partial View?
+
Reusable view component shared across multiple views.
Partial View?
+
Reusable UI component used in multiple views.
Partial Views
+
Partial views reuse UI sections like menus or forms. They reduce code
duplication and improve maintainability.
Parts of JWT?
+
Header, Payload, Signature.
PBAC?
+
Policy-Based Access Control.
Permission?
+
A specific capability like Read, Write, or Delete.
Permission-Based API Authorization?
+
APIs check user permissions before actions.
PKCE?
+
Enhanced security for mobile and SPA apps.
Points to remember while creating MVC
application?
+
Maintain separation of concerns. Use routing properly for readability. Keep
business logic in the Model or services. Use ViewModels instead of exposing
database models.
Policies in authorization?
+
Reusable authorization rules defined using AddAuthorization.
Policy Decision Point (PDP)?
+
Component that evaluates authorization policy.
Policy Enforcement Point (PEP)?
+
Component that checks access rules.
Policy-Based Authorization?
+
Define custom authorization rules inside AddAuthorization().
Polymorphism?
+
Ability to override methods for different behavior.
Post-Authorization Logging?
+
Record actions taken after authorization.
PostBack property:
+
IsPostBack indicates whether the page is loaded first time or due to a user
action like a button click. It helps avoid re-binding data unnecessarily.
Useful for improving performance.
PostBack?
+
When a page sends data to the server and reloads itself.
Prevent CSRF?
+
Anti-forgery tokens and SameSite cookies.
Prevent SQL Injection?
+
Parameterized queries/EF Core.
Principle of Least Privilege?
+
Users get only required permissions.
Privilege Escalation?
+
Attack where user gains unauthorized permissions.
Privileged Access Management (PAM)?
+
System to monitor and control high-privilege accounts.
Program.cs used for?
+
Defines application bootstrap, host builder, and startup configuration.
Program.cs?
+
Entry point that configures the host, services, and middleware.
Purpose of MVC pattern?
+
To separate concerns and make application maintainable, testable, and
scalable.
Query String in ASP?
+
Query strings pass values through the URL during page requests. They are
used for lightweight data transfer. A query string starts after a ? in the
URL. It is visible to users, so sensitive data should not be stored.
Rate Limiting?
+
Restricting how many requests a client can make.
rate limiting?
+
Controlling request frequency to protect system resources.
Rate Limiting?
+
Controls request frequency to prevent abuse.
Razor Pages in ASP.NET Core?
+
Page-focused ASP.NET Core model with combined view and logic, ideal for CRUD
apps.
Razor Pages?
+
A page-focused ASP.NET Core model where each page has its own UI and logic,
ideal for simpler web apps.
Razor Pages?
+
A page-based framework for building UI similar to MVC but simpler.
Razor Pages?
+
Page-based model alternative to MVC introduced in .NET Core.
Razor View Engine?
+
Syntax for rendering HTML with C# code.
Razor View Engine?
+
Lightweight syntax for writing server-side code inside HTML.
Razor view file extensions:
+
.cshtml (C# Razor) and .vbhtml (VB Razor) are used for Razor views.
Razor?
+
Razor is a templating engine used in ASP.NET MVC and Razor Pages. It
combines C# with HTML to generate dynamic UI. It is lightweight, fast, and
easy to use.
Razor?
+
A markup syntax in ASP.NET for embedding C# into views.
RBAC?
+
Role-Based Access Control.
Real-life example of MVC?
+
A shopping website: Model: Product data View: Product display page
Controller: User actions like Add to Cart They work together to complete
functionality.
RedirectToAction()?
+
Redirects browser to another action or controller.
Redis caching coding?
+
AddStackExchangeRedisCache().
Redis?
+
Fast distributed in-memory caching system.
Redis?
+
In-memory distributed caching system.
Reflection?
+
Inspecting metadata and creating objects dynamically at runtime.
Refresh Token?
+
A long-lived token used to obtain new access tokens without re-login.
Remoting?
+
Legacy communication between .NET applications.
RenderBody vs RenderPage:
+
RenderBody() outputs the content of the child view in layout. RenderPage()
inserts another Razor page inside a view like a partial.
RenderBody() outputs the content of the child
view in layout. RenderPage() inserts another Razor page inside a view like a
partial.
+
Additional Questions
Repository Pattern?
+
Abstraction layer over data access.
Repository Pattern?
+
Abstraction layer separating business logic from data access logic.
Repository Pattern?
+
A pattern separating data access layer from business logic.
Request Delegate?
+
A delegate such as RequestDelegate handles HTTP requests and responses
inside middleware.
Resource Server?
+
API that verifies and uses access tokens.
Resource?
+
A data entity identified by a URI like /users/1.
Resource-Based Authorization?
+
Authorization rules applied based on a specific resource instance.
Response Compression?
+
Compresses HTTP responses using gzip/br or deflate.
Response Compression?
+
Compressing HTTP output for faster response.
REST API?
+
API that adheres to REST principles such as statelessness, resource
identification, caching.
REST?
+
An architectural style using stateless communication over HTTP with
resources.
REST?
+
Representational State Transfer — stateless communication using HTTP verbs.
Retry Policy?
+
Automatic retry logic for failed external calls.
Return PartialView()?
+
Returns only partial content without layout.
Return types of an action method:
+
Returns include ViewResult, JsonResult, RedirectResult, ContentResult,
FileResult, and ActionResult.
Return View()?
+
Returns a full view to the browser.
reverse proxy?
+
Middleware forwarding requests from IIS/Nginx to Kestrel.
Role of ActionFilters in MVC?
+
ActionFilters allow you to run logic before or after an action executes.
They help in cross-cutting concerns like logging, authentication, caching,
and exception handling. Filters can be applied at the controller or method
level. Examples include: Authorize, HandleError, and OutputCache.
Role of Configure() method?
+
Defines the request handling pipeline using middleware like routing,
authentication, static files, etc.
Role of ConfigureServices()
+
Used to register services like DI, EF Core, identity, logging, and custom
services.
Role of IHostingEnvironment?
+
Provides environment-specific info like Development, Production, and
staging.
Role of Middleware
+
Authentication, logging, routing, exception handling.
Role of MVC components:
+
Presentation (View) shows data, Abstraction (Model) handles logic/data,
Control (Controller) manages requests and updates.
Role of MVC in AngularJS?
+
MVC helps structure the application for maintainability. Model stores data,
View displays data using HTML, and Controller updates data. Angular’s
two-way binding keeps Model and View synchronized. It helps in scaling
complex front-end applications.
Role of Startup class?
+
It configures application services via ConfigureServices() and request
pipeline via Configure().
Role of WebHost.CreateDefaultBuilder()?
+
Configures default settings like Kestrel, logging, config, ENV detection.
Role?
+
A named group of permissions.
Role-Based Authorization?
+
Restrict access using roles, e.g., [Authorize(Roles="Admin")].
RouteConfig.cs?
+
Contains registration logic for routing in MVC Framework.
Routes difference in WebForm vs MVC:
+
WebForms use file-based routing, MVC uses pattern-based routing with
controllers and actions.
Routing
+
Maps URLs to controllers and actions using UseRouting() and
MapControllerRoute().
routing and three segments?
+
Routing is the process of mapping incoming URLs to controller actions. The
default pattern contains three segments: {controller}/{action}/{id}. It
helps in SEO-friendly and user-readable URLs.
Routing carried out in MVC?
+
Routing engine matches the URL with route patterns from the RouteConfig and
executes the mapped controller and action.
Routing in MVC?
+
Routing maps URLs to corresponding Controller actions.
routing in MVC?
+
Routing maps incoming URL requests to specific controllers and actions.
Routing is done in the MVC pattern?
+
Routing is handled by a RouteConfig.cs file (or Program.cs in .NET Core).
ASP.NET MVC uses pattern matching to map URLs to controllers. Routes are
registered at application startup. Based on the URL, MVC identifies which
controller and action to execute.
Routing is not required?
+
1. Serving static files (images, CSS, JS). 2. Accessing .axd resource
handlers. Routing bypasses these requests automatically. 31) Features of
MVC?
Routing Types
+
Convention-based routing and attribute routing.
Routing?
+
Matches HTTP requests to endpoints.
routing?
+
Route mapping of URLs to controller actions.
Routing?
+
Mapping incoming URLs to controller actions or endpoints.
Row-Level Security?
+
User can only access specific rows based on rules.
Rules of Razor syntax:
+
Razor starts with @, supports IntelliSense, has clean HTML mixing, and
minimizes closing tags compared to ASPX.
runtime does ASP.NET Core use?
+
.NET 5/6/7/8 (Unified .NET runtime).
Runtime Identifiers (RID)?
+
RID represents the platform where an app runs (e.g., win-x64, linux-arm64).
Used for publishing self-contained apps.
Scaffolding?
+
Automatic generation of CRUD code for model and views.
Scope Creep?
+
Unauthorized expansion of delegated access.
Scope in OAuth2?
+
Defines what access the client is requesting.
Scoped lifetime?
+
Service created once per request.
Scoped lifetime?
+
One instance per HTTP request.
Scoped lifetime?
+
Creates one instance per client request.
Sealed class?
+
Class that cannot be inherited.
Security & Authorization
+
ASP.NET Core uses policies, role-based access, authentication middleware,
and secure coding to protect resources. Best practices include HTTPS, input
validation, and secure tokens.
Self-Authorization Design?
+
User automatically given access to own resources.
Self-Contained Deployment?
+
The app includes its own .NET runtime. It does not require .NET to be
installed on the host machine.
Send JSON result in MVC?
+
Use return Json(object, JsonRequestBehavior.AllowGet);. This serializes the
object into JSON format. Useful in AJAX-based applications. It is commonly
used in API responses.
Separation of Duties?
+
Critical tasks split among multiple users.
Serialization Libraries?
+
System.Text.Json, Newtonsoft.Json.
Serialization?
+
Converting objects to byte streams, JSON, or XML.
Serilog?
+
Third-party structured logging library.
Serverless Computing?
+
Execution model where cloud runs functions without managing servers.
Server-side validation?
+
Validation performed on server during HTTP request processing.
Service Lifetimes
+
Transient, Scoped, Singleton.
Service Lifetimes?
+
Singleton, Scoped, Transient.
Session Fixation?
+
Attack that hijacks a valid session.
Session in MVC Core?
+
Stores user state data server-side while maintaining stateless nature.
Session State Management
+
Uses cookies, TempData, distributed caching, or session middleware.
Session State?
+
Server-side storage for user data.
session?
+
Server-side state management storing user data across requests.
Sessions maintained in MVC?
+
Sessions can be maintained using Session[] variables. Example:
Session["User"] = "John";. ASP.NET uses server-side storage for session
values. Cookies or session identifiers track user session state.
SignalR?
+
SignalR is a .NET library for real-time communication. It supports
WebSockets and used for chat apps, live dashboards, and notifications.
SignalR?
+
Real-time communication framework for push notifications, chat, live
updates.
SignalR?
+
Framework for real-time communication like chat, live updates.
Significance of NonActionAttribute:
+
NonActionAttribute is used in MVC to prevent a public method inside a
controller from being treated as an action method. It tells the framework
not to expose or invoke the method via routing. This is useful for helper or
private logic inside controllers.
Singleton lifetime?
+
Service instance created once for entire application lifetime.
Singleton lifetime?
+
Single instance for the entire application lifecycle.
Singleton lifetime?
+
One instance shared across application lifetime.
Soft Delete in API?
+
Use IsDeleted filter globally.
Soft Delete?
+
Mark record as deleted instead of physically removing.
SOLID?
+
Five design principles: SRP, OCP, LSP, ISP, DIP.
Spring MVC?
+
Spring MVC is a Java-based MVC framework used to build flexible and loosely
coupled web applications.
SQL Injection?
+
Attack using unsafe SQL input.
SQL Injection?
+
Security attack via malicious SQL input.
SSO?
+
Single Sign-On allows login once across multiple apps.
SSO?
+
Single Sign-On allowing one login for multiple applications.
Startup class used for?
+
Configures services and the HTTP request pipeline.
Startup.cs?
+
Startup.cs in ASP.NET Core configures the application’s services and
middleware pipeline. The ConfigureServices method registers services like
dependency injection, database contexts, and authentication. The Configure
method sets up middleware such as routing, error handling, and static files.
It defines how the app responds to HTTP requests during startup.
Startup.cs?
+
File configuring middleware, routing, authentication in MVC Core.
Statelessness?
+
Server stores no client session; each request is independent.
Static Authorization?
+
Predefined access rules.
Static class?
+
Class that cannot be instantiated.
Steps in the execution of an MVC project?
+
Request goes to the Routing Engine, which maps it to a controller and
action. The controller executes the required logic and interacts with the
model. A View is selected and rendered to the browser. Finally, the response
is returned to the client.
stored procedures?
+
Precompiled SQL code stored in the database.
Strong naming?
+
Assigning a unique identity using public/private key pairs.
strongly typed view?
+
A view bound to a specific model class for compile-time validation.
strongly typed view?
+
A view bound to a specific model class using @model keyword.
Strongly Typed Views
+
These views are bound to a model class using @model. They improve
IntelliSense, compile-time safety, and easier data handling.
Swagger/OpenAPI?
+
Tool to document and test REST APIs.
Swagger?
+
Framework to document and test APIs interactively.
Swagger?
+
Documentation and testing tool for APIs.
Swagger?
+
Auto-documentation and testing tool for APIs.
Tag Helper in ASP.NET Core?
+
Tag helpers are server-side components that enable C# code to be used in
HTML elements. They make views cleaner and more readable, especially for
forms, routing, and validation. Examples include asp-controller, asp-route,
and asp-validation-for.
Tag Helper?
+
Server-side helpers to generate HTML in Razor views.
Tag Helper?
+
Server-side components used to generate dynamic HTML.
Tag Helpers?
+
Server-side Razor components that generate HTML in .NET Core MVC.
Task Parallel Library (TPL)?
+
Framework for parallel programming using tasks.
TempData in MVC?
+
TempData stores data temporarily and is used to pass values across requests,
especially during redirects.
TempData used for?
+
Used to pass data across redirects between actions.
TempData: Stores data temporarily across
redirects.
+
ViewData: Key-value store for passing data to view.
TempData?
+
Stores data for one request cycle.
TempData?
+
Stores data temporarily and persists across redirects.
the Base Class Library?
+
Reusable classes for IO, networking, collections, threading, XML, etc.
the DifBet early and late binding?
+
Early binding resolved at compile time, late binding at runtime.
the main components of .NET Framework?
+
CLR, Base Class Library, ASP.NET, ADO.NET, WPF, WCF.
Themes in ASP.NET application?
+
Themes style pages and controls consistently using CSS, skin files, and
images stored in the App_Themes folder;they can be applied via Page
directive, Web.config, or programmatically to maintain a uniform UI design.
Themes in ASP.NET:
+
Themes define the UI look and feel of a web application. They include
styles, skins, and images. Useful for consistent branding across pages.
Threading?
+
Executing multiple tasks concurrently.
Throttling?
+
Controlling request frequency.
Token Authentication?
+
Authentication based on tokens instead of cookies.
Token Binding?
+
Crypto mechanism tying tokens to client devices.
Token Exchange?
+
Exchanging one token for another for different scopes.
Token Introspection?
+
Process of validating token on the Authorization Server.
Token Revocation?
+
Process of invalidating tokens before expiration.
Token-Based Authorization?
+
Access granted via tokens like JWT.
tracing in .NET?
+
Tracing helps debug and analyze runtime behavior. It displays request
details, control hierarchy, and performance info. Tracing can be enabled at
page or application level. It is useful during development for
troubleshooting.
Tracking vs NoTracking?
+
AsNoTracking improves performance for reads.
Transient lifetime?
+
New instance created each time the service is requested.
Transient lifetime?
+
Creates a new instance each time requested.
Transient lifetime?
+
Creates a new instance every time requested.
Two approaches of adding constraints to a route:
+
Constraints can be added using regular expressions or built-in constraint
classes like HttpMethodConstraint.
Two ways to add constraints to a route?
+
1. Using Regular Expressions. 2. Using Parameter Constraints (like int,
guid). They restrict valid route patterns. Helps avoid ambiguity.
Two ways to add constraints:
+
Using Regex constraints or custom constraint classes/interfaces.
Types of ActionResult?
+
ViewResult, JsonResult, RedirectResult, FileResult, PartialViewResult,
ContentResult.
Types of authentication in ASP.NET?
+
Forms, Windows, Passport, Token, Basic.
Types of Caching?
+
In-memory, Distributed, Redis, Response caching.
Types of caching?
+
Output caching, Data caching, Distributed caching.
Types of caching?
+
In-Memory Cache, Distributed Cache, Response Cache.
Types of DI lifetimes?
+
Singleton, Scoped, Transient.
Types of filters?
+
Authorization, Action, Result, and Exception filters.
Types of Filters?
+
Authorization, Action, Result, Exception filters.
Types of JIT?
+
Pre-JIT, Econo-JIT, Normal-JIT.
Types of results in MVC?
+
Common types include: ViewResult JsonResult RedirectResult ContentResult
FileResult Each type corresponds to a different response format.
Types of Routing?
+
Attribute routing, Conventional routing, Minimal API routing.
Types of routing?
+
Convention-based routing and Attribute routing.
Types of Routing?
+
Convention-based and Attribute-based routing.
Types of serialization?
+
Binary, XML, SOAP, JSON.
Unboxing?
+
Extracting value type from object.
Unit of Work Pattern?
+
Manages multiple repositories under a single transaction.
Unit of Work Pattern?
+
Manages multiple repository operations under a single transaction.
Unit of Work Pattern?
+
Manages multiple repository operations under a single transaction.
Unit Testing Controllers
+
Controllers are tested using mock dependencies injected via constructor.
Frameworks like Moq help simulate external services.
Unit Testing in MVC?
+
Testing controllers, models, and logic without running UI.
Unit Testing?
+
Testing individual code components.
Unmanaged Code?
+
Code executed directly by OS outside CLR like C/C++.
URI vs URL?
+
URI identifies a resource; URL locates it.
URL Rewriting Middleware
+
This middleware modifies request URLs before routing. It is useful for SEO
redirects, legacy URL support, and HTTPS enforcement.
Use MVC in JSP?
+
Use Java Beans as Model, JSP as View, and Servlets as Controllers. The
controller receives requests, interacts with the model, and forwards output
to the view. Ensures clean separation of logic. 35) How MVC works in Spring?
Use of ActionFilters in MVC?
+
Action filters execute custom logic before or after Action methods, such as
logging, caching, or authorization.
Use of CheckBox in .NET?
+
A CheckBox allows users to select one or multiple options. It returns
true/false based on user selection. It can trigger events like
CheckedChanged. It is widely used in forms and permissions.
Use of default route {resource}.axd/{*pathinfo}?
+
It is used to ignore requests for Web Resource files. Static resources like
scripts and images are handled separately. Prevents MVC routing from
processing system files. Used mainly for performance optimization.
Use of ng-controller in external files?
+
ng-controller helps load logic defined in a separate JavaScript file. This
separation keeps code modular and manageable. It also promotes reusability
and avoids inline scripts. Used for scalable Angular applications.
Use of UseIISIntegration?
+
Configures the app to work with IIS as a reverse proxy.
Use of ViewModel:
+
A ViewModel holds data required by the view and may combine multiple models.
It improves separation of concerns.
Use repeater control in ASP.NET?
+
Repeater displays repeated data from data sources like SQL or Lists. It
provides full HTML control without predefined layout. Data is bound using
DataBind() method. Ideal for flexible UI formatting.
used to handle an error in MVC?
+
MVC uses Exception Filters, HandleErrorAttribute, custom error pages, and
global filters to handle errors. It also supports logging frameworks for
exception tracking.
Using ASP.NET Core APIs from a Class Library
+
Class libraries can reference ASP.NET Core packages and use dependency
injection to access services. Shared logic like validation or domain models
can be placed in the library for reuse.
Using hyperlink:
+
Go to About
Validation in ASP.NET Core
+
Validation uses data annotations and model binding. It ensures rules are
applied once and reused across views and APIs (DRY principle).
Validation in MVC?
+
Process ensuring user input meets defined rules before saving.
Various JSON files in ASP.NET Core?
+
appsettings.json, launchSettings.json, bundleconfig.json, and
environment-specific config files.
Various steps to create the request object?
+
MVC parses the incoming HTTP request. It identifies route data, initializes
the Controller and Action. Binding occurs to form parameters and then the
request object is passed.
View Component?
+
Reusable rendering component similar to partial views but with logic.
View Engine?
+
Component that renders UI from templates.
View in MVC?
+
View is the UI representation of model data shown to the user.
View Models
+
Custom class containing only data required by the View.
View State?
+
Preserves page and control values across postbacks in ASP.NET WebForms using
a hidden field.
ViewBag?
+
Dynamic data dictionary for passing data from controller to view.
ViewData: Key-value store for passing data to
view.
+
ViewBag: Dynamic wrapper around ViewData.
ViewData?
+
A dictionary-based container to pass data between controller and view.
ViewEngineResult?
+
Represents result of view engine locating view or partial.
ViewEngines?
+
Engines that compile and render views like RazorViewEngine.
ViewImports.cshtml?
+
Registers namespaces, helpers, and tag helpers for Razor views.
ViewModel?
+
A class combining multiple models or additional data required by the view.
ViewStart.cshtml?
+
Executes before every view and sets layout page.
ViewStart?
+
_ViewStart.cshtml runs before each view and sets common settings like
layout. It helps avoid repeating configuration in each view.
ViewState?
+
Mechanism to persist page and control values in Web Forms.
ViewState?
+
A mechanism in ASP.NET WebForms to preserve page and control state across
postbacks.
WCF bindings?
+
Transport protocols like basicHttpBinding, wsHttpBinding.
WCF?
+
Windows Communication Foundation for building service-oriented apps.
Web API in ASP.NET Core?
+
Framework for building RESTful services.
Web API in ASP.NET?
+
ASP.NET Web API is used to build RESTful services. It supports formats like
JSON and XML. It enables communication between client and server
applications. Web API is lightweight and ideal for mobile and SPA
applications.
Web API vs MVC?
+
MVC returns views while Web API returns JSON/XML data.
Web API?
+
Web API is used to build RESTful HTTP services in .NET. It supports JSON,
XML, routing, authentication, and stateless communication.
Web API?
+
A framework for building RESTful services over HTTP in ASP.NET.
Web Farm?
+
Multiple servers hosting the same application.
Web Garden?
+
Multiple worker processes in same application pool.
Web Services in ASP.NET?
+
HTTP-based services using XML/SOAP for cross-platform communication (.asmx
files). They use XML and SOAP protocols for data exchange. They help build
interoperable solutions across platforms. ASP.NET Web Services expose
methods using [.asmx] files.
Web.config file in ASP?
+
Web.config is an XML configuration file for ASP.NET applications. It stores
settings like database connections, security, and session management. It
controls application-level behavior without recompiling code. Multiple
Web.config files can exist for different directories.
Web.config?
+
Configuration file for ASP.NET application.
Web.config?
+
Configuration file for ASP.NET applications in .NET Framework.
Web.config?
+
Configuration file used in .NET MVC Framework applications.
WebListener?
+
A Windows-only web server used when advanced Windows authentication features
are required.
WebParts:
+
WebParts allow building customizable and personalized pages. Users can
rearrange, edit, or hide parts of a page. Useful in dashboards and portal
applications.
WebSocket?
+
Persistent full-duplex communication protocol for real-time applications.
WebSocket?
+
Persistent full-duplex connection used in real-time communication.
Where Startup.cs in ASP.NET Core 6.0?
+
In .NET 6+, minimal hosting model removes Startup.cs. Configuration like
services, routing, and middleware is now placed directly in Program.cs.
Why are API keys less secure?
+
No expiration and easily leaked.
Why choose .NET for development?
+
.NET provides high performance, strong ecosystem, cross-platform support,
built-in DI, cloud readiness, and great tooling like Visual Studio and
GitHub Copilot. It's ideal for enterprise, web, mobile, and microservice
applications.
Why do Access Tokens expire?
+
To reduce security risks and limit exposed lifetime.
Why not store authorization logic in UI?
+
Client-side can be tampered; authorization must be server-side.
Why use ASP.NET Core?
+
Fast, scalable, cloud-ready, open-source, modular design, and ideal for
Microservices and container deployments.
Why validate authorization on every request?
+
To ensure permissions haven't changed.
Windows Authentication?
+
Uses Windows credentials for login.
Windows Authorization?
+
Authorization using Windows identity and AD groups.
Worker Services?
+
Worker Services run background jobs without UI. They are ideal for scheduled
tasks, queue processing, and microservice background jobs.
WPF MVVM Pattern?
+
Model-View-ViewModel for UI separation.
WPF?
+
Windows Presentation Foundation for building rich desktop UIs.
wroot folder in ASP.NET Core?
+
Public web root for static files (CSS, JS, images); files outside are not
directly accessible.
XACML?
+
Authorization standard using XML-based policies.
XAML?
+
Markup language used to define UI elements in WPF.
XSS Prevention
+
XSS occurs when user input is executed as script. ASP.NET Core prevents this
through automatic HTML encoding and validation.
XSS?
+
Cross-site scripting via malicious scripts.
Zero Trust?
+
Always verify identity regardless of network.
What is .NET?
+
.NET is a software framework with libraries, runtime, and tools for building
applications.
What is .NET Core?
+
.NET Core is a fast, modular, cross-platform, open-source framework for
modern apps.
What is .NET Framework?
+
.NET Framework is a Windows-only framework for desktop and legacy web apps.
What is unified .NET (5/6/7/8)?
+
Unified .NET is a single cross-platform framework replacing .NET Core and
Framework.
What is CLR?
+
CLR manages execution, memory, garbage collection, and security.
What is IL or MSIL?
+
Intermediate Language generated from .NET code before execution.
What is JIT compilation?
+
JIT converts IL into native machine code at runtime.
What are JIT types?
+
Pre-JIT, Econo-JIT, and Normal-JIT.
What is CTS?
+
Common Type System ensures type consistency across .NET languages.
What is CLS?
+
Common Language Specification defines rules for language interoperability.
What is BCL?
+
Base Class Library provides reusable system classes.
What is managed code?
+
Code executed under CLR supervision.
What is unmanaged code?
+
Code executed directly by OS without CLR.
What is an assembly?
+
A compiled unit of code containing metadata and manifest.
What are assembly types?
+
DLL and EXE assemblies.
What is GAC?
+
Global Assembly Cache stores shared assemblies.
What is AppDomain?
+
An isolated execution environment for .NET applications.
What is boxing?
+
Converting value type to object.
What is unboxing?
+
Extracting value type from object.
What is garbage collection?
+
Automatic memory cleanup of unused objects.
What are GC generations?
+
Gen0, Gen1, and Gen2.
What is ASP.NET Core?
+
ASP.NET Core is a cross-platform, high-performance framework for building
web applications and APIs.
What are the key features of ASP.NET Core?
+
Cross-platform support, high performance, built-in dependency injection, and
modular middleware.
What is Kestrel?
+
Kestrel is the cross-platform web server used by ASP.NET Core.
What is the role of a web server in ASP.NET
Core?
+
It listens for HTTP requests and forwards them to the application.
What is IIS integration in ASP.NET Core?
+
IIS can act as a reverse proxy in front of Kestrel.
What is a reverse proxy?
+
A server that forwards client requests to another server.
What is hosting in ASP.NET Core?
+
Hosting is the environment where the application runs and processes
requests.
What hosting models does ASP.NET Core support?
+
In-process and out-of-process hosting.
What is in-process hosting?
+
The app runs inside the IIS worker process for better performance.
What is out-of-process hosting?
+
The app runs in a separate process using Kestrel.
What is the Program.cs file?
+
It configures and starts the ASP.NET Core application.
What is WebApplicationBuilder?
+
It simplifies app configuration and service registration.
What is WebApplication?
+
It represents the configured ASP.NET Core app.
What is Startup class?
+
A class used earlier to configure services and middleware.
What is middleware?
+
Middleware components process HTTP requests and responses in a pipeline.
What is middleware pipeline?
+
An ordered sequence of middleware components.
What is app.Use()?
+
Adds middleware that does not terminate the pipeline.
What is app.Run()?
+
Adds terminal middleware that ends the pipeline.
What is app.Map()?
+
Branches the middleware pipeline based on request path.
What is environment in ASP.NET Core?
+
It defines runtime configuration such as Development or Production.
What are common environments?
+
Development, Staging, and Production.
What is Dependency Injection (DI)?
+
Dependency Injection is a design pattern used to achieve loose coupling
between components.
Why is Dependency Injection important?
+
It improves testability, maintainability, and flexibility.
What DI container is used in ASP.NET Core?
+
ASP.NET Core provides a built-in lightweight DI container.
Where are services registered in ASP.NET Core?
+
Services are registered in the Program.cs file.
What is IServiceCollection?
+
It represents a collection of service registrations.
What is service lifetime?
+
It defines how long a service instance is created and reused.
What are the service lifetimes in ASP.NET Core?
+
Transient, Scoped, and Singleton.
What is a Transient service?
+
A new instance is created every time it is requested.
What is a Scoped service?
+
One instance is created per HTTP request.
What is a Singleton service?
+
A single instance is created for the entire application lifetime.
What is constructor injection?
+
Dependencies are provided through a class constructor.
What is property injection?
+
Dependencies are set through public properties.
What is method injection?
+
Dependencies are passed as method parameters.
What is IConfiguration?
+
An interface used to access application configuration values.
What are configuration providers?
+
Sources that supply configuration data.
What are common configuration providers?
+
appsettings.json, environment variables, command-line arguments, and
secrets.
What is appsettings.json?
+
A JSON file used to store application configuration.
What is environment-specific configuration?
+
Configuration files like appsettings.Development.json based on environment.
What is Options pattern?
+
A pattern for binding configuration settings to strongly typed classes.
What is IOptions
+
?
What is IOptionsSnapshot
+
?
What is IOptionsMonitor
+
?
What is ASP.NET Core MVC?
+
ASP.NET Core MVC is a framework for building web applications using the
Model-View-Controller pattern.
What are the core components of MVC?
+
Model, View, and Controller.
What is a Controller?
+
A controller handles incoming HTTP requests and returns responses.
What is an Action method?
+
A public method in a controller that handles a request.
What is a Model?
+
A model represents application data and business logic.
What is a View?
+
A view renders HTML UI using Razor syntax.
What is Razor?
+
Razor is a markup syntax for embedding C# code in HTML.
What is routing in ASP.NET Core?
+
Routing maps URLs to controller actions.
What is conventional routing?
+
Routing defined using URL patterns.
What is attribute routing?
+
Routing defined using attributes on controllers or actions.
What is endpoint routing?
+
A routing system that matches endpoints to requests.
What is MapControllerRoute()?
+
Defines conventional routes for MVC controllers.
What is MapControllers()?
+
Enables attribute routing for controllers.
What is route constraint?
+
A rule that restricts route parameter values.
What is route parameter?
+
A variable segment in a route URL.
What is default route?
+
A fallback route used when no specific route matches.
What is IActionResult?
+
An interface representing the result of an action method.
What are common action results?
+
ViewResult, JsonResult, RedirectResult, and StatusCodeResult.
What is model binding?
+
Mapping request data to action method parameters.
What is model validation?
+
Validating model data using data annotations.
What is ASP.NET Core Web API?
+
ASP.NET Core Web API is a framework for building RESTful HTTP services.
What is a REST API?
+
A REST API follows REST principles using HTTP methods to access resources.
What are REST constraints?
+
Client-server, statelessness, cacheability, uniform interface, layered
system.
What HTTP methods are used in Web API?
+
GET, POST, PUT, PATCH, and DELETE.
What does GET do in Web API?
+
GET retrieves data from the server.
What does POST do in Web API?
+
POST creates a new resource.
What does PUT do in Web API?
+
PUT updates or replaces an existing resource.
What does PATCH do in Web API?
+
PATCH partially updates a resource.
What does DELETE do in Web API?
+
DELETE removes a resource.
What is ApiController attribute?
+
It enables automatic model validation and REST-specific behavior.
What is ControllerBase?
+
A base class for Web API controllers without views.
What is content negotiation?
+
Selecting response format based on request headers.
What response formats does Web API support?
+
JSON and XML.
What is IActionResult in Web API?
+
Represents HTTP responses returned from API actions.
What is Ok() result?
+
Returns HTTP 200 success response.
What is CreatedAtAction()?
+
Returns HTTP 201 with location header.
What is BadRequest()?
+
Returns HTTP 400 client error response.
What is NotFound()?
+
Returns HTTP 404 when resource is missing.
What is status code result?
+
A result that returns only an HTTP status code.
What is API versioning?
+
Managing multiple versions of an API.
What are API versioning strategies?
+
URL-based, header-based, and query string versioning.
What is middleware in ASP.NET Core?
+
Middleware is a component that processes HTTP requests and responses in a
pipeline.
How is middleware executed?
+
Middleware executes sequentially in the order it is added.
What is terminal middleware?
+
Middleware that ends the request pipeline.
What is UseMiddleware()?
+
A method to add custom middleware to the pipeline.
What is built-in middleware?
+
Predefined middleware provided by ASP.NET Core.
What is exception handling middleware?
+
Middleware that handles unhandled exceptions globally.
What is UseExceptionHandler()?
+
Configures a global exception handling path.
What is UseDeveloperExceptionPage()?
+
Displays detailed error information during development.
What is status code pages middleware?
+
Middleware that handles HTTP status code responses.
What are filters in ASP.NET Core?
+
Filters execute logic before or after action methods.
What are the types of filters?
+
Authorization, Resource, Action, Exception, and Result filters.
What is authorization filter?
+
Runs before action execution to enforce authorization.
What is action filter?
+
Runs code before and after action methods.
What is result filter?
+
Runs before and after action results are executed.
What is exception filter?
+
Handles exceptions thrown by actions.
What is resource filter?
+
Runs before model binding and after result execution.
What is global filter?
+
A filter applied to all controllers and actions.
What is attribute-based filter?
+
A filter applied using attributes on controllers or actions.
What is try-catch exception handling?
+
Handling exceptions using try, catch, and finally blocks.
What is centralized exception handling?
+
Handling exceptions at a single global location.
What is authentication in ASP.NET Core?
+
Authentication verifies the identity of a user or system.
What is authorization in ASP.NET Core?
+
Authorization determines what an authenticated user is allowed to do.
What is the difference between authentication
and authorization?
+
Authentication confirms identity, authorization grants permissions.
What authentication schemes are supported in
ASP.NET Core?
+
Cookies, JWT Bearer, OAuth, OpenID Connect, and Windows Authentication.
What is cookie-based authentication?
+
Authentication that stores user identity in an encrypted browser cookie.
What is JWT authentication?
+
Token-based authentication using JSON Web Tokens.
What does a JWT contain?
+
Header, payload, and signature.
What is bearer authentication?
+
Authentication using access tokens sent in HTTP headers.
What is OAuth?
+
An authorization framework for delegated access.
What is OpenID Connect?
+
An identity layer built on top of OAuth 2.0.
What is claims-based identity?
+
An identity model using claims to represent user attributes.
What is a claim?
+
A key-value pair representing user information.
What is ASP.NET Core Identity?
+
A membership system for managing users, roles, and passwords.
What is role-based authorization?
+
Authorization based on assigned user roles.
What is policy-based authorization?
+
Authorization based on requirements and rules.
What is Authorize attribute?
+
An attribute that restricts access to authenticated users.
What is AllowAnonymous attribute?
+
Allows access without authentication.
What is authentication middleware?
+
Middleware that authenticates requests.
What is authorization middleware?
+
Middleware that enforces access policies.
What is token expiration?
+
The time after which an authentication token becomes invalid.
What is logging in ASP.NET Core?
+
Logging records application events and errors for troubleshooting.
Why is logging important?
+
It helps diagnose issues and monitor application behavior.
What logging framework is built into ASP.NET
Core?
+
Microsoft.Extensions.Logging.
What are log levels in ASP.NET Core?
+
Trace, Debug, Information, Warning, Error, and Critical.
What is ILogger?
+
An interface used to write log messages.
What is ILogger
+
?
What are logging providers?
+
Components that store or display logs.
What are common logging providers?
+
Console, Debug, EventLog, and Application Insights.
What is structured logging?
+
Logging using named fields instead of plain text.
What is Application Insights?
+
An Azure service for application performance monitoring.
What is telemetry?
+
Automatic collection of application metrics and traces.
What is distributed tracing?
+
Tracking requests across multiple services.
What is health check in ASP.NET Core?
+
An endpoint that reports application health status.
What is diagnostics in ASP.NET Core?
+
Tools and techniques for analyzing runtime behavior.
What is exception logging?
+
Recording exception details in logs.
What is request logging?
+
Logging incoming HTTP requests and responses.
What is performance monitoring?
+
Tracking response times and resource usage.
What is dependency tracking?
+
Monitoring calls to external services.
What is testing in ASP.NET Core?
+
Testing verifies application correctness, reliability, and behavior.
What is unit testing?
+
Unit testing validates individual components in isolation.
What is integration testing?
+
Integration testing verifies interactions between multiple components.
Why is testing important?
+
It prevents regressions and improves code quality.
What are common .NET testing frameworks?
+
xUnit, NUnit, and MSTest.
What is xUnit?
+
A popular open-source testing framework for .NET.
What is MSTest?
+
Microsoft’s official unit testing framework.
What is NUnit?
+
A widely used unit testing framework for .NET.
What is a test project?
+
A separate project created to write and run tests.
What is Arrange-Act-Assert pattern?
+
A pattern to structure unit tests clearly.
What is mocking?
+
Simulating dependencies to isolate units under test.
What is a mock object?
+
A fake implementation of a dependency used for testing.
What is Moq?
+
A popular mocking library for .NET.
What is dependency injection’s role in testing?
+
It allows easy substitution of dependencies with mocks.
What is integration testing in ASP.NET Core?
+
Testing application behavior using real components.
What is WebApplicationFactory?
+
A helper class for integration testing ASP.NET Core apps.
What is TestServer?
+
An in-memory server for hosting ASP.NET Core during tests.
What is test data setup?
+
Preparing required data before running tests.
What is test cleanup?
+
Removing test artifacts after execution.
What is code coverage?
+
Measuring how much code is executed during tests.
What is deployment in ASP.NET Core?
+
Deployment is the process of releasing an application to a target
environment.
What environments are commonly used for
deployment?
+
Development, Staging, and Production.
What is hosting in ASP.NET Core?
+
Hosting is running the application on a server or cloud platform.
What hosting options does ASP.NET Core support?
+
IIS, Kestrel, Docker, and cloud platforms.
What is IIS hosting?
+
Hosting ASP.NET Core apps behind IIS as a reverse proxy.
What is self-hosting?
+
Running the app directly using Kestrel.
What is Docker hosting?
+
Hosting applications inside containerized environments.
What is cloud hosting?
+
Hosting applications on cloud platforms like Azure.
What is CI/CD?
+
CI/CD automates building, testing, and deploying applications.
What is Continuous Integration?
+
Automatically building and testing code changes.
What is Continuous Delivery?
+
Preparing code for release with manual approval.
What is Continuous Deployment?
+
Automatically deploying code to production.
What is a build pipeline?
+
An automated process that compiles and packages code.
What is a release pipeline?
+
An automated process that deploys artifacts to environments.
What is Azure DevOps used for?
+
Managing CI/CD pipelines and project workflows.
What is GitHub Actions?
+
A CI/CD platform integrated with GitHub repositories.
What is configuration per environment?
+
Using different settings for different deployment stages.
What is secrets management in deployment?
+
Secure storage of sensitive configuration values.
What is zero-downtime deployment?
+
Deploying updates without service interruption.
What is rollback in deployment?
+
Reverting to a previous stable version after failure.
.NET (5/6/7/8+)?
+
A unified, cross-platform, high-performance framework for building desktop,
web, mobile, cloud, and IoT apps.
.NET Core?
+
A fast, modular, cross-platform, open-source framework for building modern
cloud and web apps.
.NET Framework?
+
A Windows-only framework with CLR and rich libraries for building desktop
and legacy ASP.NET apps.
.NET Platform Standards?
+
pecifications that ensure shared APIs and cross-platform compatibility
across .NET runtimes.
.NET?
+
A software framework with libraries, runtime, and tools for building
applications.
@Html.AntiForgeryToken()?
+
Token used to prevent CSRF attacks.
3 important segments for routing?
+
Controller name, Action name, and optional Parameter (id).
3-tier focuses on application architecture.
+
MVC focuses on UI interaction and request handling.
ABAC?
+
Attribute-Based Access Control.
Abstract Class vs Interface?
+
Abstract class can have implementation; interface cannot.
Abstraction?
+
Hiding complex implementation details.
Access Control Matrix?
+
Table mapping users/roles to permissions.
Access Review?
+
Periodic review of user permissions.
Access Token Audience?
+
Specifies which API the token is intended for.
Access Token Leakage?
+
Unauthorized party obtains a token.
Access Token?
+
Token used to access protected APIs.
Accessing HttpContext
+
Access HttpContext via dependency injection using IHttpContextAccessor;
controllers/middleware access directly, services via
IHttpContextAccessor.HttpContext.
ACL?
+
Access Control List defining user permissions for a resource.
Action Filter?
+
Code executed before or after controller action execution.
Action Filters?
+
Attributes executed before/after controller actions.
Action Method?
+
A public method inside controller handling client requests.
Action Selector?
+
Attributes like [HttpGet], [HttpPost], [Route].
ActionInvoker?
+
Executes selected MVC action method.
ActionName attribute?
+
Maps method to a different public action name.
ActionResult is a base type that can return
various results.
+
ViewResult specifically returns a View response.
ActionResult?
+
Base type for all responses returned from action methods. A return type in
MVC representing HTTP responses returned from controller actions.
AD Group?
+
A collection of users with shared permissions.
ADO.NET?
+
Data access framework for relational databases.
AdRotator Control:
+
Displays banner ads from an XML file randomly or by weight, supporting URL
redirection for dynamic ad management.
Advantages of ASP.NET?
+
High-performance, secure server-side framework supporting WebForms, MVC, Web
API, caching, authentication, and rapid development.
Advantages of MVC:
+
Provides testability, clean separation, faster development, reusable code,
and SEO-friendly URLs.
Ajax in ASP.NET?
+
Enables asynchronous browser-server communication to update page parts
without full reload, using controls like UpdatePanel and ScriptManager.
AJAX in MVC?
+
Asynchronous calls to server without full page reload.
AllowAnonymous?
+
Attribute used to skip authorization.
ANCM?
+
ASP.NET Core Module enables hosting .NET Core under IIS reverse proxy.
Anti-forgery middleware?
+
Middleware enforcing CSRF protection in .NET Core.
AntiForgeryToken validation attribute?
+
[ValidateAntiForgeryToken] ensures request includes valid token.
AntiXSS?
+
Technique for preventing cross-site scripting.
AOT Compilation?
+
Compiles .NET apps to native code for faster startup and lower memory use.
API Documentation?
+
Swagger/OpenAPI.
API Gateway?
+
Single entry point for routing, auth, rate limiting.
API Key Authentication?
+
Custom header with an API key.
API Key Authorization?
+
Simple authorization using an API key header.
API Versioning Methods?
+
URL, Header, Query, Media Type.
API Versioning?
+
Supporting multiple versions of an API using routes, headers, or query
params.
API Versioning?
+
Supporting multiple API versions to maintain backward compatibility.
ApiController attribute do?
+
Enables auto-validation and improved routing.
App Domain Concept in ASP.NET?
+
AppDomain isolates applications within a web server. It provides security,
reliability, and memory isolation. Each website runs in its own AppDomain.
If one crashes, others remain unaffected.
app.Run vs app.Use?
+
app.Use() continues the pipeline; app.Run() terminates it.
app.UseDeveloperExceptionPage()?
+
Displays detailed errors in development mode.
app.UseExceptionHandler()?
+
Middleware for centralized exception handling.
AppDomain?
+
Isolated region where a .NET application runs.
Application Insights?
+
Azure monitoring platform for performance and telemetry.
Application Model
+
The application model determines how controllers, actions, and routing
behave. It helps apply conventions and filters across the application.
Application Pool in IIS?
+
Worker process isolation unit.
appsettings.json used for?
+
Stores configuration values like connection strings, logging, and custom
settings.
appsettings.json?
+
Primary configuration file in ASP.NET Core.
appsettings.json?
+
Stores key/value settings for the application, commonly used in ASP.NET Core
MVC.
Area in MVC?
+
Module-level grouping for large applications (Admin, Customer, User).
ASP.NET Core host apps without IIS?
+
Yes, it can run standalone using Kestrel.
ASP.NET Core run in Docker?
+
Yes, it supports containerization with official runtime and SDK images.
ASP.NET Core serve static files?
+
By enabling app.UseStaticFiles() and placing files in wwwroot.
ASP.NET Core?
+
A cross-platform, high-performance web framework for APIs, MVC, and
real-time apps.
ASP.NET Core?
+
A cross-platform, high-performance web framework for building modern
cloud-based applications.
ASP.NET filters run at the end?
+
Exception Filters are executed last. They handle unhandled errors during
action or result processing. Used for logging and custom error pages.
Ensures graceful error handling.
ASP.NET Identity?
+
Framework for user management, roles, claims.
ASP.NET MVC?
+
Model–View–Controller pattern for web applications.
ASP.NET page life cycle?
+
ASP.NET page life cycle defines stages a page goes through when processing.
Key stages: Page Request, Initialization, View State Load, Postback Event
Handling, Rendering, and Unload. Events allow custom logic execution at each
phase. It controls how data is processed and displayed.
ASP.NET Web Forms?
+
Event-driven web framework using drag-and-drop UI.
ASP.NET?
+
A server-side .NET framework for building dynamic websites, APIs, and
enterprise web apps.
ASP.NET?
+
Microsoft’s web framework for building dynamic, high-performance web apps
with MVC, Web API, and WebForms.
Assemblies?
+
Compiled .NET code units containing code, metadata, and manifests (DLL or
EXE) for deploying
Assembly defining MVC:
+
MVC components are defined in System.Web.Mvc.dll.
Assign an alias name for ASP.NET Web API Action?
+
You can use the [ActionName] attribute to give an alias to an action.
Example: [ActionName("GetStudentInfo")]. This helps when method names and
route names need to differ. It's useful for versioning and friendly URLs.
async action method?
+
Action using async/await for non-blocking operations.
Async operations in EF Core?
+
Perform database tasks asynchronously to improve responsiveness and
scalability.Use ToListAsync(), FirstAsync(), etc.
Async programming?
+
Non-blocking programming using async/await.
async/await?
+
Asynchronous programming model avoiding blocking operations.
async/await?
+
Keywords enabling non-blocking asynchronous code execution.
Attribute Routing
+
Defines routes directly on controllers and actions using attributes like
[Route("api/[controller]")].
Attribute-based routing?
+
Routing using attributes above controller/action.
Attributes?
+
Metadata annotations used for declaring properties about code.
authentication and authorization in ASP.NET?
+
Authentication verifies user identity (who they are). Authorization defines
access permissions for authenticated users. ASP.NET supports built-in
security mechanisms. Both ensure secure application access.
Authentication in ASP.NET Core?
+
Process of verifying user identity.
Authentication modes in ASP.NET for security?
+
ASP.NET supports Windows, Forms, Passport, and Anonymous authentication.
Forms authentication is common for web apps. Security is configured in
Web.config. Each mode provides a method to validate users.
Authentication vs Authorization?
+
Authentication verifies identity; authorization verifies access rights.
Authentication?
+
Identifying the user.
authentication?
+
Process of verifying user identity.
Authentication?
+
Verifying user identity.
Authorization Audit Trail?
+
Logs that track authorization decisions.
Authorization Cache?
+
Caching authorization decisions for performance.
Authorization Drift?
+
Outdated or incorrectly configured permissions.
Authorization Filter?
+
Executes before controller actions to enforce permissions.
Authorization Handler?
+
Custom logic to evaluate authorization requirements.
Authorization Pipeline?
+
Sequence of steps evaluating user access.
Authorization Policy?
+
Named group of requirements.
Authorization Requirement?
+
Represents a condition to fulfill authorization.
Authorization Server?
+
Server that issues access tokens.
Authorization types?
+
Role-based, Claim-based, Policy-based, Resource-based.
Authorization?
+
Authorization determines what a user is allowed to access after
authentication.
authorization?
+
Process of verifying user access rights based on roles or claims.
Authorization?
+
Verifies if authenticated user has access rights.
Authorization?
+
Checking user access rights after authentication.
Authorize attribute?
+
Enforces authorization using roles, policies, or claims.
AutoMapper?
+
Object mapping library.
AutoMapper?
+
Library for mapping objects automatically.
Azure App Service?
+
Cloud hosting platform for ASP.NET Core applications.
Azure Key Vault?
+
Secure storage for secrets, keys, and credentials.
B2B Authorization?
+
Authorization in multi-tenant business apps.
B2C Authorization?
+
Authorization in consumer-facing apps.
Backchannel Communication?
+
Secure server-server communication for token exchange.
Background worker coding?
+
Inherit from BackgroundService.
BackgroundService class?
+
Runs long-lived background tasks in .NET apps, e.g., for messaging or
monitoring.
Basic Authentication?
+
Authentication using Base64 encoded username and password.
Basic Authorization?
+
Credentials sent as Base64 encoded username:password.
Bearer Authentication?
+
Token-based authentication mechanism where tokens are sent in request
headers.
Bearer Token?
+
Authorization token sent in Authorization header.
beforeFilter(), beforeRender(), afterFilter():
+
beforeFilter() runs before action, beforeRender() runs before view
rendering, and afterFilter() runs after the response.
Benefits of ASP.NET Core?
+
Cross-platform, Cloud-ready, container friendly, modular, and fast runtime.
Benefits of using MVC:
+
MVC gives separation of concerns, supports testability, clean URLs,
maintainability, and scalability.
Blazor Server and WebAssembly?
+
Server-side rendering vs client-side execution in browser.
Blazor?
+
Framework for building interactive web UIs using C# instead of JavaScript.
Boxing?
+
Converting a value type to an object type.
Build in .NET?
+
Compilation of code into IL.
Bundling and Minification?
+
Improves performance by reducing file sizes and number of requests.
Bundling and Minification?
+
Optimizing CSS and JS for performance.
Cache Tag Helper
+
This helper caches rendered HTML output on the server, improving performance
for static or rarely changing UI sections.
Caching / Response Caching
+
Caching stores output to improve performance and reduce processing. Response
caching stores HTTP responses, improving load time for repeated requests.
Caching in ASP.NET Core?
+
Improves performance by storing frequently accessed data.
Caching in ASP.NET?
+
Technique to store frequently used data for performance.
Caching in ASP.NET?
+
Caching stores frequently accessed data to improve performance using Output,
Data, or Object Caching.It reduces server load, speeds up responses, and is
ideal for static or rarely changing data.
caching?
+
Storing frequently accessed data in memory for faster response.
Can you create an app using both WebForms and
MVC?
+
Yes, it is possible to host both in the same project. MVC can coexist with
WebForms when routing is configured properly. This allows gradual migration.
Both frameworks share the same runtime environment.
Cases where routing is not needed:
+
Routing is unnecessary for requests for static files like images/CSS or for
direct WebForms/WebService calls.
Change Token
+
A Change Token is a notification mechanism used to monitor changes, such as
configuration files or file-based caching. When a change occurs, the token
triggers refresh or rebuild actions.
CI/CD?
+
Automation pipeline for building, testing, and deploying applications.
CI/CD?
+
Continuous Integration and Continuous Deployment pipeline automation.
CIL/IL?
+
Intermediate code that the CLR JIT-compiles into machine code, enabling
language-independence and runtime optimization.
Circuit Breaker?
+
Polly-based approach to handle failing services.
Claim?
+
A user attribute such as name, email, role, or permission.
Claim-Based Authorization?
+
Authorization based on user claims such as email, age, department.
Claims?
+
User-specific attributes like name, id, role.
Claims-based authorization?
+
Authorization using claims stored in user identity.
class is used to return JSON in MVC?
+
JsonResult class is used to return JSON formatted data.
Class library?
+
A project that compiles to reusable DLL.
Client-side validation?
+
Validation executed in browser using JavaScript.
CLR?
+
Common Language Runtime that manages execution, memory, garbage collection,
and security.
CLR?
+
Common Language Runtime executes .NET applications and manages memory,
security, and exceptions.
CLS?
+
Common Language Specification – rules that all .NET languages must follow.
CLS?
+
Common Language Specification defines language rules .NET languages must
follow.
Coarse-Grained Authorization?
+
Role-level access control.
Code behind an Inline Code?
+
Code-behind keeps design and logic separate using external .cs files. Inline
code is written directly inside .aspx pages. Code-behind improves
maintainability and reusability. Inline code is simpler but less structured.
Code First Migration?
+
Approach where database schema is created from C# models.
Column-Level Security?
+
Restricts access to specific columns.
command builds project?
+
dotnet build
command is used to scaffold projects?
+
dotnet new
command restores packages?
+
dotnet restore
command runs app?
+
dotnet run
Concepts of Globalization and Localization in
.NET?
+
Globalization prepares an app to support multiple languages and cultures.
Localization customizes the app for a specific culture using resource files.
ASP.NET uses .resx files for language translation. These features help
create multilingual web applications.
Conditional Access?
+
Authorization based on conditions like location or device.
Configuration / appsettings.json
+
Settings are stored in appsettings.json and accessed using IConfiguration.
Configuration System in .NET Core?
+
Instead of Web.config, .NET Core uses appsettings.json, environment
variables, user secrets, and Azure KeyVault. It supports hierarchical and
strongly typed configuration.
ConfigurationBuilder?
+
ConfigurationBuilder loads settings from multiple sources like JSON, XML,
Azure, or environment variables. It provides flexible app configuration.
Connection Pooling?
+
Reuse of open database connections for performance.
Consent Screen?
+
User approval of requested permissions.
Containerization in ASP.NET Core?
+
Running application inside lightweight containers instead of full VMs.
Content Negotiation?
+
Mechanism to return JSON/XML based on Accept headers.
Content Negotiation?
+
Determines response format (JSON/XML) based on client request headers.
Controller in MVC?
+
Controller handles incoming requests, processes data, and returns responses.
Controller?
+
A controller handles incoming HTTP requests and returns responses such as
JSON, views, or status codes. It follows MVC (Model-View-Controller)
pattern.
ControllerBase?
+
Base class for API controllers (no views).
Convention-based routing?
+
Routing following default predefined conventions.
Cookie vs Token Auth?
+
Cookie is server-based; token is stateless.
Cookie-less Session:
+
When cookies are disabled, session data is tracked using URL rewriting.
Session ID appears in the URL. Helps maintain session without browser
cookies.
Cookies in ASP.NET?
+
Cookies store user data in the browser, such as username or session ID, for
future requests.ASP.NET supports persistent and non-persistent cookies to
enhance personalization and authentication.
CORS?
+
CORS (Cross-Origin Resource Sharing) allows or restricts browser requests
from different origins. ASP.NET Core allows configuring allowed methods,
headers, and domains.
CORS?
+
Security feature controlling which external domains may access server
resources.
CORS?
+
Cross-Origin Resource Sharing that controls external access permissions.
Create .NET Core API project?
+
Use: dotnet new webapi -n MyApi
Cross-page posting in ASP.NET:
+
Cross-page posting allows a form to post data to another page using
PostBackUrl property. The target page can access source page controls using
PreviousPage property. Useful for multi-step forms.
Cross-Platform Compilation?
+
.NET Core/.NET can compile and run on Windows, Linux, or macOS. Developers
can build apps once and run them anywhere.
CRUD API coding question?
+
Implement GET, POST, PUT, DELETE endpoints.
CSRF Protection
+
CSRF attacks force users to perform unintended actions. ASP.NET Core
mitigates it using anti-forgery tokens and validation attributes.
CSRF?
+
Cross-site request forgery attack.
CSRF?
+
Cross-site request forgery where attackers perform unauthorized actions on
behalf of users.
CSRF?
+
Cross-Site Request Forgery attack forcing authenticated users to execute
unwanted actions.
CTS?
+
Common Type System – defines how types are declared and used in .NET.
CTS?
+
Common Type System ensures consistency of data types across all .NET
languages.
Custom Action Filter coding?
+
Extend ActionFilterAttribute.
Custom Exception?
+
User-defined exception class.
Custom Middleware in ASP.NET Core
+
Custom middleware is created by writing a class with an Invoke or
InvokeAsync method that accepts HttpContext. It is registered in the
pipeline using app.Use(). Middleware can modify requests, responses, or pass
control to the next component.
Custom Model Binding
+
Implement IModelBinder and register it using ModelBinderProvider.
Data Annotation?
+
Attribute-based validation such as [Required], [Email], [StringLength].
Data Annotations?
+
Attributes used for validation like [Required], [Email], [StringLength].
Data Binding?
+
Connecting UI elements with data sources.
Data Cache:
+
Data Cache stores frequently used data to improve performance. It supports
expiration policies and dependency-based invalidation. Accessed through
HttpRuntime.Cache.
Data controls available in ASP.NET?
+
ASP.NET provides several data-bound controls like GridView, ListView,
Repeater, DataList, and FormView. These controls display and manipulate
database records. They support sorting, paging, and editing features. They
simplify data presentation.
Data Masking?
+
Hiding sensitive data based on policies.
Data Protection API?
+
Encrypting sensitive data.
Data Seeding?
+
Preloading default or sample data into database.
DbContext?
+
Class managing database connection and entity tracking.
DbSet?
+
Represents a database table.
Default project structure?
+
Minimal hosting model with Program.cs and optional folders for Models,
Controllers, Services.
Default route format?
+
{controller}/{action}/{id}
Define Default Route:
+
The default route is {controller}/{action}/{id} with default values like
Home/Index. It helps map incoming requests automatically.
Define DTO.
+
Data Transfer Object—used to expose safe API models.
Define Filters in MVC.
+
Filters allow custom logic before or after controller actions, such as
authentication, logging, or error handling.
Define Output Caching in MVC.
+
Output caching stores the rendered output of an action to improve
performance and reduce server processing.
Define Scaffolding in MVC:
+
Scaffolding automatically generates CRUD code and views based on the model.
It speeds up development by providing a code structure quickly.
Define the 3 logical layers of MVC?
+
Presentation layer → View Business logic layer → Controller Data layer →
Model
Delegate?
+
Type-safe function pointer.
Delegation?
+
Forwarding user's identity to downstream systems.
DenyAnonymousAuthorization?
+
Policy that allows only authenticated users.
Dependency Injection?
+
Dependency Injection (DI) is a design pattern where dependencies are
injected rather than created internally. .NET Core has built-in DI support.
It improves testability, maintainability, and loose coupling.
dependency injection?
+
A pattern where dependent services are injected rather than created inside a
class.
Dependency Injection?
+
Improves maintainability, testability, and reduces coupling.
Dependency Injection?
+
Injecting required objects rather than creating them inside controller.
Deployment Slot?
+
Environment preview before production deployment, commonly in Azure.
Deployment?
+
Publishing application to server.
Describe application state management in
ASP.NET.
+
Application State stores global data accessible to all sessions. It is
stored in server memory and persists until restart. Useful for shared
counters or configuration data. It reduces repeated data loading.
Describe ASP.NET MVC.
+
It is a lightweight Microsoft framework that follows MVC architecture for
building scalable, testable web applications.
Describe login Controls in ASP.
+
Login controls simplify user authentication. Examples include Login,
LoginView, LoginStatus, PasswordRecovery, and CreateUserWizard. They handle
username validation, password reset, and security membership. They reduce
custom coding effort.
DI (Dependency Injection)?
+
A design pattern where dependencies are provided rather than created inside
a class.
DI Container?
+
Object lifetime and dependency management system.
DI for Controllers
+
ASP.NET Core injects dependencies into controllers via constructor
injection. Services must be registered in ConfigureServices.
DI for Views
+
Views receive dependencies using @inject directive. This helps share
services such as logging or localization.
DifBet .NET Core and .NET Framework?
+
.NET Core is cross-platform and modular; .NET Framework is Windows-only and
monolithic.
DifBet ASP.NET MVC and WebForms?
+
MVC follows separation of concerns and doesn’t use ViewState, while WebForms
uses event-driven model with ViewState.
DifBet Authentication and Authorization?
+
Authentication verifies identity; Authorization verifies permissions.
DifBet Claims and Roles?
+
Role is a type of claim for grouping permissions.
DifBet Code First and DB First in EF?
+
Code First generates DB from classes, Database First generates classes from
DB.
DifBet Dataset and DataReader?
+
Dataset is disconnected; DataReader is connected and forward-only.
DifBet EF and EF Core?
+
EF Core is cross-platform, lightweight, and supports LINQ to SQL.
DifBet EXE and DLL?
+
EXE is an executable process; DLL is a reusable library.
DifBet GET and POST?
+
GET retrieves data; POST submits or modifies server data.
DifBet LINQ to SQL and Entity Framework?
+
LINQ to SQL is limited to SQL Server; EF supports multiple databases.
DifBet PUT and PATCH?
+
PUT replaces entire resource; PATCH updates part of it.
DifBet Razor and ASPX view engine?
+
Razor is cleaner, faster, and uses minimal markup compared to ASPX.
DifBet REST and SOAP?
+
REST is lightweight and stateless using JSON, while SOAP uses XML and is
more structured.
DifBet Role-Based vs Permission-Based?
+
Role groups permissions, permission defines specific capability.
DifBet session and cookies?
+
Cookies store on client browser, sessions store on server.
DifBet Thread and Task?
+
Thread is OS-level entity; Task is a higher-level abstraction.
DifBet Value type and Reference type?
+
Value types stored in stack, reference types stored in heap.
DifBet ViewBag and ViewData?
+
ViewData is dictionary-based; ViewBag uses dynamic properties. Both are
temporary and request-scoped.
DifBet WCF and Web API?
+
WCF supports protocols like TCP/SOAP; Web API is REST-based.
DifBet worker process and app pool?
+
App pool groups worker processes; worker process executes application.
DiffBet 3-tier and MVC?
+
3-tier architecture has Presentation, Business, and Data layers. MVC has
Model, View, and Controller roles for UI pattern.
DiffBet ActionResult and ViewResult.
+
ActionResult is a base type that can return various results.
DiffBet ActionResult and ViewResult?
+
ActionResult is a base class for various result types (JsonResult,
RedirectResult, etc.). ViewResult specifically returns a View. Controller
methods can return either. ActionResult provides flexibility for different
response formats.
DiffBet adding routes in WebForms and MVC.
+
WebForms uses file-based routing whereas MVC uses pattern-based routing.MVC
routing maps URLs directly to controllers and actions.
DiffBet AddTransient, AddScoped, and
AddSingleton?
+
Transient: New instance every request,Scoped: One instance per HTTP
request,Singleton: Same instance for entire application lifetime
DiffBet ASP.NET Core and ASP.NET?
+
Core is cross-platform, lightweight, modular, and faster. Classic ASP.NET is
Windows-only, uses System.Web, and is heavier.
DiffBet ASP.NET MVC 5 and ASP.NET Core MVC?
+
ASP.NET Core MVC is cross-platform, modular, open-source, and integrates Web
API into MVC. MVC 5 works only on Windows and is more monolithic. Core also
uses middleware instead of pipeline handlers.
DiffBet EF Core and EF Framework?
+
EF Core is lightweight, cross-platform, extensible, and faster than EF
Framework. EF Framework supports only .NET Framework and lacks many modern
features like batching, no-tracking queries, and shadow properties.
DiffBet HTTP Handler and HTTP Module:
+
Handlers handle and respond to specific requests directly. Modules work in
the pipeline and intercept requests during processing. Multiple modules can
exist for one request, but only one handler processes it.
DiffBet HttpContext.Current.Items and
HttpContext.Current.Session:
+
Items is used to store data for a single HTTP request and is cleared after
the request ends. Session stores data across multiple requests for the same
user. Items is faster and used for request-level sharing.
DiffBet MVVM and MVC?
+
MVC uses Controller for request handling, View for UI, and Model for data.
MVVM uses ViewModel to handle binding logic between View and Model. MVVM
supports two-way binding, especially in UI frameworks. MVC is better for web
apps, MVVM suits rich UIs.
DiffBet Server.Transfer and Response.Redirect:
+
Server.Transfer transfers execution to another page on the server without
changing the URL. Response.Redirect sends the browser to a new page and
changes the URL. Redirect performs a round trip to the client; Transfer does
not.
DiffBet session and caching:
+
Session stores user-specific data and is used per user. Cache stores
application-wide frequently used data to improve performance. Session
expires when the user ends or times out, while cache expiry depends on
policies like sliding or absolute expiration.
DiffBet TempData, ViewData, and ViewBag?
+
ViewData: Dictionary-based, valid only for current request. ViewBag: Wrapper
around ViewData using dynamic properties. TempData: Persists only for the
next request (used for redirects). 18) What is a partial view in MVC?
DiffBet View and Partial View.
+
A View renders the full UI while a Partial View renders a reusable section
of the UI.
DiffBet View and Partial View?
+
A View renders a complete page layout. A Partial View renders only a portion
of UI. Partial View does not include layout pages by default. Useful for
reusable components.
DiffBet Web API and WCF:
+
Web API is lightweight and designed for RESTful services using HTTP. WCF
supports multiple protocols like HTTP, TCP, and MSMQ. Web API is best for
modern web/mobile services, WCF for enterprise SOA.
DiffBet Web Forms and MVC?
+
MVC is lightweight and testable; Web Forms is event-driven and stateful.
DiffBet WebForms and MVC?
+
WebForms are event-driven and stateful. MVC is lightweight, stateless, and
supports testability. MVC offers full control over HTML. WebForms use
server-side controls and ViewState.
Difference: app.Use vs app.Run?
+
app.Use() allows multiple middlewares; app.Run() terminates the pipeline and
passes no further requests.
Different approaches to implement Ajax in MVC.
+
Using Ajax.BeginForm(), jQuery Ajax(), or Fetch API.
Different properties of MVC routes?
+
Key properties are URL, Defaults, Constraints, and DataTokens.
Different return types used by the controller
action method in MVC?
+
Common return types are ViewResult, JsonResult, RedirectResult,
ContentResult, FileResult, and ActionResult. ActionResult is the base type
for most results.
Different Session state management options
available in ASP.NET?
+
ASP.NET stores user-specific data across requests using InProc, StateServer,
SQL Server, or Custom modes.InProc keeps data in memory, while StateServer
and SQL Server store it externally, all server-side and secure.
Different validators in ASP.NET?
+
Controls like RequiredField, Range, Compare, Regex, Custom, and
ValidationSummary ensure correct input on client and server sides.
Different ways for bundling and minification in
ASP.NET Core?
+
Combine and compress scripts/styles to reduce size and improve performance,
using tools like Webpack or NUglify.
directive reads environment?
+
app.Environment.IsDevelopment()
Directory Service?
+
Stores users, groups, and permissions (AD, LDAP).
Display something in CodeIgniter?
+
Use the controller to load a view. Example:
$this->load->view("welcome_message"); The view outputs content to the
browser. Models supply data if required.
DisplayFor vs EditorFor?
+
DisplayFor shows read-only UI; EditorFor creates editable fields.
DisplayTemplate?
+
Reusable Display UI with @Html.DisplayFor.
distributed cache providers are supported?
+
Redis, SQL Server, NCache.
Distributed Cache?
+
Cache shared across multiple servers (Redis, SQL).
Distributed Tracing?
+
Tracing requests across microservices.
Distributed Tracing?
+
Tracking request flow through microservices with correlation IDs.
do you mean by partial view of MVC?
+
A partial view is a reusable view component used to render partial UI, such
as headers or menus.
Docker in .NET context?
+
Run .NET apps in portable containers for easy deployment, scaling, and
microservices.
Docker?
+
Containerization platform used to package and deploy applications.
Docker?
+
Container platform for packaging and deploying applications.
does MVC represent?
+
Model = business logic/data, View = UI, Controller = handles request and
updates View.
dotnet CLI?
+
Command line interface for building and running .NET applications.
Drawbacks of MVC model:
+
More development complexity, steep learning curve, and requires stronger
knowledge of patterns.
DTO?
+
Data Transfer Object used to transfer lightweight data.
Dynamic Authorization?
+
Real-time decision-based authorization.
Eager Loading?
+
Loads related data via Include().
EditorTemplate?
+
Reusable Editable UI with @Html.EditorFor.
EF Core optimization coding?
+
Use Select, AsNoTracking, Include.
EF Core?
+
Object-relational mapper for .NET Core.
EF Core?
+
Modern lightweight ORM for database access.
EF Migration?
+
Feature to update database schema using version-controlled code.
Enable CORS
+
CORS is configured using services.AddCors() and enabled with app.UseCors().
It allows cross-domain API access.
Enable CORS in API?
+
services.AddCors(); app.UseCors(...);
Enable CORS?
+
Using middleware: app.UseCors()
Enable JWT in API?
+
AddAuthentication().AddJwtBearer(...).
Enable Response Caching?
+
services.AddResponseCaching(); app.UseResponseCaching();
Encapsulation?
+
Bundling data and methods inside a class.
Endpoint Routing?
+
Modern routing system introduced to unify MVC, Razor Pages, and SignalR
routing.
Ensure Web API returns JSON only?
+
Remove XML formatters and keep only JSON formatter in WebApiConfig. Example:
config.Formatters.Remove(config.Formatters.XmlFormatter);. Now the API
always responds in JSON format. Useful for modern REST services.
Enterprise Library:
+
Enterprise Library provides reusable software components like Logging, Data
Access, Validation, and Exception Handling. Helps build enterprise-level
maintainable applications.
Entity Framework?
+
ORM for accessing databases using objects.
Entity Framework?
+
An ORM that maps databases to .NET objects, supporting LINQ, migrations, and
simplified data access.
Entity Framework?
+
ORM framework to interact with database using C# objects.
Environment Variable in ASP.NET Core?
+
External configuration determining environment (Development, Staging,
Production).
Environment Variable?
+
Configuration used to define environment (Development, Staging, Production).
Error handling middleware?
+
Middleware for diagnostics and custom error responses (e.g.,
DeveloperExceptionPage, ExceptionHandler).
Error Handling Strategies
+
Use middleware like UseExceptionHandler, logging, global filters, and status
code pages.
Event?
+
Notification triggered using delegates.
Examples of HTML Helpers?
+
TextBoxFor, DropDownListFor, LabelFor, HiddenFor.
Exception Handling?
+
Mechanism to handle runtime errors using try/catch/finally.
Execute any MVC project?
+
Build the project → Run IIS Express/Local host → Routing selects controller
→ Action returns view → Output is rendered in browser.
Explain ASP.NET Core.
+
It is a cross-platform, open-source framework for building modern web
applications. It provides high performance, modular design, and supports
MVC, Razor Pages, Web APIs, and SignalR.
Explain Dependency Injection.
+
DI provides loose coupling by injecting required services at runtime.
ASP.NET Core has DI support built-in.
Explain in brief the role of different MVC
components.
+
Model manages logic and data. View is responsible for UI.Controller acts as
a bridge processing user requests and returning responses.
Explain Model, View, and Controller in Brief.
+
Model holds application logic and data. View displays data to the user.
Controller handles user input, interacts with Model, and selects the View to
render.
Explain Request Pipeline.
+
Request flows through middleware components configured in Program.cs (pre
.NET 6: Startup.cs) before generating a response.
Explain separation of concern.
+
It divides an application into distinct sections, each responsible for a
single concern, reducing dependency.
Explain some benefits of using MVC.
+
It supports separation of concerns, easy testing, clean code structure, and
supports TDD. It’s extensible and suitable for large applications.
Explain TempData, ViewData, ViewBag.
+
TempData: Stores data temporarily across redirects.
Explain the MVC Application life cycle.
+
It includes: Application Start → Routing → Controller Initialization →
Action Execution → Result Execution → View Rendering → Response sent to
client.
Explicit Allow?
+
Specific rule allows access.
Explicit Deny?
+
Rule that overrides all allows.
Extension Method?
+
Add new methods to existing types without modifying them.
external authentication?
+
Login using Google, Microsoft, Facebook, GitHub providers.
Feature Toggle?
+
Enables or disables features dynamically.
Features of MVC?
+
MVC supports separation of concerns. It promotes testability, flexibility,
and clean architecture. Provides routing, Razor syntax, and built-in
validation. Ideal for large, scalable web applications.
Federation in Authorization?
+
Trust relationship between identity providers and applications.
File extension for Razor views?
+
.cshtml
File extensions for Razor views?
+
Razor views use: .cshtml for C# .vbhtml for VB.NET These files support
inline Razor syntax.
file replaces Web.config in ASP.NET Core?
+
appsettings.json
FileResult?
+
Returns files like PDF, images, or documents.
Filter in MVC?
+
Reusable logic executed before or after action methods.
Filter types?
+
Authorization, Resource, Action, Exception, Result filters.
Filters executed at the end:
+
Result filters are executed at the end, just before and after the view is
rendered.
Filters in ASP.NET Core?
+
Run pre- or post-action logic like validation, logging, caching, or
authorization in controllers.
Filters in MVC Core?
+
Reusable logic executed before or after actions.
Filters?
+
Components to run code before/after actions.
Fine-Grained Authorization?
+
Permission-level control instead of role-level.
FormCollection?
+
Object storing form values submitted by user.
Forms Authentication?
+
User logs in through custom login form.
Framework-Dependent Deployment?
+
App runs on an installed .NET runtime, producing a smaller executable.
Frontchannel Communication?
+
Browser-based token communication.
GAC : Global Assembly Cache?
+
Stores shared .NET assemblies for multiple apps, supporting versioning and
avoiding DLL conflicts.
Garbage Collection (GC)?
+
Automatic memory management that removes unused objects.
Garbage Collection?
+
Automatic memory cleanup of unused objects.
GC generations?
+
Gen 0, Gen 1, Gen 2 used to optimize memory cleanup.
Generic Repository?
+
A reusable data access pattern that works with any entity type to perform
CRUD operations.
GET and POST Action types:
+
GET retrieves data and does not modify state. POST submits data and is used
for creating or updating records.
Global exception handling coding?
+
Create custom exception middleware.
Global Exception Handling?
+
Error handling applied across entire application using middleware.
Global.asax?
+
Application-level events like Start, End, Error.
GridView Control:
+
GridView displays data in a tabular format and supports sorting, paging, and
editing. It binds to data sources like SQL, lists, or datasets. It provides
templates and commands for customization.
gRPC in .NET?
+
High-performance, protocol-buffer-based communication for microservices,
faster than REST.
gRPC?
+
High-performance communication protocol using binary messaging and HTTP/2.
gRPC?
+
High-performance RPC protocol using HTTP/2 for communication.
GZip Compression?
+
Compressing responses to reduce payload size.
Handle 404 in ASP.NET Core?
+
Use middleware such as: app.UseStatusCodePages();
HATEOAS?
+
Responses include links to guide client navigation.
HATEOAS?
+
Hypermedia as Engine of Application State — constraint of REST API.
Health Check Endpoint?
+
Endpoint to verify system status and dependencies.
Health Check endpoint?
+
Used for monitoring health status and dependencies like DB or Redis.
Health Check in .NET Core?
+
Monitor app and dependency status, useful for Kubernetes and cloud
deployments.
Health Checks?
+
Endpoints that report app health.
Host in ASP.NET Core?
+
Manages DI, configuration, logging, and middleware; includes WebHost and
GenericHost.
Host?
+
Host manages app lifetime, DI container, config, and logging. It’s core
runtime container.
Host?
+
Host manages app lifetime, configuration, logging, DI, and environment.
HostedService?
+
Interface for background tasks.
Hot Reload?
+
Hot Reload allows modifying code while the application is running. It
improves productivity by reducing restart time.
Hot Reload?
+
Feature allowing code changes without restarting application.
How authorize multiple roles?
+
[Authorize(Roles=\Admin Manager\")]"
How execute Stored Procedures?
+
Use FromSqlRaw().
How implement Pagination?
+
Use Skip() and Take().
How prevent privilege escalation?
+
Validate authorization checks on every sensitive action.
How prevent SQL Injection?
+
Use parameterized queries and stored procedures.
How register EF Core?
+
services.AddDbContext(options => options.UseSqlServer(...));
How return IActionResult?
+
Use Ok(), NotFound(), BadRequest(), Created().
How Seed Data?
+
Use HasData() inside OnModelCreating().
How upload files?
+
Use IFormFile parameter.
HTML Helper?
+
Methods that generate HTML controls programmatically in views.
HTML server controls in ASP.NET?
+
HTML controls become server controls by adding runat="server". They behave
like programmable server-side objects. They allow event handling and server
processing.
HTTP Handler?
+
An HttpHandler is a component that processes individual HTTP requests. It
acts as an endpoint for file extensions like .aspx, .ashx, .jpg etc. It is
lightweight and best for custom resource generation.
HTTP Logging Middleware?
+
Logs details about incoming requests and responses.
HTTP Status Codes?
+
200 OK, 201 Created, 400 Bad Request, 401 Unauthorized, 404 Not Found, 500
Server Error.
HTTP Verb Mapping?
+
Mapping controller actions to verbs using [HttpGet], [HttpPost], etc.
HTTP Verb?
+
Operations like GET, POST, PUT, DELETE mapped to actions.
HttpClientFactory?
+
Factory pattern to create and manage HttpClient instances.
HttpModule?
+
Windows-only ASP.NET components that handle HTTP request/response events in
the pipeline.
HTTPS Redirection Middleware?
+
Forces application to use secure connection.
HTTPS Redirection?
+
Force HTTPS using app.UseHttpsRedirection().
IActionFilter?
+
Interface for implementing custom filters.
IActionResult?
+
Base interface for different action results.
IActionResult?
+
Base interface for action results in ASP.NET Core MVC.
IAM?
+
Identity and Access Management.
IAuthorizationService?
+
Service to manually invoke authorization programmatically.
IConfiguration?
+
Interface used to access application configuration values.
IConfiguration?
+
Interface used to read configuration data.
Idempotency?
+
Operation that produces the same result when repeated.
Identity Framework?
+
Built-in membership system for authentication and user roles.
Identity Provider (IdP)?
+
Service that authenticates users.
IdentityServer?
+
OAuth2/OpenID Connect framework for authentication and authorization.
IHttpClientFactory?
+
Factory for creating HttpClient instances safely.
IHttpClientFactory?
+
IHttpClientFactory creates and manages HttpClient instances to avoid socket
exhaustion and improve performance in Web API calls.
IHttpClientFactory?
+
ASP.NET Core factory for creating and managing HttpClient instances.
IHttpClientFactory?
+
Factory pattern for creating optimized HttpClient instances.
IHttpContextAccessor?
+
Used to access HTTP context in non-controller classes.
IIS Integration?
+
In Windows hosting, Kestrel works behind IIS. IIS handles SSL, load
balancing, and process management, while Kestrel executes the request
pipeline.
IIS?
+
Web server for hosting ASP.NET apps.
IIS?
+
Internet Information Services — a Windows web server.
ILogger?
+
Logging interface used for tracking application events.
Impersonation?
+
Executing code under another user's identity.
Impersonation?
+
Execute actions under another user's identity.
Implement Ajax in MVC?
+
Using @Ajax.BeginForm() and AjaxOptions. You can call actions asynchronously
using jQuery AJAX. The server returns JSON or partial views. This improves
performance without full page reloads.
Implement MVC Forms authentication:
+
Forms authentication uses login pages, authentication cookies, and
AuthorizeAttribute to protect secured pages.
Implicit Deny?
+
If no rule allows it, access is denied.
Importance of NonActionAttribute?
+
It marks a method in a controller as not an action method. This prevents it
from being executed via URL routing. Useful for helper methods within
controllers. Enhances security and routing control.
Improve API Performance?
+
Caching, AsNoTracking, async queries, efficient queries.
Improve ASP.NET performance:
+
Use caching, compression, output caching, and minimized ViewState. Optimize
SQL queries and enable async processing. Reduce server round trips and
bundling/minifying scripts.
Inheritance?
+
Deriving classes from base classes.
In-memory vs Distributed Cache
+
In-memory caching stores data on the server and is best for single-instance
apps. Distributed caching uses Redis or SQL Server and supports
load-balanced environments.
Interface?
+
Contract specifying methods without implementation.
IOptions pattern?
+
Method to bind strongly-typed settings from configuration to C# classes.
IOptions pattern?
+
Used to map configuration sections to strongly typed classes.
Is ASP.NET Core open source?
+
Yes, it is developed under the .NET Foundation and is fully open source.
Is DI built-in in ASP.NET Core?
+
Yes, ASP.NET Core has built-in DI support.
Is MVC stateless?
+
Yes, MVC follows stateless architecture where every request is independent.
JIT Compiler?
+
Just-In-Time compiler that converts IL code to native machine code.
JIT compiler?
+
Converts IL to native code at runtime, optimizing performance and memory;
types include Pre-JIT, Econo-JIT, Normal-JIT.
JIT compiler?
+
Just-in-Time compiler converts IL code to machine code during runtime.
JSON global config?
+
builder.Services.Configure(...).
JSON Serialization?
+
Converting objects into JSON format for transport or storage.
JSON Serializer used?
+
System.Text.Json (default), with option to use Newtonsoft.Json.
JSON.stringify?
+
Converts JavaScript object into JSON format for ajax posts.
JsonResult?
+
Returns JSON formatted response.
Just-In-Time Access (JIT)?
+
Provide temporary elevated permissions.
JWT Authentication?
+
JWT (JSON Web Token) is a token-based authentication method used in
microservices and APIs. It stores claims and is stateless, meaning no
session storage is required.
JWT creation coding?
+
Use JwtSecurityTokenHandler to generate token.
JWT Token?
+
Stateless token format used for authentication.
JWT?
+
A compact, self-contained token for securely transmitting claims between
parties.
JWT?
+
JSON Web Token for stateless authentication between client and server.
JWT?
+
JSON Web Token used for bearer authentication.
Kerberos?
+
Secure ticket-based authentication protocol.
Kestrel Server?
+
Kestrel is the default lightweight web server in ASP.NET Core. It is fast,
cross-platform, and optimized for high-performance apps.
Kestrel?
+
Cross-platform lightweight web server for ASP.NET Core.
Kestrel?
+
A lightweight, cross-platform web server used by ASP.NET Core applications.
Key DifBet ASP.NET and ASP.NET Core?
+
ASP.NET Core is cross-platform, modular, open-source, and faster compared to
ASP.NET Framework.
Kubernetes?
+
Container orchestration platform used to deploy microservices.
Latest version of ASP.NET Core?
+
The latest stable version of ASP.NET Core (as of December 2025) follows the
latest .NET release: ASP.NET Core 10.0 — shipped with .NET 10 on November
11, 2025.
LaunchSettings.json in ASP.NET Core?
+
This file stores environment and profile settings for the application during
development. It defines the application URL, SSL settings, and environment
variables like ASPNETCORE_ENVIRONMENT. It helps configure debugging profiles
for IIS Express or direct execution.
Layout page?
+
Template defining common design elements such as header and footer.
Layout Page?
+
Master template providing shared UI like header/footer across multiple
views.
Lazy Loading?
+
Loads navigation properties on first access.
Least Privilege Access?
+
Users receive minimal required permissions.
library supports resiliency?
+
Polly.
LINQ?
+
Query syntax integrated into C# to query collections/databases.
LINQ?
+
LINQ (Language Integrated Query) allows querying data from collections,
databases, XML, etc. using C# syntax. It improves code readability and
eliminates SQL string errors.
LINQ?
+
Query syntax for querying data collections, SQL, XML, and EF.
LINQ?
+
Query syntax used to retrieve data from collections or databases.
List HTTP methods.
+
GET, POST, PUT, PATCH, DELETE, OPTIONS.
Load Balancing?
+
Distribute requests across servers.
Load Balancing?
+
Distributing application traffic across multiple servers for performance and
redundancy.
Lock statement?
+
Prevents multiple threads from accessing code simultaneously.
Logging in .NET Core?
+
.NET Core provides built-in logging with providers like Console, Debug,
Serilog, and Application Insights. It helps monitor app behavior and errors.
Logging in ASP.NET Core?
+
Built-in framework to log information using ILogger.
Logging in MVC Core?
+
Capturing application logs via ILogger and providers.
logging providers are supported?
+
Console, Debug, Azure App Insights, Seq, Serilog.
Logging Providers?
+
Serilog, NLog, Seq, Application Insights.
Logging System
+
Built-in support for console, file, Application Insights, SeriLog, etc.
Logging?
+
System to capture and store application logs.
Machine.config?
+
System-wide configuration file for .NET Framework.
Main DiffBet MVC and Web API?
+
MVC is used to return views (HTML) for web applications. Web API is used to
build RESTful services and returns data formats like JSON or XML. MVC is
UI-focused, whereas Web API is service-focused. Web API can be used by
mobile, IoT, and web clients.
Maintain the sessions in MVC?
+
Session can be maintained using Session[], cookies, TempData, ViewBag,
QueryString, and Hidden fields.
Major events in global.aspx?
+
Common events include Application_Start, Session_Start,
Application_BeginRequest, Session_End, and Application_End. These events
manage application life cycle tasks. They handle logging, caching, and
security logic. They execute globally for the entire application.
Managed Code?
+
Code executed under the supervision of CLR.
master pages in ASP.NET?
+
Master pages define a common layout for multiple web pages. Content pages
inherit this layout to maintain consistent UI. They reduce duplication of
HTML code. Common parts like headers, footers, and menus are shared.
Master Pages:
+
Master Pages define a common layout for multiple pages. Content pages fill
placeholders within the master. Useful for consistency and easier
maintenance.
Message Queues?
+
Kafka, RabbitMQ, Azure Service Bus.
Metadata in .NET?
+
Information about types, methods, references stored with assemblies.
Methods of session maintenance in ASP.NET:
+
ASP.NET provides several ways to maintain sessions, including In-Process
(InProc), State Server, SQL Server, and Custom session state providers.
Cookies and cookieless sessions are also used. These mechanisms help store
user-specific data across requests.
MFA?
+
Multi-factor authentication using multiple methods.
Microservices Architecture?
+
Architecture pattern where the application is composed of independent
services.
Microservices architecture?
+
System divided into small loosely coupled services.
Middleware components?
+
Pipeline components that process HTTP requests and responses in sequence.
Middleware Concept
+
Middleware are components processing requests in sequence.
Middleware in ASP.NET Core?
+
Pipeline components that process HTTP requests/responses, e.g.,
authentication, routing, logging, CORS.
Middleware Pipeline?
+
Requests pass through ordered middleware, each handling logic before
forwarding.
Middleware Pipeline?
+
Sequential execution of request-processing components in ASP.NET Core.
Middleware?
+
A pipeline component that processes HTTP requests and responses. it is
lightweight, runs cross-platform, and fully configurable in code.
middleware?
+
Components that process HTTP requests in ASP.NET Core pipeline.
Migration commands?
+
dotnet ef migrations add Name; dotnet ef database update
Migrations?
+
System for applying and tracking database schema changes.
Minification and Bundling used?
+
They reduce file size and combine multiple CSS/JS files to improve
performance.
Minimal API?
+
Define routes using MapGet(), MapPost(), MapPut(), etc.,Lightweight syntax
for defining endpoints without controllers.Lightweight HTTP endpoints with
minimal code, ideal for microservices and prototypes.
Minimal API?
+
Lightweight HTTP API setup introduced in .NET 6 using minimal hosting model.
Mocking Framework?
+
Tools like MOQ used to simulate dependencies during testing.
Mocking?
+
Simulating dependencies using fake objects.
Modal Binding in Razor Pages?
+
Mapping form inputs automatically to page properties.
Model Binder?
+
Maps request data to models automatically.
Model Binding
+
Automatically maps form, query string, and JSON data to model classes.
Model Binding?
+
Maps HTTP request data to C# parameters automatically. Model binding maps
incoming request data to method parameters or model objects automatically.
It simplifies request handling in MVC and Web API.
Model Binding?
+
Automatic mapping of HTTP request data to action method parameters.
Model Binding?
+
Automatic mapping of request data to method parameters or models.
Model Binding?
+
Automatic mapping of HTTP request data to model objects.
Model in MVC?
+
Model represents application data and business logic.
Model Validation
+
Uses Data Annotations and custom validation attributes.
Model Validation?
+
Ensures incoming data meets rules via DataAnnotations.
Model Validation?
+
Ensures input values meet defined requirements before processing.
Model Validation?
+
Ensuring input meets validation rules before processing.
ModelState?
+
Stores the state of model binding and validation errors.
Model-View-Controller?
+
MVC is a design pattern that separates an application into Model, View, and
Controller components.
Monolith Architecture?
+
Single deployable unit with tightly coupled components.
Monolithic architecture?
+
Single deployable unit with tightly-coupled components.
MSIL?
+
Intermediate language generated from .NET code before JIT compilation.
Multicast Delegate?
+
Delegate pointing to multiple methods.
Multiple environments
+
Configured using ASPNETCORE_ENVIRONMENT variable (Dev, Staging, Prod).
MVC Architecture
+
Separates application logic into Model, View, Controller.
MVC Components
+
Model stores data, View displays UI, Controller handles requests.
MVC in AngularJS?
+
AngularJS follows an MVC-like architecture. Model holds data, View
represents the UI, and Controller manages logic. It helps in clear
separation of concerns in client-side apps. Angular automates data binding
between Model and View.
MVC in ASP.NET Core?
+
Model-View-Controller pattern used for web UI and API development.
MVC Page life cycle stages:
+
Stages include Routing, Controller initialization, Action execution, Result
execution, and View rendering.
MVC Routing?
+
Maps URL patterns to controller actions.
MVC works in Spring?
+
Spring MVC uses DispatcherServlet as the front controller. It routes
requests to controllers. Controllers return Model and View data. The
ViewResolver renders the final response.
MVC?
+
A design pattern dividing application logic into Model, View, Controller.
MVC?
+
MVC stands for Model-View-Controller architecture separating UI, data, and
logic.
MVC?
+
MVC (Model-View-Controller) separates business logic, UI, and request
handling into Model, View, and Controller.This improves testability,
maintainability, scalability, and is widely used for modern web
applications.
Name the assembly in which the MVC framework is
typically defined.
+
ASP.NET MVC is mainly defined in the System.Web.Mvc assembly.
Namespace?
+
A container for organizing classes and types.
Navigate from one view to another using a
hyperlink?
+
Use the Html.ActionLink() helper in MVC. Example: @Html.ActionLink("Go to
About", "About", "Home"). This generates an anchor tag with route mapping.
Clicking it redirects to the specified view.
Navigation between views example.
+
Using hyperlink: Go to About.
Navigation techniques:
+
Navigation in ASP.NET uses Hyperlinks, Response.Redirect, Server.Transfer,
Cross-page posting, and Site Navigation controls like Menu and TreeView. It
helps users move between pages.
New features in ASP.NET Core?
+
Dependency Injection built-in, cross-platform, unified MVC+Web API,
lightweight middleware pipeline, and performance improvements.Enhanced
Minimal APIs, improved performance, better real-time support, updated
security, and stronger observability tools.
New in .NET Core 2.1 / ASP.NET Core 2.1?
+
Features include Razor Class Libraries, HTTPS by default, SPA templates,
SignalR support, and GDPR compliance tools. It also introduced global tools,
improved performance, and simplified identity UI.
Non-Repudiation?
+
Ensuring actions cannot be denied by users.
N-Tier architecture?
+
Layers like UI, Business, Data Access.
NTLM?
+
Windows challenge-response authentication protocol.
NuGet?
+
NuGet is the package manager for .NET. Developers use it to download, share,
and manage libraries. It supports dependency resolution and automatic
updates.
NuGet?
+
Package manager for .NET libraries.
Nullable type?
+
Represents value types that can be null.
NUnit/MSTest?
+
Unit testing frameworks for .NET.
OAuth Refresh Token Rotation?
+
Invalidating old refresh token when issuing a new one.
OAuth vs SAML?
+
OAuth is authorization; SAML is authentication using XML.
OAuth?
+
Open standard for secure delegated access.
OAuth2 Authorization Code Flow?
+
Secure flow used by web apps requiring user login.
OAuth2 Client Credentials Flow?
+
Service-to-service authorization.
OAuth2 Implicit Flow?
+
Legacy browser flow not recommended.
OAuth2?
+
Delegated authorization framework for delegated access.
OAuth2?
+
Authorization framework allowing delegated access using tokens.
OOP?
+
Programming model using classes, inheritance, and polymorphism.
OpenID Connect?
+
Authentication layer on top of OAuth2 for user login and identity
management.
OpenID Connect?
+
Authentication layer built on top of OAuth 2.0.
OpenID Connect?
+
Identity layer on top of OAuth 2.0.
OpenID Connect?
+
Identity layer on top of OAuth for login authentication.
Optimistic Concurrency?
+
Use [Timestamp]/RowVersion to prevent data overwrites via row-version
checks.
Options Pattern
+
Used to bind strongly typed classes to configuration sections.
Order of filter execution in MVC
+
Order: 1. Authorization Filters 2. Action Filters 3. Result Filters 4.
Exception Filters Execution occurs in a defined pipeline sequence.
Ordering execution when multiple filters are
used:
+
Filters run in the order: Authorization → Action → Result → Exception
filters. Custom ordering can also be defined using the Order property.
OutputCache?
+
Caching mechanism used in MVC Framework to improve response time.
OWIN and ASP.NET Core
+
OWIN was designed to decouple web servers from web applications. ASP.NET
Core builds on the same lightweight pipeline concept but replaces OWIN with
a more flexible middleware model.
package enables Swagger?
+
Swashbuckle.AspNetCore
Page directives in ASP.NET:
+
Page directives provide configuration and instruction to the compiler.
Examples include @Page, @Import, @Master, and @Control. They define
attributes like language, inheritance, and code-behind file.
Pagination coding question?
+
Implement Skip(), Take(), and metadata.
Pagination in API?
+
Return data with totalCount, pageNo, pageSize.
Partial Class?
+
Split class across multiple files.
Partial view in MVC?
+
A partial view is a reusable piece of UI code. It works like a user control
and avoids code duplication. It is rendered inside another view. Useful for
menus, headers, and reusable content blocks.
Partial View?
+
Reusable view component shared across multiple views.
Partial View?
+
Reusable UI component used in multiple views.
Partial Views
+
Partial views reuse UI sections like menus or forms. They reduce code
duplication and improve maintainability.
Parts of JWT?
+
Header, Payload, Signature.
PBAC?
+
Policy-Based Access Control.
Permission?
+
A specific capability like Read, Write, or Delete.
Permission-Based API Authorization?
+
APIs check user permissions before actions.
PKCE?
+
Enhanced security for mobile and SPA apps.
Points to remember while creating MVC
application?
+
Maintain separation of concerns. Use routing properly for readability. Keep
business logic in the Model or services. Use ViewModels instead of exposing
database models.
Policies in authorization?
+
Reusable authorization rules defined using AddAuthorization.
Policy Decision Point (PDP)?
+
Component that evaluates authorization policy.
Policy Enforcement Point (PEP)?
+
Component that checks access rules.
Policy-Based Authorization?
+
Define custom authorization rules inside AddAuthorization().
Polymorphism?
+
Ability to override methods for different behavior.
Post-Authorization Logging?
+
Record actions taken after authorization.
PostBack property:
+
IsPostBack indicates whether the page is loaded first time or due to a user
action like a button click. It helps avoid re-binding data unnecessarily.
Useful for improving performance.
PostBack?
+
When a page sends data to the server and reloads itself.
Prevent CSRF?
+
Anti-forgery tokens and SameSite cookies.
Prevent SQL Injection?
+
Parameterized queries/EF Core.
Principle of Least Privilege?
+
Users get only required permissions.
Privilege Escalation?
+
Attack where user gains unauthorized permissions.
Privileged Access Management (PAM)?
+
System to monitor and control high-privilege accounts.
Program.cs used for?
+
Defines application bootstrap, host builder, and startup configuration.
Program.cs?
+
Entry point that configures the host, services, and middleware.
Purpose of MVC pattern?
+
To separate concerns and make application maintainable, testable, and
scalable.
Query String in ASP?
+
Query strings pass values through the URL during page requests. They are
used for lightweight data transfer. A query string starts after a ? in the
URL. It is visible to users, so sensitive data should not be stored.
Rate Limiting?
+
Restricting how many requests a client can make.
rate limiting?
+
Controlling request frequency to protect system resources.
Rate Limiting?
+
Controls request frequency to prevent abuse.
Razor Pages in ASP.NET Core?
+
Page-focused ASP.NET Core model with combined view and logic, ideal for CRUD
apps.
Razor Pages?
+
A page-focused ASP.NET Core model where each page has its own UI and logic,
ideal for simpler web apps.
Razor Pages?
+
A page-based framework for building UI similar to MVC but simpler.
Razor Pages?
+
Page-based model alternative to MVC introduced in .NET Core.
Razor View Engine?
+
Syntax for rendering HTML with C# code.
Razor View Engine?
+
Lightweight syntax for writing server-side code inside HTML.
Razor view file extensions:
+
.cshtml (C# Razor) and .vbhtml (VB Razor) are used for Razor views.
Razor?
+
Razor is a templating engine used in ASP.NET MVC and Razor Pages. It
combines C# with HTML to generate dynamic UI. It is lightweight, fast, and
easy to use.
Razor?
+
A markup syntax in ASP.NET for embedding C# into views.
RBAC?
+
Role-Based Access Control.
Real-life example of MVC?
+
A shopping website: Model: Product data View: Product display page
Controller: User actions like Add to Cart They work together to complete
functionality.
RedirectToAction()?
+
Redirects browser to another action or controller.
Redis caching coding?
+
AddStackExchangeRedisCache().
Redis?
+
Fast distributed in-memory caching system.
Redis?
+
In-memory distributed caching system.
Reflection?
+
Inspecting metadata and creating objects dynamically at runtime.
Refresh Token?
+
A long-lived token used to obtain new access tokens without re-login.
Remoting?
+
Legacy communication between .NET applications.
RenderBody vs RenderPage:
+
RenderBody() outputs the content of the child view in layout. RenderPage()
inserts another Razor page inside a view like a partial.
RenderBody() outputs the content of the child
view in layout. RenderPage() inserts another Razor page inside a view like a
partial.
+
Additional Questions
Repository Pattern?
+
Abstraction layer over data access.
Repository Pattern?
+
Abstraction layer separating business logic from data access logic.
Repository Pattern?
+
A pattern separating data access layer from business logic.
Request Delegate?
+
A delegate such as RequestDelegate handles HTTP requests and responses
inside middleware.
Resource Server?
+
API that verifies and uses access tokens.
Resource?
+
A data entity identified by a URI like /users/1.
Resource-Based Authorization?
+
Authorization rules applied based on a specific resource instance.
Response Compression?
+
Compresses HTTP responses using gzip/br or deflate.
Response Compression?
+
Compressing HTTP output for faster response.
REST API?
+
API that adheres to REST principles such as statelessness, resource
identification, caching.
REST?
+
An architectural style using stateless communication over HTTP with
resources.
REST?
+
Representational State Transfer — stateless communication using HTTP verbs.
Retry Policy?
+
Automatic retry logic for failed external calls.
Return PartialView()?
+
Returns only partial content without layout.
Return types of an action method:
+
Returns include ViewResult, JsonResult, RedirectResult, ContentResult,
FileResult, and ActionResult.
Return View()?
+
Returns a full view to the browser.
reverse proxy?
+
Middleware forwarding requests from IIS/Nginx to Kestrel.
Role of ActionFilters in MVC?
+
ActionFilters allow you to run logic before or after an action executes.
They help in cross-cutting concerns like logging, authentication, caching,
and exception handling. Filters can be applied at the controller or method
level. Examples include: Authorize, HandleError, and OutputCache.
Role of Configure() method?
+
Defines the request handling pipeline using middleware like routing,
authentication, static files, etc.
Role of ConfigureServices()
+
Used to register services like DI, EF Core, identity, logging, and custom
services.
Role of IHostingEnvironment?
+
Provides environment-specific info like Development, Production, and
staging.
Role of Middleware
+
Authentication, logging, routing, exception handling.
Role of MVC components:
+
Presentation (View) shows data, Abstraction (Model) handles logic/data,
Control (Controller) manages requests and updates.
Role of MVC in AngularJS?
+
MVC helps structure the application for maintainability. Model stores data,
View displays data using HTML, and Controller updates data. Angular’s
two-way binding keeps Model and View synchronized. It helps in scaling
complex front-end applications.
Role of Startup class?
+
It configures application services via ConfigureServices() and request
pipeline via Configure().
Role of WebHost.CreateDefaultBuilder()?
+
Configures default settings like Kestrel, logging, config, ENV detection.
Role?
+
A named group of permissions.
Role-Based Authorization?
+
Restrict access using roles, e.g., [Authorize(Roles="Admin")].
RouteConfig.cs?
+
Contains registration logic for routing in MVC Framework.
Routes difference in WebForm vs MVC:
+
WebForms use file-based routing, MVC uses pattern-based routing with
controllers and actions.
Routing
+
Maps URLs to controllers and actions using UseRouting() and
MapControllerRoute().
routing and three segments?
+
Routing is the process of mapping incoming URLs to controller actions. The
default pattern contains three segments: {controller}/{action}/{id}. It
helps in SEO-friendly and user-readable URLs.
Routing carried out in MVC?
+
Routing engine matches the URL with route patterns from the RouteConfig and
executes the mapped controller and action.
Routing in MVC?
+
Routing maps URLs to corresponding Controller actions.
routing in MVC?
+
Routing maps incoming URL requests to specific controllers and actions.
Routing is done in the MVC pattern?
+
Routing is handled by a RouteConfig.cs file (or Program.cs in .NET Core).
ASP.NET MVC uses pattern matching to map URLs to controllers. Routes are
registered at application startup. Based on the URL, MVC identifies which
controller and action to execute.
Routing is not required?
+
1. Serving static files (images, CSS, JS). 2. Accessing .axd resource
handlers. Routing bypasses these requests automatically. 31) Features of
MVC?
Routing Types
+
Convention-based routing and attribute routing.
Routing?
+
Matches HTTP requests to endpoints.
routing?
+
Route mapping of URLs to controller actions.
Routing?
+
Mapping incoming URLs to controller actions or endpoints.
Row-Level Security?
+
User can only access specific rows based on rules.
Rules of Razor syntax:
+
Razor starts with @, supports IntelliSense, has clean HTML mixing, and
minimizes closing tags compared to ASPX.
runtime does ASP.NET Core use?
+
.NET 5/6/7/8 (Unified .NET runtime).
Runtime Identifiers (RID)?
+
RID represents the platform where an app runs (e.g., win-x64, linux-arm64).
Used for publishing self-contained apps.
Scaffolding?
+
Automatic generation of CRUD code for model and views.
Scope Creep?
+
Unauthorized expansion of delegated access.
Scope in OAuth2?
+
Defines what access the client is requesting.
Scoped lifetime?
+
Service created once per request.
Scoped lifetime?
+
One instance per HTTP request.
Scoped lifetime?
+
Creates one instance per client request.
Sealed class?
+
Class that cannot be inherited.
Security & Authorization
+
ASP.NET Core uses policies, role-based access, authentication middleware,
and secure coding to protect resources. Best practices include HTTPS, input
validation, and secure tokens.
Self-Authorization Design?
+
User automatically given access to own resources.
Self-Contained Deployment?
+
The app includes its own .NET runtime. It does not require .NET to be
installed on the host machine.
Send JSON result in MVC?
+
Use return Json(object, JsonRequestBehavior.AllowGet);. This serializes the
object into JSON format. Useful in AJAX-based applications. It is commonly
used in API responses.
Separation of Duties?
+
Critical tasks split among multiple users.
Serialization Libraries?
+
System.Text.Json, Newtonsoft.Json.
Serialization?
+
Converting objects to byte streams, JSON, or XML.
Serilog?
+
Third-party structured logging library.
Serverless Computing?
+
Execution model where cloud runs functions without managing servers.
Server-side validation?
+
Validation performed on server during HTTP request processing.
Service Lifetimes
+
Transient, Scoped, Singleton.
Service Lifetimes?
+
Singleton, Scoped, Transient.
Session Fixation?
+
Attack that hijacks a valid session.
Session in MVC Core?
+
Stores user state data server-side while maintaining stateless nature.
Session State Management
+
Uses cookies, TempData, distributed caching, or session middleware.
Session State?
+
Server-side storage for user data.
session?
+
Server-side state management storing user data across requests.
Sessions maintained in MVC?
+
Sessions can be maintained using Session[] variables. Example:
Session["User"] = "John";. ASP.NET uses server-side storage for session
values. Cookies or session identifiers track user session state.
SignalR?
+
SignalR is a .NET library for real-time communication. It supports
WebSockets and used for chat apps, live dashboards, and notifications.
SignalR?
+
Real-time communication framework for push notifications, chat, live
updates.
SignalR?
+
Framework for real-time communication like chat, live updates.
Significance of NonActionAttribute:
+
NonActionAttribute is used in MVC to prevent a public method inside a
controller from being treated as an action method. It tells the framework
not to expose or invoke the method via routing. This is useful for helper or
private logic inside controllers.
Singleton lifetime?
+
Service instance created once for entire application lifetime.
Singleton lifetime?
+
Single instance for the entire application lifecycle.
Singleton lifetime?
+
One instance shared across application lifetime.
Soft Delete in API?
+
Use IsDeleted filter globally.
Soft Delete?
+
Mark record as deleted instead of physically removing.
SOLID?
+
Five design principles: SRP, OCP, LSP, ISP, DIP.
Spring MVC?
+
Spring MVC is a Java-based MVC framework used to build flexible and loosely
coupled web applications.
SQL Injection?
+
Attack using unsafe SQL input.
SQL Injection?
+
Security attack via malicious SQL input.
SSO?
+
Single Sign-On allows login once across multiple apps.
SSO?
+
Single Sign-On allowing one login for multiple applications.
Startup class used for?
+
Configures services and the HTTP request pipeline.
Startup.cs?
+
Startup.cs in ASP.NET Core configures the application’s services and
middleware pipeline. The ConfigureServices method registers services like
dependency injection, database contexts, and authentication. The Configure
method sets up middleware such as routing, error handling, and static files.
It defines how the app responds to HTTP requests during startup.
Startup.cs?
+
File configuring middleware, routing, authentication in MVC Core.
Statelessness?
+
Server stores no client session; each request is independent.
Static Authorization?
+
Predefined access rules.
Static class?
+
Class that cannot be instantiated.
Steps in the execution of an MVC project?
+
Request goes to the Routing Engine, which maps it to a controller and
action. The controller executes the required logic and interacts with the
model. A View is selected and rendered to the browser. Finally, the response
is returned to the client.
stored procedures?
+
Precompiled SQL code stored in the database.
Strong naming?
+
Assigning a unique identity using public/private key pairs.
strongly typed view?
+
A view bound to a specific model class for compile-time validation.
strongly typed view?
+
A view bound to a specific model class using @model keyword.
Strongly Typed Views
+
These views are bound to a model class using @model. They improve
IntelliSense, compile-time safety, and easier data handling.
Swagger/OpenAPI?
+
Tool to document and test REST APIs.
Swagger?
+
Framework to document and test APIs interactively.
Swagger?
+
Documentation and testing tool for APIs.
Swagger?
+
Auto-documentation and testing tool for APIs.
Tag Helper in ASP.NET Core?
+
Tag helpers are server-side components that enable C# code to be used in
HTML elements. They make views cleaner and more readable, especially for
forms, routing, and validation. Examples include asp-controller, asp-route,
and asp-validation-for.
Tag Helper?
+
Server-side helpers to generate HTML in Razor views.
Tag Helper?
+
Server-side components used to generate dynamic HTML.
Tag Helpers?
+
Server-side Razor components that generate HTML in .NET Core MVC.
Task Parallel Library (TPL)?
+
Framework for parallel programming using tasks.
TempData in MVC?
+
TempData stores data temporarily and is used to pass values across requests,
especially during redirects.
TempData used for?
+
Used to pass data across redirects between actions.
TempData: Stores data temporarily across
redirects.
+
ViewData: Key-value store for passing data to view.
TempData?
+
Stores data for one request cycle.
TempData?
+
Stores data temporarily and persists across redirects.
the Base Class Library?
+
Reusable classes for IO, networking, collections, threading, XML, etc.
the DifBet early and late binding?
+
Early binding resolved at compile time, late binding at runtime.
the main components of .NET Framework?
+
CLR, Base Class Library, ASP.NET, ADO.NET, WPF, WCF.
Themes in ASP.NET application?
+
Themes style pages and controls consistently using CSS, skin files, and
images stored in the App_Themes folder;they can be applied via Page
directive, Web.config, or programmatically to maintain a uniform UI design.
Themes in ASP.NET:
+
Themes define the UI look and feel of a web application. They include
styles, skins, and images. Useful for consistent branding across pages.
Threading?
+
Executing multiple tasks concurrently.
Throttling?
+
Controlling request frequency.
Token Authentication?
+
Authentication based on tokens instead of cookies.
Token Binding?
+
Crypto mechanism tying tokens to client devices.
Token Exchange?
+
Exchanging one token for another for different scopes.
Token Introspection?
+
Process of validating token on the Authorization Server.
Token Revocation?
+
Process of invalidating tokens before expiration.
Token-Based Authorization?
+
Access granted via tokens like JWT.
tracing in .NET?
+
Tracing helps debug and analyze runtime behavior. It displays request
details, control hierarchy, and performance info. Tracing can be enabled at
page or application level. It is useful during development for
troubleshooting.
Tracking vs NoTracking?
+
AsNoTracking improves performance for reads.
Transient lifetime?
+
New instance created each time the service is requested.
Transient lifetime?
+
Creates a new instance each time requested.
Transient lifetime?
+
Creates a new instance every time requested.
Two approaches of adding constraints to a route:
+
Constraints can be added using regular expressions or built-in constraint
classes like HttpMethodConstraint.
Two ways to add constraints to a route?
+
1. Using Regular Expressions. 2. Using Parameter Constraints (like int,
guid). They restrict valid route patterns. Helps avoid ambiguity.
Two ways to add constraints:
+
Using Regex constraints or custom constraint classes/interfaces.
Types of ActionResult?
+
ViewResult, JsonResult, RedirectResult, FileResult, PartialViewResult,
ContentResult.
Types of authentication in ASP.NET?
+
Forms, Windows, Passport, Token, Basic.
Types of Caching?
+
In-memory, Distributed, Redis, Response caching.
Types of caching?
+
Output caching, Data caching, Distributed caching.
Types of caching?
+
In-Memory Cache, Distributed Cache, Response Cache.
Types of DI lifetimes?
+
Singleton, Scoped, Transient.
Types of filters?
+
Authorization, Action, Result, and Exception filters.
Types of Filters?
+
Authorization, Action, Result, Exception filters.
Types of JIT?
+
Pre-JIT, Econo-JIT, Normal-JIT.
Types of results in MVC?
+
Common types include: ViewResult JsonResult RedirectResult ContentResult
FileResult Each type corresponds to a different response format.
Types of Routing?
+
Attribute routing, Conventional routing, Minimal API routing.
Types of routing?
+
Convention-based routing and Attribute routing.
Types of Routing?
+
Convention-based and Attribute-based routing.
Types of serialization?
+
Binary, XML, SOAP, JSON.
Unboxing?
+
Extracting value type from object.
Unit of Work Pattern?
+
Manages multiple repositories under a single transaction.
Unit of Work Pattern?
+
Manages multiple repository operations under a single transaction.
Unit of Work Pattern?
+
Manages multiple repository operations under a single transaction.
Unit Testing Controllers
+
Controllers are tested using mock dependencies injected via constructor.
Frameworks like Moq help simulate external services.
Unit Testing in MVC?
+
Testing controllers, models, and logic without running UI.
Unit Testing?
+
Testing individual code components.
Unmanaged Code?
+
Code executed directly by OS outside CLR like C/C++.
URI vs URL?
+
URI identifies a resource; URL locates it.
URL Rewriting Middleware
+
This middleware modifies request URLs before routing. It is useful for SEO
redirects, legacy URL support, and HTTPS enforcement.
Use MVC in JSP?
+
Use Java Beans as Model, JSP as View, and Servlets as Controllers. The
controller receives requests, interacts with the model, and forwards output
to the view. Ensures clean separation of logic. 35) How MVC works in Spring?
Use of ActionFilters in MVC?
+
Action filters execute custom logic before or after Action methods, such as
logging, caching, or authorization.
Use of CheckBox in .NET?
+
A CheckBox allows users to select one or multiple options. It returns
true/false based on user selection. It can trigger events like
CheckedChanged. It is widely used in forms and permissions.
Use of default route {resource}.axd/{*pathinfo}?
+
It is used to ignore requests for Web Resource files. Static resources like
scripts and images are handled separately. Prevents MVC routing from
processing system files. Used mainly for performance optimization.
Use of ng-controller in external files?
+
ng-controller helps load logic defined in a separate JavaScript file. This
separation keeps code modular and manageable. It also promotes reusability
and avoids inline scripts. Used for scalable Angular applications.
Use of UseIISIntegration?
+
Configures the app to work with IIS as a reverse proxy.
Use of ViewModel:
+
A ViewModel holds data required by the view and may combine multiple models.
It improves separation of concerns.
Use repeater control in ASP.NET?
+
Repeater displays repeated data from data sources like SQL or Lists. It
provides full HTML control without predefined layout. Data is bound using
DataBind() method. Ideal for flexible UI formatting.
used to handle an error in MVC?
+
MVC uses Exception Filters, HandleErrorAttribute, custom error pages, and
global filters to handle errors. It also supports logging frameworks for
exception tracking.
Using ASP.NET Core APIs from a Class Library
+
Class libraries can reference ASP.NET Core packages and use dependency
injection to access services. Shared logic like validation or domain models
can be placed in the library for reuse.
Using hyperlink:
+
Go to About
Validation in ASP.NET Core
+
Validation uses data annotations and model binding. It ensures rules are
applied once and reused across views and APIs (DRY principle).
Validation in MVC?
+
Process ensuring user input meets defined rules before saving.
Various JSON files in ASP.NET Core?
+
appsettings.json, launchSettings.json, bundleconfig.json, and
environment-specific config files.
Various steps to create the request object?
+
MVC parses the incoming HTTP request. It identifies route data, initializes
the Controller and Action. Binding occurs to form parameters and then the
request object is passed.
View Component?
+
Reusable rendering component similar to partial views but with logic.
View Engine?
+
Component that renders UI from templates.
View in MVC?
+
View is the UI representation of model data shown to the user.
View Models
+
Custom class containing only data required by the View.
View State?
+
Preserves page and control values across postbacks in ASP.NET WebForms using
a hidden field.
ViewBag?
+
Dynamic data dictionary for passing data from controller to view.
ViewData: Key-value store for passing data to
view.
+
ViewBag: Dynamic wrapper around ViewData.
ViewData?
+
A dictionary-based container to pass data between controller and view.
ViewEngineResult?
+
Represents result of view engine locating view or partial.
ViewEngines?
+
Engines that compile and render views like RazorViewEngine.
ViewImports.cshtml?
+
Registers namespaces, helpers, and tag helpers for Razor views.
ViewModel?
+
A class combining multiple models or additional data required by the view.
ViewStart.cshtml?
+
Executes before every view and sets layout page.
ViewStart?
+
_ViewStart.cshtml runs before each view and sets common settings like
layout. It helps avoid repeating configuration in each view.
ViewState?
+
Mechanism to persist page and control values in Web Forms.
ViewState?
+
A mechanism in ASP.NET WebForms to preserve page and control state across
postbacks.
WCF bindings?
+
Transport protocols like basicHttpBinding, wsHttpBinding.
WCF?
+
Windows Communication Foundation for building service-oriented apps.
Web API in ASP.NET Core?
+
Framework for building RESTful services.
Web API in ASP.NET?
+
ASP.NET Web API is used to build RESTful services. It supports formats like
JSON and XML. It enables communication between client and server
applications. Web API is lightweight and ideal for mobile and SPA
applications.
Web API vs MVC?
+
MVC returns views while Web API returns JSON/XML data.
Web API?
+
Web API is used to build RESTful HTTP services in .NET. It supports JSON,
XML, routing, authentication, and stateless communication.
Web API?
+
A framework for building RESTful services over HTTP in ASP.NET.
Web Farm?
+
Multiple servers hosting the same application.
Web Garden?
+
Multiple worker processes in same application pool.
Web Services in ASP.NET?
+
HTTP-based services using XML/SOAP for cross-platform communication (.asmx
files). They use XML and SOAP protocols for data exchange. They help build
interoperable solutions across platforms. ASP.NET Web Services expose
methods using [.asmx] files.
Web.config file in ASP?
+
Web.config is an XML configuration file for ASP.NET applications. It stores
settings like database connections, security, and session management. It
controls application-level behavior without recompiling code. Multiple
Web.config files can exist for different directories.
Web.config?
+
Configuration file for ASP.NET application.
Web.config?
+
Configuration file for ASP.NET applications in .NET Framework.
Web.config?
+
Configuration file used in .NET MVC Framework applications.
WebListener?
+
A Windows-only web server used when advanced Windows authentication features
are required.
WebParts:
+
WebParts allow building customizable and personalized pages. Users can
rearrange, edit, or hide parts of a page. Useful in dashboards and portal
applications.
WebSocket?
+
Persistent full-duplex communication protocol for real-time applications.
WebSocket?
+
Persistent full-duplex connection used in real-time communication.
Where Startup.cs in ASP.NET Core 6.0?
+
In .NET 6+, minimal hosting model removes Startup.cs. Configuration like
services, routing, and middleware is now placed directly in Program.cs.
Why are API keys less secure?
+
No expiration and easily leaked.
Why choose .NET for development?
+
.NET provides high performance, strong ecosystem, cross-platform support,
built-in DI, cloud readiness, and great tooling like Visual Studio and
GitHub Copilot. It's ideal for enterprise, web, mobile, and microservice
applications.
Why do Access Tokens expire?
+
To reduce security risks and limit exposed lifetime.
Why not store authorization logic in UI?
+
Client-side can be tampered; authorization must be server-side.
Why use ASP.NET Core?
+
Fast, scalable, cloud-ready, open-source, modular design, and ideal for
Microservices and container deployments.
Why validate authorization on every request?
+
To ensure permissions haven't changed.
Windows Authentication?
+
Uses Windows credentials for login.
Windows Authorization?
+
Authorization using Windows identity and AD groups.
Worker Services?
+
Worker Services run background jobs without UI. They are ideal for scheduled
tasks, queue processing, and microservice background jobs.
WPF MVVM Pattern?
+
Model-View-ViewModel for UI separation.
WPF?
+
Windows Presentation Foundation for building rich desktop UIs.
wroot folder in ASP.NET Core?
+
Public web root for static files (CSS, JS, images); files outside are not
directly accessible.
XACML?
+
Authorization standard using XML-based policies.
XAML?
+
Markup language used to define UI elements in WPF.
XSS Prevention
+
XSS occurs when user input is executed as script. ASP.NET Core prevents this
through automatic HTML encoding and validation.
XSS?
+
Cross-site scripting via malicious scripts.
Zero Trust?
+
Always verify identity regardless of network.
JKM 100+ DevOps Essential concepts
🔄 CI/CD
+
#Continuous Integration (CI): The practice of merging all developers'
working copies
to a shared mainline several times a day. #Continuous Deployment (CD): The
practice
of releasing every change to customers through an automated pipeline.
🏗 Infrastructure as Code (IaC)
+
The process of managing and provisioning computer data centers through
machine-readable definition files, rather than physical hardware
configuration or
interactive configuration tools.
📚 Version Control Systems
+
#Git: A distributed version control system for tracking changes in source
code
during software development. #Subversion: A centralized version control
system
characterized by its reliability as a safe haven for valuable data.
🔬 Test Automation
+
#_Test Automation involves the use of special software (separate from the
software
being tested) to control the execution of tests and the comparison of actual
outcomes with predicted outcomes. Automated testing can extend the depth and
scope
of tests to help improve software quality. #_It involves automating a manual
process
necessary for the testing phase of the software development lifecycle. These
tests
can include functionality testing, performance testing, regression testing,
and
more. #_The goal of test automation is to increase efficiency,
effectiveness, and
coverage of software testing with the least amount of human intervention. It
allows
for the repeated running of these tests, which would be otherwise difficult
to
perform manually. #_Test automation is a critical part of Continuous
Integration and
Continuous Deployment (CI/CD) practices, as it enables frequent and
consistent
testing to catch issues as early as possible.
⚙️ Configuration Management
+
The process of systematically handling changes to a system in a way that it
maintains integrity over time.
📦 Containerization
+
#Docker: An open-source platform that automates the deployment, scaling, and
management of applications. #Kubernetes: An open-source system for
automating
deployment, scaling, and management of containerized applications.
👀 Monitoring and Logging
+
The process of checking the status or progress of something over time and
maintaining an ordered record of events.
🧩 Microservices
+
An architectural style that structures an application as a collection of
services
that are highly maintainable and testable.
📊 DevOps Metrics
+
Key Performance Indicators (KPIs) used to evaluate the effectiveness of a
DevOps
team, like deployment frequency or mean time to recovery.
☁ Cloud Computing
+
#AWS: Amazon's cloud computing platform that provides a mix of
infrastructure as a
service (IaaS), platform as a service (PaaS), and packaged software as a
service
(SaaS) offerings. #Azure: Microsoft's public cloud computing platform. #GCP:
Google's suite of cloud computing services that runs on the same
infrastructure that
Google uses internally for its end-user products.
🔒 Security in DevOps (DevSecOps)
+
The philosophy of integrating security practices within the DevOps process.
🗃 GitOps
+
A way of implementing Continuous Deployment for cloud native applications,
using Git
as a 'single source of truth'.
🌍 Declarative System
+
In a declarative system, the desired system state is described in a file (or
set of
files), and it's the system's responsibility to achieve this state. This
contrasts
with an imperative system, where specific commands are executed to reach the
desired
state. GitOps relies on declarative specifications to manage system
configurations.
🔄 Convergence
+
In the context of GitOps, convergence refers to the process of the system
moving
towards the desired state, as described in the Git repository. When changes
are made
to the repository, automated processes reconcile the current system state
with the
desired state.
🔁 Reconciliation Loops
+
In GitOps, reconciliation loops are the continuous cycles of checking the
current
system state and applying changes to converge towards the desired state.
These are
often managed by Kubernetes operators or controllers.
💼 Configuration Drift
+
Configuration drift refers to the phenomenon where environments become
inconsistent
over time due to manual changes or updates. GitOps helps to avoid this by
ensuring
all changes are made in the Git repository and automatically applied to the
system.
💻 Infrastructure as Code (IaC)
+
While this isn't exclusive to GitOps, IaC is a key component of the GitOps
approach.
Infrastructure as Code involves managing and provisioning computing
resources
through machine-readable definition files, rather than manual hardware
configuration
or interactive configuration tools. In GitOps, all changes to the system are
made
through the Git repository. This provides a clear audit trail of all
changes,
supports easy rollbacks, and ensures all changes are reviewed and approved
before
being applied to the system.
🚀 Canary Deployments
+
Canary deployments involve releasing new versions of a service to a small
subset of
users before rolling it out to all users. This approach, often used in
conjunction
with GitOps, allows teams to test and monitor the new version in a live
environment
with real users, reducing the risk of a full-scale deployment.
🚫💻 Serverless Architecture
+
A software design pattern where applications are hosted by a third-party
service,
eliminating the need for server software and hardware management. Agile
Methodology
An approach to project management, used in software development, that helps
teams
respond to the unpredictability of building software through incremental,
iterative
work cadences, known as sprints. IT Operations The set of all processes and
services
that are both provisioned by an IT staff to their internal or external
clients and
used by themselves.
📜 Scripting & Automation
+
The ability to write scripts in languages like Bash and Python to automate
repetitive tasks.
🔨 Build Tools
+
Tools that automate the creation of executable applications from source code
(e.g.,
Maven, Gradle, and Ant). Understanding the basics of networking is crucial
for
creating and managing applications in the Cloud.
⏱ Performance Testing
+
Testing conducted to determine how a system performs in terms of
responsiveness and
stability under a particular workload.
🔁 Load Balancing
+
The process of distributing network traffic across multiple servers to
ensure no
single server bears too much demand.
💻 Virtualization
+
The process of creating a virtual version of something, including virtual
computer
hardware systems, storage devices, and computer network resources.
🌍 Web Services
+
Services used by the network to send and receive data (e.g., REST and SOAP).
💾 Database Management
+
Understanding databases, their management, and their interaction with
applications
is a key skill (e.g., MySQL, PostgreSQL, MongoDB).
📈 Scalability
+
The capability of a system to grow and manage increased demand.
🔥 Disaster Recovery
+
The area of security planning that deals with protecting an organization
from the
effects of significant negative events.
🛡 Incident Management
+
The process to identify, analyze, and correct hazards to prevent a future
re-occurrence. The process of managing the incoming and outgoing network
traffic.
⚖ Capacity Planning
+
The process of determining the production capacity needed by an organization
to meet
changing demands for its products.
📝 Documentation
+
Creating high-quality documentation is a key skill for any DevOps engineer.
🧪 Chaos Engineering
+
The discipline of experimenting on a system to build confidence in the
system's
capability to withstand turbulent conditions in production.
🔐 Access Management
+
The process of granting authorized users the right to use a service, while
preventing access to non-authorized users.
🔗 API Management
+
The process of creating, publishing, documenting, and overseeing APIs in a
secure
and scalable environment.
🧱 Architecture Design
+
The practice of designing the overall architecture of a software system.
🏷 Tagging Strategy
+
A strategy for tagging resources in cloud environments to keep track of
ownership
and costs.
🔍 Observability
+
The ability to infer the internal states of a system based on the outputs it
produces. A storage space for binary and source code artifacts (e.g., JFrog
Artifactory).
🧰 Toolchain Management
+
The process of selecting, integrating, and managing the right set of tools
to
support collaborative development, build, test, and release.
📟 On-call Duty
+
The responsibility of engineers to be available to troubleshoot and resolve
issues
that arise in a production environment.
🎛 Feature Toggles
+
A technique that allows teams to modify system behavior without changing
code.
📑 License Management
+
The process of managing and optimizing the purchase, deployment,
maintenance,
utilization, and disposal of software applications within an organization.
🐳 Docker Images
+
Docker images are lightweight, stand-alone, executable packages that include
everything needed to run a piece of software.
🔄 Kubernetes Pods
+
A pod is the smallest and simplest unit in the Kubernetes object model that
you
create or deploy.
🚀 Deployment Strategies
+
Techniques for updating applications, such as rolling updates, blue/green
deployments, or canary releases.
⚙ YAML, JSON
+
These are data serialization languages often used for configuration files
and in
applications where data is being stored or transmitted. A software emulation
of a
physical computer, running an operating system and applications just like a
physical
computer.
💽 Disk Imaging
+
The process of copying the contents of a computer hard disk into a data file
or disk
image.
📚 Knowledge Sharing
+
A key aspect of DevOps culture, involving the sharing of knowledge and best
practices across the organization.
🌐 Cloud Services Models
+
Different models of cloud services, including IaaS, PaaS, and SaaS.
💤 Idle Process Management
+
The management and removal of idle processes to free up resources.
🕸 Service Mesh
+
A dedicated infrastructure layer for handling service-to-service
communication,
often used in microservices architecture.
💼 Project Management Tools
+
Tools used for project management, like Jira, Trello, or Asana.
📡 Proxy Servers
+
Servers that act as intermediaries for requests from clients seeking
resources from
other servers.
🌁 Cloud Migration
+
The process of moving data, applications, and other business elements from
an
organization's onsite computers to the cloud.
Hybrid Cloud
+
A cloud computing environment that uses a mix of on-premises, private cloud,
and
third-party, public cloud services with orchestration between the two
platforms.
☸ Helm in Kubernetes
+
Helm is a package manager for Kubernetes that allows developers and
operators to
more easily package, configure, and deploy applications and services onto
Kubernetes
clusters.
🔒 Secure Sockets Layer (SSL)
+
A standard security technology for establishing an encrypted link between a
server
and a client.
👥 User Experience (UX)
+
The process of creating products that provide meaningful and relevant
experiences to
users.
🔄 Reverse Proxy
+
A type of proxy server that retrieves resources on behalf of a client from
one or
more servers.
👾 Anomaly Detection
+
The identification of rare items, events, or observations which raise
suspicions by
differing significantly from the majority of the data.
🗺 Site Reliability Engineering (SRE)
+
#_ A discipline that incorporates aspects of software engineering and
applies them
to infrastructure and operations problems. The main goals are to create
scalable and
highly reliable software systems. SRE is a role that was originated at
Google to
bridge the gap between development and operations by applying a software
engineering
mindset to system administration topics. SREs use software as a tool to
manage
systems, solve problems, and automate operations tasks. #_ The core
principle of SRE
is to treat operations as if it's a software problem. They define a set of
work that
includes automation, continuous integration/delivery, ensuring reliability
and
uptime, and enforcing performance. They work closely with product teams to
advise on
the operability of systems, ensure they are prepared for new releases and
can scale
to the demands of the business.
🔄 Autoscaling
+
A cloud computing feature that automatically adds or removes compute
resources
depending upon actual usage.
🔑 SSH (Secure Shell)
+
A cryptographic network protocol for operating network services securely
over an
unsecured network.
🧪 Test-Driven Development (TDD)
+
A software development process that relies on the repetition of a very short
development cycle: requirements are turned into very specific test cases,
then the
code is improved so that the tests pass.
💡 Problem Solving
+
The process of finding solutions to difficult or complex issues.
💼 IT Service Management (ITSM)
+
The activities that are performed by an organization to design, plan,
deliver,
operate and control information technology (IT) services offered to
customers.
👀 Peer Reviews
+
The evaluation of work by one or more people with similar competencies who
are not
the people who produced the work.
📊 Data Analysis
+
The process of inspecting, cleansing, transforming, and modeling data with
the goal
of discovering useful information, informing conclusions, and supporting
decision-making.
UI Design
+
The process of making interfaces in software or computerized devices with a
focus on
looks or style.
🌐 Content Delivery Network (CDN)
+
A geographically distributed network of proxy servers and their data
centers. Visual
Regression Testing A form of regression testing that involves checking a
system's
graphical user interface (GUI) against previous versions.
🔄 Canary Deployment
+
A pattern for rolling out releases to a subset of users or servers.
📨 Messaging Systems
+
Communication systems for exchanging messages between distributed systems
(e.g.,
RabbitMQ, Apache Kafka).
🔐 OAuth
+
An open standard for access delegation, commonly used as a way for Internet
users to
grant websites or applications access to their information on other websites
but
without giving them the passwords.
👤 Identity and Access Management (IAM)
+
A framework of business processes, policies and technologies that
facilitates the
management of electronic or digital identities.
🗄 NoSQL Databases
+
Database systems designed to handle large volumes of data that do not fit
the
traditional relational model (e.g., MongoDB, Cassandra).
🏝 Serverless Functions
+
Also known as Functions as a Service (FaaS), these are a type of cloud
service that
allows you to execute specific functions in response to events (e.g., AWS
Lambda).
Hexagonal Architecture
+
Also known as Ports and Adapters, this is a design pattern that favors the
separation of concerns and loose coupling.
🔁 ETL (Extract, Transform, Load)
+
A data warehousing process that uses batch processing to help business users
analyze
and report on data relevant to their business focus.
📚 Data Warehousing
+
The process of constructing and using a data warehouse, which is a system
used for
reporting and data analysis.
📊 Big Data
+
Extremely large data sets that may be analyzed computationally to reveal
patterns,
trends, and associations, especially relating to human behavior and
interactions.
🌩 Edge Computing
+
A distributed computing paradigm that brings computation and data storage
closer to
the location where it is needed, to improve response times and save
bandwidth.
🔍 Log Analysis
+
The process of reviewing and evaluating log files from various sources to
identify
trends or potential security threats.
🎛 Dashboarding
+
The process of creating a visual representation of data, which can be used
to
analyze and make decisions.
🔑 Key Management
+
The administrative control of creating, distributing, using, storing, and
replacing
cryptographic keys in a cryptosystem.
🔍 A/B Testing
+
A randomized experiment with two variants, A and B, which are the control
and
variation in the controlled experiment.
🔒 HTTPS (HTTP Secure)
+
An extension of the Hypertext Transfer Protocol. It is used for secure
communication
over a computer network, and is widely used on the Internet.
🌐 Web Application Firewall (WAF)
+
A firewall that monitors, filters, or blocks data packets as they travel to
and from
a web application.
🔏 Single Sign-On (SSO)
+
An authentication scheme that allows a user to log in with a single ID and
password
to any of several related, yet independent, software systems.
🔁 Blue-Green Deployment
+
A release management strategy that reduces downtime and risk by running two
identical production environments called Blue and Green.
🌁 Fog Computing
+
A decentralized computing infrastructure in which data, compute, storage,
and
applications are distributed in the most logical, efficient place between
the data
source and the cloud.
⛓ Blockchain
+
#_ Blockchain is a type of distributed ledger technology that maintains a
growing
list of records, called blocks, that are linked using cryptography. Each
block
contains a cryptographic hash of the previous block, a timestamp, and
transaction
data. #_ The design of a blockchain is inherently resistant to data
modification.
Once recorded, the data in any given block cannot be altered retroactively
without
alteration of all subsequent blocks. This makes blockchain technology
suitable for
the recording of events, medical records, identity management, transaction
processing, and documenting provenance, among other things.
🚀 Progressive Delivery
+
A methodology that focuses on delivering new functionality gradually to
prevent
issues and minimize risk.
📝 RFC (Request for Comments)
+
A type of publication from the technology community that describes methods,
behaviors, research, or innovations applicable to the working of the
Internet and
Internet-connected systems.
🔗 REST (Representational State Transfer)
+
An architectural style for designing networked applications, often used in
web
services development.
🔑 Secrets Management
+
The process of managing digital authentication credentials like passwords,
keys, and
tokens.
🔐 HSM (Hardware Security Module)
+
A physical computing device that safeguards and manages digital keys,
performs
encryption and decryption functions for digital signatures, strong
authentication
and other cryptographic functions.
⛅ Cloud-native Technologies
+
Technologies that empower organizations to build and run scalable
applications in
modern, dynamic environments such as public, private, and hybrid clouds.
⚠ Vulnerability Scanning
+
The process of inspecting potential points of exploit on a computer or
network to
identify security holes.
🔗 Microservices
+
An architectural style that structures an application as a collection of
loosely
coupled services, which implement business capabilities. An open standard
(RFC 7519)
that defines a compact and self-contained way for securely transmitting
information
between parties as a JSON object.
🔬 Benchmarking
+
The practice of comparing business processes and performance metrics to
industry
bests and best practices from other companies.
🌉 Cross-Functional Collaboration
+
Collaboration between different functional areas within an organization to
achieve
common goals.
🔄 CI/CD
+
#Continuous Integration (CI): The practice of merging all developers'
working copies
to a shared mainline several times a day. #Continuous Deployment (CD): The
practice
of releasing every change to customers through an automated pipeline.
🏗 Infrastructure as Code (IaC)
+
The process of managing and provisioning computer data centers through
machine-readable definition files, rather than physical hardware
configuration or
interactive configuration tools.
📚 Version Control Systems
+
#Git: A distributed version control system for tracking changes in source
code
during software development. #Subversion: A centralized version control
system
characterized by its reliability as a safe haven for valuable data.
🔬 Test Automation
+
#_Test Automation involves the use of special software (separate from the
software
being tested) to control the execution of tests and the comparison of actual
outcomes with predicted outcomes. Automated testing can extend the depth and
scope
of tests to help improve software quality. #_It involves automating a manual
process
necessary for the testing phase of the software development lifecycle. These
tests
can include functionality testing, performance testing, regression testing,
and
more. #_The goal of test automation is to increase efficiency,
effectiveness, and
coverage of software testing with the least amount of human intervention. It
allows
for the repeated running of these tests, which would be otherwise difficult
to
perform manually. #_Test automation is a critical part of Continuous
Integration and
Continuous Deployment (CI/CD) practices, as it enables frequent and
consistent
testing to catch issues as early as possible.
⚙️ Configuration Management
+
The process of systematically handling changes to a system in a way that it
maintains integrity over time.
📦 Containerization
+
#Docker: An open-source platform that automates the deployment, scaling, and
management of applications. #Kubernetes: An open-source system for
automating
deployment, scaling, and management of containerized applications.
👀 Monitoring and Logging
+
The process of checking the status or progress of something over time and
maintaining an ordered record of events.
🧩 Microservices
+
An architectural style that structures an application as a collection of
services
that are highly maintainable and testable.
📊 DevOps Metrics
+
Key Performance Indicators (KPIs) used to evaluate the effectiveness of a
DevOps
team, like deployment frequency or mean time to recovery.
☁ Cloud Computing
+
#AWS: Amazon's cloud computing platform that provides a mix of
infrastructure as a
service (IaaS), platform as a service (PaaS), and packaged software as a
service
(SaaS) offerings. #Azure: Microsoft's public cloud computing platform. #GCP:
Google's suite of cloud computing services that runs on the same
infrastructure that
Google uses internally for its end-user products.
🔒 Security in DevOps (DevSecOps)
+
The philosophy of integrating security practices within the DevOps process.
🗃 GitOps
+
A way of implementing Continuous Deployment for cloud native applications,
using Git
as a 'single source of truth'.
🌍 Declarative System
+
In a declarative system, the desired system state is described in a file (or
set of
files), and it's the system's responsibility to achieve this state. This
contrasts
with an imperative system, where specific commands are executed to reach the
desired
state. GitOps relies on declarative specifications to manage system
configurations.
🔄 Convergence
+
In the context of GitOps, convergence refers to the process of the system
moving
towards the desired state, as described in the Git repository. When changes
are made
to the repository, automated processes reconcile the current system state
with the
desired state.
🔁 Reconciliation Loops
+
In GitOps, reconciliation loops are the continuous cycles of checking the
current
system state and applying changes to converge towards the desired state.
These are
often managed by Kubernetes operators or controllers.
💼 Configuration Drift
+
Configuration drift refers to the phenomenon where environments become
inconsistent
over time due to manual changes or updates. GitOps helps to avoid this by
ensuring
all changes are made in the Git repository and automatically applied to the
system.
💻 Infrastructure as Code (IaC)
+
While this isn't exclusive to GitOps, IaC is a key component of the GitOps
approach.
Infrastructure as Code involves managing and provisioning computing
resources
through machine-readable definition files, rather than manual hardware
configuration
or interactive configuration tools. In GitOps, all changes to the system are
made
through the Git repository. This provides a clear audit trail of all
changes,
supports easy rollbacks, and ensures all changes are reviewed and approved
before
being applied to the system.
🚀 Canary Deployments
+
Canary deployments involve releasing new versions of a service to a small
subset of
users before rolling it out to all users. This approach, often used in
conjunction
with GitOps, allows teams to test and monitor the new version in a live
environment
with real users, reducing the risk of a full-scale deployment.
🚫💻 Serverless Architecture
+
A software design pattern where applications are hosted by a third-party
service,
eliminating the need for server software and hardware management. Agile
Methodology
An approach to project management, used in software development, that helps
teams
respond to the unpredictability of building software through incremental,
iterative
work cadences, known as sprints. IT Operations The set of all processes and
services
that are both provisioned by an IT staff to their internal or external
clients and
used by themselves.
📜 Scripting & Automation
+
The ability to write scripts in languages like Bash and Python to automate
repetitive tasks.
🔨 Build Tools
+
Tools that automate the creation of executable applications from source code
(e.g.,
Maven, Gradle, and Ant). Understanding the basics of networking is crucial
for
creating and managing applications in the Cloud.
⏱ Performance Testing
+
Testing conducted to determine how a system performs in terms of
responsiveness and
stability under a particular workload.
🔁 Load Balancing
+
The process of distributing network traffic across multiple servers to
ensure no
single server bears too much demand.
💻 Virtualization
+
The process of creating a virtual version of something, including virtual
computer
hardware systems, storage devices, and computer network resources.
🌍 Web Services
+
Services used by the network to send and receive data (e.g., REST and SOAP).
💾 Database Management
+
Understanding databases, their management, and their interaction with
applications
is a key skill (e.g., MySQL, PostgreSQL, MongoDB).
📈 Scalability
+
The capability of a system to grow and manage increased demand.
🔥 Disaster Recovery
+
The area of security planning that deals with protecting an organization
from the
effects of significant negative events.
🛡 Incident Management
+
The process to identify, analyze, and correct hazards to prevent a future
re-occurrence. The process of managing the incoming and outgoing network
traffic.
⚖ Capacity Planning
+
The process of determining the production capacity needed by an organization
to meet
changing demands for its products.
📝 Documentation
+
Creating high-quality documentation is a key skill for any DevOps engineer.
🧪 Chaos Engineering
+
The discipline of experimenting on a system to build confidence in the
system's
capability to withstand turbulent conditions in production.
🔐 Access Management
+
The process of granting authorized users the right to use a service, while
preventing access to non-authorized users.
🔗 API Management
+
The process of creating, publishing, documenting, and overseeing APIs in a
secure
and scalable environment.
🧱 Architecture Design
+
The practice of designing the overall architecture of a software system.
🏷 Tagging Strategy
+
A strategy for tagging resources in cloud environments to keep track of
ownership
and costs.
🔍 Observability
+
The ability to infer the internal states of a system based on the outputs it
produces. A storage space for binary and source code artifacts (e.g., JFrog
Artifactory).
🧰 Toolchain Management
+
The process of selecting, integrating, and managing the right set of tools
to
support collaborative development, build, test, and release.
📟 On-call Duty
+
The responsibility of engineers to be available to troubleshoot and resolve
issues
that arise in a production environment.
🎛 Feature Toggles
+
A technique that allows teams to modify system behavior without changing
code.
📑 License Management
+
The process of managing and optimizing the purchase, deployment,
maintenance,
utilization, and disposal of software applications within an organization.
🐳 Docker Images
+
Docker images are lightweight, stand-alone, executable packages that include
everything needed to run a piece of software.
🔄 Kubernetes Pods
+
A pod is the smallest and simplest unit in the Kubernetes object model that
you
create or deploy.
🚀 Deployment Strategies
+
Techniques for updating applications, such as rolling updates, blue/green
deployments, or canary releases.
⚙ YAML, JSON
+
These are data serialization languages often used for configuration files
and in
applications where data is being stored or transmitted. A software emulation
of a
physical computer, running an operating system and applications just like a
physical
computer.
💽 Disk Imaging
+
The process of copying the contents of a computer hard disk into a data file
or disk
image.
📚 Knowledge Sharing
+
A key aspect of DevOps culture, involving the sharing of knowledge and best
practices across the organization.
🌐 Cloud Services Models
+
Different models of cloud services, including IaaS, PaaS, and SaaS.
💤 Idle Process Management
+
The management and removal of idle processes to free up resources.
🕸 Service Mesh
+
A dedicated infrastructure layer for handling service-to-service
communication,
often used in microservices architecture.
💼 Project Management Tools
+
Tools used for project management, like Jira, Trello, or Asana.
📡 Proxy Servers
+
Servers that act as intermediaries for requests from clients seeking
resources from
other servers.
🌁 Cloud Migration
+
The process of moving data, applications, and other business elements from
an
organization's onsite computers to the cloud.
Hybrid Cloud
+
A cloud computing environment that uses a mix of on-premises, private cloud,
and
third-party, public cloud services with orchestration between the two
platforms.
☸ Helm in Kubernetes
+
Helm is a package manager for Kubernetes that allows developers and
operators to
more easily package, configure, and deploy applications and services onto
Kubernetes
clusters.
🔒 Secure Sockets Layer (SSL)
+
A standard security technology for establishing an encrypted link between a
server
and a client.
👥 User Experience (UX)
+
The process of creating products that provide meaningful and relevant
experiences to
users.
🔄 Reverse Proxy
+
A type of proxy server that retrieves resources on behalf of a client from
one or
more servers.
👾 Anomaly Detection
+
The identification of rare items, events, or observations which raise
suspicions by
differing significantly from the majority of the data.
🗺 Site Reliability Engineering (SRE)
+
#_ A discipline that incorporates aspects of software engineering and
applies them
to infrastructure and operations problems. The main goals are to create
scalable and
highly reliable software systems. SRE is a role that was originated at
Google to
bridge the gap between development and operations by applying a software
engineering
mindset to system administration topics. SREs use software as a tool to
manage
systems, solve problems, and automate operations tasks. #_ The core
principle of SRE
is to treat operations as if it's a software problem. They define a set of
work that
includes automation, continuous integration/delivery, ensuring reliability
and
uptime, and enforcing performance. They work closely with product teams to
advise on
the operability of systems, ensure they are prepared for new releases and
can scale
to the demands of the business.
🔄 Autoscaling
+
A cloud computing feature that automatically adds or removes compute
resources
depending upon actual usage.
🔑 SSH (Secure Shell)
+
A cryptographic network protocol for operating network services securely
over an
unsecured network.
🧪 Test-Driven Development (TDD)
+
A software development process that relies on the repetition of a very short
development cycle: requirements are turned into very specific test cases,
then the
code is improved so that the tests pass.
💡 Problem Solving
+
The process of finding solutions to difficult or complex issues.
💼 IT Service Management (ITSM)
+
The activities that are performed by an organization to design, plan,
deliver,
operate and control information technology (IT) services offered to
customers.
👀 Peer Reviews
+
The evaluation of work by one or more people with similar competencies who
are not
the people who produced the work.
📊 Data Analysis
+
The process of inspecting, cleansing, transforming, and modeling data with
the goal
of discovering useful information, informing conclusions, and supporting
decision-making.
UI Design
+
The process of making interfaces in software or computerized devices with a
focus on
looks or style.
🌐 Content Delivery Network (CDN)
+
A geographically distributed network of proxy servers and their data
centers. Visual
Regression Testing A form of regression testing that involves checking a
system's
graphical user interface (GUI) against previous versions.
🔄 Canary Deployment
+
A pattern for rolling out releases to a subset of users or servers.
📨 Messaging Systems
+
Communication systems for exchanging messages between distributed systems
(e.g.,
RabbitMQ, Apache Kafka).
🔐 OAuth
+
An open standard for access delegation, commonly used as a way for Internet
users to
grant websites or applications access to their information on other websites
but
without giving them the passwords.
👤 Identity and Access Management (IAM)
+
A framework of business processes, policies and technologies that
facilitates the
management of electronic or digital identities.
🗄 NoSQL Databases
+
Database systems designed to handle large volumes of data that do not fit
the
traditional relational model (e.g., MongoDB, Cassandra).
🏝 Serverless Functions
+
Also known as Functions as a Service (FaaS), these are a type of cloud
service that
allows you to execute specific functions in response to events (e.g., AWS
Lambda).
Hexagonal Architecture
+
Also known as Ports and Adapters, this is a design pattern that favors the
separation of concerns and loose coupling.
🔁 ETL (Extract, Transform, Load)
+
A data warehousing process that uses batch processing to help business users
analyze
and report on data relevant to their business focus.
📚 Data Warehousing
+
The process of constructing and using a data warehouse, which is a system
used for
reporting and data analysis.
📊 Big Data
+
Extremely large data sets that may be analyzed computationally to reveal
patterns,
trends, and associations, especially relating to human behavior and
interactions.
🌩 Edge Computing
+
A distributed computing paradigm that brings computation and data storage
closer to
the location where it is needed, to improve response times and save
bandwidth.
🔍 Log Analysis
+
The process of reviewing and evaluating log files from various sources to
identify
trends or potential security threats.
🎛 Dashboarding
+
The process of creating a visual representation of data, which can be used
to
analyze and make decisions.
🔑 Key Management
+
The administrative control of creating, distributing, using, storing, and
replacing
cryptographic keys in a cryptosystem.
🔍 A/B Testing
+
A randomized experiment with two variants, A and B, which are the control
and
variation in the controlled experiment.
🔒 HTTPS (HTTP Secure)
+
An extension of the Hypertext Transfer Protocol. It is used for secure
communication
over a computer network, and is widely used on the Internet.
🌐 Web Application Firewall (WAF)
+
A firewall that monitors, filters, or blocks data packets as they travel to
and from
a web application.
🔏 Single Sign-On (SSO)
+
An authentication scheme that allows a user to log in with a single ID and
password
to any of several related, yet independent, software systems.
🔁 Blue-Green Deployment
+
A release management strategy that reduces downtime and risk by running two
identical production environments called Blue and Green.
🌁 Fog Computing
+
A decentralized computing infrastructure in which data, compute, storage,
and
applications are distributed in the most logical, efficient place between
the data
source and the cloud.
⛓ Blockchain
+
#_ Blockchain is a type of distributed ledger technology that maintains a
growing
list of records, called blocks, that are linked using cryptography. Each
block
contains a cryptographic hash of the previous block, a timestamp, and
transaction
data. #_ The design of a blockchain is inherently resistant to data
modification.
Once recorded, the data in any given block cannot be altered retroactively
without
alteration of all subsequent blocks. This makes blockchain technology
suitable for
the recording of events, medical records, identity management, transaction
processing, and documenting provenance, among other things.
🚀 Progressive Delivery
+
A methodology that focuses on delivering new functionality gradually to
prevent
issues and minimize risk.
📝 RFC (Request for Comments)
+
A type of publication from the technology community that describes methods,
behaviors, research, or innovations applicable to the working of the
Internet and
Internet-connected systems.
🔗 REST (Representational State Transfer)
+
An architectural style for designing networked applications, often used in
web
services development.
🔑 Secrets Management
+
The process of managing digital authentication credentials like passwords,
keys, and
tokens.
🔐 HSM (Hardware Security Module)
+
A physical computing device that safeguards and manages digital keys,
performs
encryption and decryption functions for digital signatures, strong
authentication
and other cryptographic functions.
⛅ Cloud-native Technologies
+
Technologies that empower organizations to build and run scalable
applications in
modern, dynamic environments such as public, private, and hybrid clouds.
⚠ Vulnerability Scanning
+
The process of inspecting potential points of exploit on a computer or
network to
identify security holes.
🔗 Microservices
+
An architectural style that structures an application as a collection of
loosely
coupled services, which implement business capabilities. An open standard
(RFC 7519)
that defines a compact and self-contained way for securely transmitting
information
between parties as a JSON object.
🔬 Benchmarking
+
The practice of comparing business processes and performance metrics to
industry
bests and best practices from other companies.
🌉 Cross-Functional Collaboration
+
Collaboration between different functional areas within an organization to
achieve
common goals.
🔄 CI/CD
+
#Continuous Integration (CI): The practice of merging all developers'
working copies
to a shared mainline several times a day.
🏗 Infrastructure as Code (IaC)
+
The process of managing and provisioning computer data centers through
machine-readable definition files, rather than physical hardware
configuration or
interactive configuration tools.
📚 Version Control Systems
+
#Git: A distributed version control system for tracking changes in source
code
during software development.
🔬 Test Automation
+
#_Test Automation involves the use of special software (separate from the
software
being tested) to control the execution of tests and the comparison of actual
outcomes with predicted outcomes. Automated testing can extend the depth and
scope
of tests to help improve software quality.
📦 Containerization
+
#Docker: An open-source platform that automates the deployment, scaling, and
management of applications.
👀 Monitoring and Logging
+
The process of checking the status or progress of something over time and
🧩 Microservices
+
An architectural style that structures an application as a collection of
📊 DevOps Metrics
+
Key Performance Indicators (KPIs) used to evaluate the effectiveness of a
🔒 Security in DevOps (DevSecOps)
+
The philosophy of integrating security practices within the DevOps process.
🗃 GitOps
+
A way of implementing Continuous Deployment for cloud native applications,
🌍 Declarative System
+
In a declarative system, the desired system state is described in a file (or
set of
files), and it's the system's responsibility to achieve this state.
🔄 Convergence
+
In the context of GitOps, convergence refers to the process of the system
moving
towards the desired state, as described in the Git repository. When changes
are made
to the repository, automated processes reconcile the current system state
with the
desired state.
🔁 Reconciliation Loops
+
In GitOps, reconciliation loops are the continuous cycles of checking the
current
system state and applying changes to converge towards the desired state.
These are
often managed by Kubernetes operators or controllers.
💼 Configuration Drift
+
Configuration drift refers to the phenomenon where environments become
inconsistent
over time due to manual changes or updates. GitOps helps to avoid this by
ensuring
all changes are made in the Git repository and automatically applied to the
system.
💻 Infrastructure as Code (IaC)
+
While this isn't exclusive to GitOps, IaC is a key component of the GitOps
approach.
Infrastructure as Code involves managing and provisioning computing
resources
through machine-readable definition files, rather than manual hardware
configuration
or interactive configuration tools.
🚀 Canary Deployments
+
Canary deployments involve releasing new versions of a service to a small
subset of
users before rolling it out to all users. This approach, often used in
conjunction
with GitOps, allows teams to test and monitor the new version in a live
environment
with real users, reducing the risk of a full-scale deployment.
🚫💻 Serverless Architecture
+
A software design pattern where applications are hosted by a third-party
service,
eliminating the need for server software and hardware management.
📜 Scripting & Automation
+
The ability to write scripts in languages like Bash and Python to automate
repetitive tasks.
🔨 Build Tools
+
Tools that automate the creation of executable applications from source code
(e.g.,
Maven, Gradle, and Ant).
🔁 Load Balancing
+
The process of distributing network traffic across multiple servers to
ensure no
single server bears too much demand.
💻 Virtualization
+
The process of creating a virtual version of something, including virtual
computer
hardware systems, storage devices, and computer network resources.
🌍 Web Services
+
Services used by the network to send and receive data (e.g., REST and SOAP).
💾 Database Management
+
Understanding databases, their management, and their interaction with
applications
is a key skill (e.g., MySQL, PostgreSQL, MongoDB).
📈 Scalability
+
The capability of a system to grow and manage increased demand.
🔥 Disaster Recovery
+
The area of security planning that deals with protecting an organization
from
🛡 Incident Management
+
The process to identify, analyze, and correct hazards to prevent a future
re-occurrence.
📝 Documentation
+
Creating high-quality documentation is a key skill for any DevOps engineer.
🧪 Chaos Engineering
+
The discipline of experimenting on a system to build confidence in the
🔐 Access Management
+
The process of granting authorized users the right to use a service, while
🔗 API Management
+
The process of creating, publishing, documenting, and overseeing APIs in a
🧱 Architecture Design
+
The practice of designing the overall architecture of a software system.
🏷 Tagging Strategy
+
A strategy for tagging resources in cloud environments to keep track of
🔍 Observability
+
The ability to infer the internal states of a system based on the outputs it
produces.
🧰 Toolchain Management
+
The process of selecting, integrating, and managing the right set of tools
to
support collaborative development, build, test, and release.
📟 On-call Duty
+
The responsibility of engineers to be available to troubleshoot and resolve
issues
that arise in a production environment.
🎛 Feature Toggles
+
A technique that allows teams to modify system behavior without changing
code.
📑 License Management
+
The process of managing and optimizing the purchase, deployment,
maintenance,
utilization, and disposal of software applications within an organization.
🐳 Docker Images
+
Docker images are lightweight, stand-alone, executable packages that include
everything needed to run a piece of software.
🔄 Kubernetes Pods
+
A pod is the smallest and simplest unit in the Kubernetes object model that
you
create or deploy.
🚀 Deployment Strategies
+
Techniques for updating applications, such as rolling updates, blue/green
deployments, or canary releases.
💽 Disk Imaging
+
The process of copying the contents of a computer hard disk into a data file
📚 Knowledge Sharing
+
A key aspect of DevOps culture, involving the sharing of knowledge and best
practices across the organization.
🌐 Cloud Services Models
+
Different models of cloud services, including IaaS, PaaS, and SaaS.
💤 Idle Process Management
+
The management and removal of idle processes to free up resources.
🕸 Service Mesh
+
A dedicated infrastructure layer for handling service-to-service
communication,
often used in microservices architecture.
💼 Project Management Tools
+
Tools used for project management, like Jira, Trello, or Asana.
📡 Proxy Servers
+
Servers that act as intermediaries for requests from clients seeking
resources from
other servers.
🌁 Cloud Migration
+
The process of moving data, applications, and other business elements from
an
🔒 Secure Sockets Layer (SSL)
+
A standard security technology for establishing an encrypted link between a
server
and a client.
👥 User Experience (UX)
+
The process of creating products that provide meaningful and relevant
experiences to
users.
🔄 Reverse Proxy
+
A type of proxy server that retrieves resources on behalf of a client from
👾 Anomaly Detection
+
The identification of rare items, events, or observations which raise
suspicions by
differing significantly from the majority of the data.
🗺 Site Reliability Engineering (SRE)
+
#_ A discipline that incorporates aspects of software engineering and
applies them
to infrastructure and operations problems. The main goals are to create
scalable and
highly reliable software systems. SRE is a role that was originated at
Google to
bridge the gap between development and operations by applying a software
engineering
mindset to system administration topics. SREs use software as a tool to
manage
systems, solve problems, and automate operations tasks.
🔄 Autoscaling
+
A cloud computing feature that automatically adds or removes compute
resources
depending upon actual usage.
🔑 SSH (Secure Shell)
+
A cryptographic network protocol for operating network services securely
over an
unsecured network.
🧪 Test-Driven Development (TDD)
+
A software development process that relies on the repetition of a very short
development cycle: requirements are turned into very specific test cases,
then the
code is improved so that the tests pass.
💡 Problem Solving
+
The process of finding solutions to difficult or complex issues.
💼 IT Service Management (ITSM)
+
The activities that are performed by an organization to design, plan,
deliver,
operate and control information technology (IT) services offered to
customers.
👀 Peer Reviews
+
The evaluation of work by one or more people with similar competencies who
are not
the people who produced the work.
📊 Data Analysis
+
The process of inspecting, cleansing, transforming, and modeling data with
the goal
of discovering useful information, informing conclusions, and supporting
decision-making.
🌐 Content Delivery Network (CDN)
+
A geographically distributed network of proxy servers and their data
centers.
🔄 Canary Deployment
+
A pattern for rolling out releases to a subset of users or servers.
📨 Messaging Systems
+
Communication systems for exchanging messages between distributed systems
(e.g.,
RabbitMQ, Apache Kafka).
🔐 OAuth
+
An open standard for access delegation, commonly used as a way for Internet
users to
grant websites or applications access to their information on other websites
but
without giving them the passwords.
👤 Identity and Access Management (IAM)
+
A framework of business processes, policies and technologies that
facilitates
🗄 NoSQL Databases
+
Database systems designed to handle large volumes of data that do not fit
the
traditional relational model (e.g., MongoDB, Cassandra).
🏝 Serverless Functions
+
Also known as Functions as a Service (FaaS), these are a type of cloud
service that
allows you to execute specific functions in response to events (e.g., AWS
Lambda).
🔁 ETL (Extract, Transform, Load)
+
A data warehousing process that uses batch processing to help business users
analyze
and report on data relevant to their business focus.
📚 Data Warehousing
+
The process of constructing and using a data warehouse, which is a system
used for
reporting and data analysis.
📊 Big Data
+
Extremely large data sets that may be analyzed computationally to reveal
patterns,
trends, and associations, especially relating to human behavior and
interactions.
🌩 Edge Computing
+
A distributed computing paradigm that brings computation and data storage
closer to
the location where it is needed, to improve response times and save
bandwidth.
🔍 Log Analysis
+
The process of reviewing and evaluating log files from various sources to
identify
trends or potential security threats.
🎛 Dashboarding
+
The process of creating a visual representation of data, which can be used
to
analyze and make decisions.
🔑 Key Management
+
The administrative control of creating, distributing, using, storing, and
🔒 HTTPS (HTTP Secure)
+
An extension of the Hypertext Transfer Protocol. It is used for secure
communication
over a computer network, and is widely used on the Internet.
🌐 Web Application Firewall (WAF)
+
A firewall that monitors, filters, or blocks data packets as they travel to
and from
a web application.
🔏 Single Sign-On (SSO)
+
An authentication scheme that allows a user to log in with a single ID and
🔁 Blue-Green Deployment
+
A release management strategy that reduces downtime and risk by running two
identical production environments called Blue and Green.
🌁 Fog Computing
+
A decentralized computing infrastructure in which data, compute, storage,
and
applications are distributed in the most logical, efficient place between
the data
source and the cloud.
📝 RFC (Request for Comments)
+
A type of publication from the technology community that describes methods,
behaviors, research, or innovations applicable to the working of the
Internet and
Internet-connected systems.
🔗 REST (Representational State Transfer)
+
An architectural style for designing networked applications, often used in
🔑 Secrets Management
+
The process of managing digital authentication credentials like passwords,
keys, and
tokens.
🔐 HSM (Hardware Security Module)
+
A physical computing device that safeguards and manages digital keys,
performs
encryption and decryption functions for digital signatures, strong
authentication
and other cryptographic functions.
🔗 Microservices
+
An architectural style that structures an application as a collection of
🔬 Benchmarking
+
The practice of comparing business processes and performance metrics to
🌉 Cross-Functional Collaboration
+
Collaboration between different functional areas within an organization to
achieve
common goals.
🔄 CI/CD
+
#Continuous Integration (CI): The practice of merging all developers'
working copies
to a shared mainline several times a day. #Continuous Deployment (CD): The
practice
of releasing every change to customers through an automated pipeline.
🏗 Infrastructure as Code (IaC)
+
The process of managing and provisioning computer data centers through
machine-readable definition files, rather than physical hardware
configuration or
interactive configuration tools.
📚 Version Control Systems
+
#Git: A distributed version control system for tracking changes in source
code
during software development. #Subversion: A centralized version control
system
characterized by its reliability as a safe haven for valuable data.
🔬 Test Automation
+
#_Test Automation involves the use of special software (separate from the
software
being tested) to control the execution of tests and the comparison of actual
outcomes with predicted outcomes. Automated testing can extend the depth and
scope
of tests to help improve software quality. #_It involves automating a manual
process
necessary for the testing phase of the software development lifecycle. These
tests
can include functionality testing, performance testing, regression testing,
and
more. #_The goal of test automation is to increase efficiency,
effectiveness, and
coverage of software testing with the least amount of human intervention. It
allows
for the repeated running of these tests, which would be otherwise difficult
to
perform manually. #_Test automation is a critical part of Continuous
Integration and
Continuous Deployment (CI/CD) practices, as it enables frequent and
consistent
testing to catch issues as early as possible.
⚙️ Configuration Management
+
The process of systematically handling changes to a system in a way that it
maintains integrity over time.
📦 Containerization
+
#Docker: An open-source platform that automates the deployment, scaling, and
management of applications. #Kubernetes: An open-source system for
automating
deployment, scaling, and management of containerized applications.
👀 Monitoring and Logging
+
The process of checking the status or progress of something over time and
maintaining an ordered record of events.
🧩 Microservices
+
An architectural style that structures an application as a collection of
services
that are highly maintainable and testable.
📊 DevOps Metrics
+
Key Performance Indicators (KPIs) used to evaluate the effectiveness of a
DevOps
team, like deployment frequency or mean time to recovery.
☁ Cloud Computing
+
#AWS: Amazon's cloud computing platform that provides a mix of
infrastructure as a
service (IaaS), platform as a service (PaaS), and packaged software as a
service
(SaaS) offerings. #Azure: Microsoft's public cloud computing platform. #GCP:
Google's suite of cloud computing services that runs on the same
infrastructure that
Google uses internally for its end-user products.
🔒 Security in DevOps (DevSecOps)
+
The philosophy of integrating security practices within the DevOps process.
🗃 GitOps
+
A way of implementing Continuous Deployment for cloud native applications,
using Git
as a 'single source of truth'.
🌍 Declarative System
+
In a declarative system, the desired system state is described in a file (or
set of
files), and it's the system's responsibility to achieve this state. This
contrasts
with an imperative system, where specific commands are executed to reach the
desired
state. GitOps relies on declarative specifications to manage system
configurations.
🔄 Convergence
+
In the context of GitOps, convergence refers to the process of the system
moving
towards the desired state, as described in the Git repository. When changes
are made
to the repository, automated processes reconcile the current system state
with the
desired state.
🔁 Reconciliation Loops
+
In GitOps, reconciliation loops are the continuous cycles of checking the
current
system state and applying changes to converge towards the desired state.
These are
often managed by Kubernetes operators or controllers.
💼 Configuration Drift
+
Configuration drift refers to the phenomenon where environments become
inconsistent
over time due to manual changes or updates. GitOps helps to avoid this by
ensuring
all changes are made in the Git repository and automatically applied to the
system.
💻 Infrastructure as Code (IaC)
+
While this isn't exclusive to GitOps, IaC is a key component of the GitOps
approach.
Infrastructure as Code involves managing and provisioning computing
resources
through machine-readable definition files, rather than manual hardware
configuration
or interactive configuration tools. In GitOps, all changes to the system are
made
through the Git repository. This provides a clear audit trail of all
changes,
supports easy rollbacks, and ensures all changes are reviewed and approved
before
being applied to the system.
🚀 Canary Deployments
+
Canary deployments involve releasing new versions of a service to a small
subset of
users before rolling it out to all users. This approach, often used in
conjunction
with GitOps, allows teams to test and monitor the new version in a live
environment
with real users, reducing the risk of a full-scale deployment.
🚫💻 Serverless Architecture
+
A software design pattern where applications are hosted by a third-party
service,
eliminating the need for server software and hardware management. Agile
Methodology
An approach to project management, used in software development, that helps
teams
respond to the unpredictability of building software through incremental,
iterative
work cadences, known as sprints. IT Operations The set of all processes and
services
that are both provisioned by an IT staff to their internal or external
clients and
used by themselves.
📜 Scripting & Automation
+
The ability to write scripts in languages like Bash and Python to automate
repetitive tasks.
🔨 Build Tools
+
Tools that automate the creation of executable applications from source code
(e.g.,
Maven, Gradle, and Ant). Understanding the basics of networking is crucial
for
creating and managing applications in the Cloud.
⏱ Performance Testing
+
Testing conducted to determine how a system performs in terms of
responsiveness and
stability under a particular workload.
🔁 Load Balancing
+
The process of distributing network traffic across multiple servers to
ensure no
single server bears too much demand.
💻 Virtualization
+
The process of creating a virtual version of something, including virtual
computer
hardware systems, storage devices, and computer network resources.
🌍 Web Services
+
Services used by the network to send and receive data (e.g., REST and SOAP).
💾 Database Management
+
Understanding databases, their management, and their interaction with
applications
is a key skill (e.g., MySQL, PostgreSQL, MongoDB).
📈 Scalability
+
The capability of a system to grow and manage increased demand.
🔥 Disaster Recovery
+
The area of security planning that deals with protecting an organization
from the
effects of significant negative events.
🛡 Incident Management
+
The process to identify, analyze, and correct hazards to prevent a future
re-occurrence. The process of managing the incoming and outgoing network
traffic.
⚖ Capacity Planning
+
The process of determining the production capacity needed by an organization
to meet
changing demands for its products.
📝 Documentation
+
Creating high-quality documentation is a key skill for any DevOps engineer.
🧪 Chaos Engineering
+
The discipline of experimenting on a system to build confidence in the
system's
capability to withstand turbulent conditions in production.
🔐 Access Management
+
The process of granting authorized users the right to use a service, while
preventing access to non-authorized users.
🔗 API Management
+
The process of creating, publishing, documenting, and overseeing APIs in a
secure
and scalable environment.
🧱 Architecture Design
+
The practice of designing the overall architecture of a software system.
🏷 Tagging Strategy
+
A strategy for tagging resources in cloud environments to keep track of
ownership
and costs.
🔍 Observability
+
The ability to infer the internal states of a system based on the outputs it
produces. A storage space for binary and source code artifacts (e.g., JFrog
Artifactory).
🧰 Toolchain Management
+
The process of selecting, integrating, and managing the right set of tools
to
support collaborative development, build, test, and release.
📟 On-call Duty
+
The responsibility of engineers to be available to troubleshoot and resolve
issues
that arise in a production environment.
🎛 Feature Toggles
+
A technique that allows teams to modify system behavior without changing
code.
📑 License Management
+
The process of managing and optimizing the purchase, deployment,
maintenance,
utilization, and disposal of software applications within an organization.
🐳 Docker Images
+
Docker images are lightweight, stand-alone, executable packages that include
everything needed to run a piece of software.
🔄 Kubernetes Pods
+
A pod is the smallest and simplest unit in the Kubernetes object model that
you
create or deploy.
🚀 Deployment Strategies
+
Techniques for updating applications, such as rolling updates, blue/green
deployments, or canary releases.
⚙ YAML, JSON
+
These are data serialization languages often used for configuration files
and in
applications where data is being stored or transmitted. A software emulation
of a
physical computer, running an operating system and applications just like a
physical
computer.
💽 Disk Imaging
+
The process of copying the contents of a computer hard disk into a data file
or disk
image.
📚 Knowledge Sharing
+
A key aspect of DevOps culture, involving the sharing of knowledge and best
practices across the organization.
🌐 Cloud Services Models
+
Different models of cloud services, including IaaS, PaaS, and SaaS.
💤 Idle Process Management
+
The management and removal of idle processes to free up resources.
🕸 Service Mesh
+
A dedicated infrastructure layer for handling service-to-service
communication,
often used in microservices architecture.
💼 Project Management Tools
+
Tools used for project management, like Jira, Trello, or Asana.
📡 Proxy Servers
+
Servers that act as intermediaries for requests from clients seeking
resources from
other servers.
🌁 Cloud Migration
+
The process of moving data, applications, and other business elements from
an
organization's onsite computers to the cloud.
Hybrid Cloud
+
A cloud computing environment that uses a mix of on-premises, private cloud,
and
third-party, public cloud services with orchestration between the two
platforms.
☸ Helm in Kubernetes
+
Helm is a package manager for Kubernetes that allows developers and
operators to
more easily package, configure, and deploy applications and services onto
Kubernetes
clusters.
🔒 Secure Sockets Layer (SSL)
+
A standard security technology for establishing an encrypted link between a
server
and a client.
👥 User Experience (UX)
+
The process of creating products that provide meaningful and relevant
experiences to
users.
🔄 Reverse Proxy
+
A type of proxy server that retrieves resources on behalf of a client from
one or
more servers.
👾 Anomaly Detection
+
The identification of rare items, events, or observations which raise
suspicions by
differing significantly from the majority of the data.
🗺 Site Reliability Engineering (SRE)
+
#_ A discipline that incorporates aspects of software engineering and
applies them
to infrastructure and operations problems. The main goals are to create
scalable and
highly reliable software systems. SRE is a role that was originated at
Google to
bridge the gap between development and operations by applying a software
engineering
mindset to system administration topics. SREs use software as a tool to
manage
systems, solve problems, and automate operations tasks. #_ The core
principle of SRE
is to treat operations as if it's a software problem. They define a set of
work that
includes automation, continuous integration/delivery, ensuring reliability
and
uptime, and enforcing performance. They work closely with product teams to
advise on
the operability of systems, ensure they are prepared for new releases and
can scale
to the demands of the business.
🔄 Autoscaling
+
A cloud computing feature that automatically adds or removes compute
resources
depending upon actual usage.
🔑 SSH (Secure Shell)
+
A cryptographic network protocol for operating network services securely
over an
unsecured network.
🧪 Test-Driven Development (TDD)
+
A software development process that relies on the repetition of a very short
development cycle: requirements are turned into very specific test cases,
then the
code is improved so that the tests pass.
💡 Problem Solving
+
The process of finding solutions to difficult or complex issues.
💼 IT Service Management (ITSM)
+
The activities that are performed by an organization to design, plan,
deliver,
operate and control information technology (IT) services offered to
customers.
👀 Peer Reviews
+
The evaluation of work by one or more people with similar competencies who
are not
the people who produced the work.
📊 Data Analysis
+
The process of inspecting, cleansing, transforming, and modeling data with
the goal
of discovering useful information, informing conclusions, and supporting
decision-making.
UI Design
+
The process of making interfaces in software or computerized devices with a
focus on
looks or style.
🌐 Content Delivery Network (CDN)
+
A geographically distributed network of proxy servers and their data
centers. Visual
Regression Testing A form of regression testing that involves checking a
system's
graphical user interface (GUI) against previous versions.
🔄 Canary Deployment
+
A pattern for rolling out releases to a subset of users or servers.
📨 Messaging Systems
+
Communication systems for exchanging messages between distributed systems
(e.g.,
RabbitMQ, Apache Kafka).
🔐 OAuth
+
An open standard for access delegation, commonly used as a way for Internet
users to
grant websites or applications access to their information on other websites
but
without giving them the passwords.
👤 Identity and Access Management (IAM)
+
A framework of business processes, policies and technologies that
facilitates the
management of electronic or digital identities.
🗄 NoSQL Databases
+
Database systems designed to handle large volumes of data that do not fit
the
traditional relational model (e.g., MongoDB, Cassandra).
🏝 Serverless Functions
+
Also known as Functions as a Service (FaaS), these are a type of cloud
service that
allows you to execute specific functions in response to events (e.g., AWS
Lambda).
Hexagonal Architecture
+
Also known as Ports and Adapters, this is a design pattern that favors the
separation of concerns and loose coupling.
🔁 ETL (Extract, Transform, Load)
+
A data warehousing process that uses batch processing to help business users
analyze
and report on data relevant to their business focus.
📚 Data Warehousing
+
The process of constructing and using a data warehouse, which is a system
used for
reporting and data analysis.
📊 Big Data
+
Extremely large data sets that may be analyzed computationally to reveal
patterns,
trends, and associations, especially relating to human behavior and
interactions.
🌩 Edge Computing
+
A distributed computing paradigm that brings computation and data storage
closer to
the location where it is needed, to improve response times and save
bandwidth.
🔍 Log Analysis
+
The process of reviewing and evaluating log files from various sources to
identify
trends or potential security threats.
🎛 Dashboarding
+
The process of creating a visual representation of data, which can be used
to
analyze and make decisions.
🔑 Key Management
+
The administrative control of creating, distributing, using, storing, and
replacing
cryptographic keys in a cryptosystem.
🔍 A/B Testing
+
A randomized experiment with two variants, A and B, which are the control
and
variation in the controlled experiment.
🔒 HTTPS (HTTP Secure)
+
An extension of the Hypertext Transfer Protocol. It is used for secure
communication
over a computer network, and is widely used on the Internet.
🌐 Web Application Firewall (WAF)
+
A firewall that monitors, filters, or blocks data packets as they travel to
and from
a web application.
🔏 Single Sign-On (SSO)
+
An authentication scheme that allows a user to log in with a single ID and
password
to any of several related, yet independent, software systems.
🔁 Blue-Green Deployment
+
A release management strategy that reduces downtime and risk by running two
identical production environments called Blue and Green.
🌁 Fog Computing
+
A decentralized computing infrastructure in which data, compute, storage,
and
applications are distributed in the most logical, efficient place between
the data
source and the cloud.
⛓ Blockchain
+
#_ Blockchain is a type of distributed ledger technology that maintains a
growing
list of records, called blocks, that are linked using cryptography. Each
block
contains a cryptographic hash of the previous block, a timestamp, and
transaction
data. #_ The design of a blockchain is inherently resistant to data
modification.
Once recorded, the data in any given block cannot be altered retroactively
without
alteration of all subsequent blocks. This makes blockchain technology
suitable for
the recording of events, medical records, identity management, transaction
processing, and documenting provenance, among other things.
🚀 Progressive Delivery
+
A methodology that focuses on delivering new functionality gradually to
prevent
issues and minimize risk.
📝 RFC (Request for Comments)
+
A type of publication from the technology community that describes methods,
behaviors, research, or innovations applicable to the working of the
Internet and
Internet-connected systems.
🔗 REST (Representational State Transfer)
+
An architectural style for designing networked applications, often used in
web
services development.
🔑 Secrets Management
+
The process of managing digital authentication credentials like passwords,
keys, and
tokens.
🔐 HSM (Hardware Security Module)
+
A physical computing device that safeguards and manages digital keys,
performs
encryption and decryption functions for digital signatures, strong
authentication
and other cryptographic functions.
⛅ Cloud-native Technologies
+
Technologies that empower organizations to build and run scalable
applications in
modern, dynamic environments such as public, private, and hybrid clouds.
⚠ Vulnerability Scanning
+
The process of inspecting potential points of exploit on a computer or
network to
identify security holes.
🔗 Microservices
+
An architectural style that structures an application as a collection of
loosely
coupled services, which implement business capabilities. An open standard
(RFC 7519)
that defines a compact and self-contained way for securely transmitting
information
between parties as a JSON object.
🔬 Benchmarking
+
The practice of comparing business processes and performance metrics to
industry
bests and best practices from other companies.
🌉 Cross-Functional Collaboration
+
Collaboration between different functional areas within an organization to
achieve
common goals.
🔄 CI/CD
+
#Continuous Integration (CI): The practice of merging all developers'
working copies
to a shared mainline several times a day.
🏗 Infrastructure as Code (IaC)
+
The process of managing and provisioning computer data centers through
machine-readable definition files, rather than physical hardware
configuration or
interactive configuration tools.
📚 Version Control Systems
+
#Git: A distributed version control system for tracking changes in source
code
during software development.
🔬 Test Automation
+
#_Test Automation involves the use of special software (separate from the
software
being tested) to control the execution of tests and the comparison of actual
outcomes with predicted outcomes. Automated testing can extend the depth and
scope
of tests to help improve software quality.
📦 Containerization
+
#Docker: An open-source platform that automates the deployment, scaling, and
management of applications.
👀 Monitoring and Logging
+
The process of checking the status or progress of something over time and
🧩 Microservices
+
An architectural style that structures an application as a collection of
📊 DevOps Metrics
+
Key Performance Indicators (KPIs) used to evaluate the effectiveness of a
🔒 Security in DevOps (DevSecOps)
+
The philosophy of integrating security practices within the DevOps process.
🗃 GitOps
+
A way of implementing Continuous Deployment for cloud native applications,
🌍 Declarative System
+
In a declarative system, the desired system state is described in a file (or
set of
files), and it's the system's responsibility to achieve this state.
🔄 Convergence
+
In the context of GitOps, convergence refers to the process of the system
moving
towards the desired state, as described in the Git repository. When changes
are made
to the repository, automated processes reconcile the current system state
with the
desired state.
🔁 Reconciliation Loops
+
In GitOps, reconciliation loops are the continuous cycles of checking the
current
system state and applying changes to converge towards the desired state.
These are
often managed by Kubernetes operators or controllers.
💼 Configuration Drift
+
Configuration drift refers to the phenomenon where environments become
inconsistent
over time due to manual changes or updates. GitOps helps to avoid this by
ensuring
all changes are made in the Git repository and automatically applied to the
system.
💻 Infrastructure as Code (IaC)
+
While this isn't exclusive to GitOps, IaC is a key component of the GitOps
approach.
Infrastructure as Code involves managing and provisioning computing
resources
through machine-readable definition files, rather than manual hardware
configuration
or interactive configuration tools.
🚀 Canary Deployments
+
Canary deployments involve releasing new versions of a service to a small
subset of
users before rolling it out to all users. This approach, often used in
conjunction
with GitOps, allows teams to test and monitor the new version in a live
environment
with real users, reducing the risk of a full-scale deployment.
🚫💻 Serverless Architecture
+
A software design pattern where applications are hosted by a third-party
service,
eliminating the need for server software and hardware management.
📜 Scripting & Automation
+
The ability to write scripts in languages like Bash and Python to automate
repetitive tasks.
🔨 Build Tools
+
Tools that automate the creation of executable applications from source code
(e.g.,
Maven, Gradle, and Ant).
🔁 Load Balancing
+
The process of distributing network traffic across multiple servers to
ensure no
single server bears too much demand.
💻 Virtualization
+
The process of creating a virtual version of something, including virtual
computer
hardware systems, storage devices, and computer network resources.
🌍 Web Services
+
Services used by the network to send and receive data (e.g., REST and SOAP).
💾 Database Management
+
Understanding databases, their management, and their interaction with
applications
is a key skill (e.g., MySQL, PostgreSQL, MongoDB).
📈 Scalability
+
The capability of a system to grow and manage increased demand.
🔥 Disaster Recovery
+
The area of security planning that deals with protecting an organization
from
🛡 Incident Management
+
The process to identify, analyze, and correct hazards to prevent a future
re-occurrence.
📝 Documentation
+
Creating high-quality documentation is a key skill for any DevOps engineer.
🧪 Chaos Engineering
+
The discipline of experimenting on a system to build confidence in the
🔐 Access Management
+
The process of granting authorized users the right to use a service, while
🔗 API Management
+
The process of creating, publishing, documenting, and overseeing APIs in a
🧱 Architecture Design
+
The practice of designing the overall architecture of a software system.
🏷 Tagging Strategy
+
A strategy for tagging resources in cloud environments to keep track of
🔍 Observability
+
The ability to infer the internal states of a system based on the outputs it
produces.
🧰 Toolchain Management
+
The process of selecting, integrating, and managing the right set of tools
to
support collaborative development, build, test, and release.
📟 On-call Duty
+
The responsibility of engineers to be available to troubleshoot and resolve
issues
that arise in a production environment.
🎛 Feature Toggles
+
A technique that allows teams to modify system behavior without changing
code.
📑 License Management
+
The process of managing and optimizing the purchase, deployment,
maintenance,
utilization, and disposal of software applications within an organization.
🐳 Docker Images
+
Docker images are lightweight, stand-alone, executable packages that include
everything needed to run a piece of software.
🔄 Kubernetes Pods
+
A pod is the smallest and simplest unit in the Kubernetes object model that
you
create or deploy.
🚀 Deployment Strategies
+
Techniques for updating applications, such as rolling updates, blue/green
deployments, or canary releases.
💽 Disk Imaging
+
The process of copying the contents of a computer hard disk into a data file
📚 Knowledge Sharing
+
A key aspect of DevOps culture, involving the sharing of knowledge and best
practices across the organization.
🌐 Cloud Services Models
+
Different models of cloud services, including IaaS, PaaS, and SaaS.
💤 Idle Process Management
+
The management and removal of idle processes to free up resources.
🕸 Service Mesh
+
A dedicated infrastructure layer for handling service-to-service
communication,
often used in microservices architecture.
💼 Project Management Tools
+
Tools used for project management, like Jira, Trello, or Asana.
📡 Proxy Servers
+
Servers that act as intermediaries for requests from clients seeking
resources from
other servers.
🌁 Cloud Migration
+
The process of moving data, applications, and other business elements from
an
🔒 Secure Sockets Layer (SSL)
+
A standard security technology for establishing an encrypted link between a
server
and a client.
👥 User Experience (UX)
+
The process of creating products that provide meaningful and relevant
experiences to
users.
🔄 Reverse Proxy
+
A type of proxy server that retrieves resources on behalf of a client from
👾 Anomaly Detection
+
The identification of rare items, events, or observations which raise
suspicions by
differing significantly from the majority of the data.
🗺 Site Reliability Engineering (SRE)
+
#_ A discipline that incorporates aspects of software engineering and
applies them
to infrastructure and operations problems. The main goals are to create
scalable and
highly reliable software systems. SRE is a role that was originated at
Google to
bridge the gap between development and operations by applying a software
engineering
mindset to system administration topics. SREs use software as a tool to
manage
systems, solve problems, and automate operations tasks.
🔄 Autoscaling
+
A cloud computing feature that automatically adds or removes compute
resources
depending upon actual usage.
🔑 SSH (Secure Shell)
+
A cryptographic network protocol for operating network services securely
over an
unsecured network.
🧪 Test-Driven Development (TDD)
+
A software development process that relies on the repetition of a very short
development cycle: requirements are turned into very specific test cases,
then the
code is improved so that the tests pass.
💡 Problem Solving
+
The process of finding solutions to difficult or complex issues.
💼 IT Service Management (ITSM)
+
The activities that are performed by an organization to design, plan,
deliver,
operate and control information technology (IT) services offered to
customers.
👀 Peer Reviews
+
The evaluation of work by one or more people with similar competencies who
are not
the people who produced the work.
📊 Data Analysis
+
The process of inspecting, cleansing, transforming, and modeling data with
the goal
of discovering useful information, informing conclusions, and supporting
decision-making.
🌐 Content Delivery Network (CDN)
+
A geographically distributed network of proxy servers and their data
centers.
🔄 Canary Deployment
+
A pattern for rolling out releases to a subset of users or servers.
📨 Messaging Systems
+
Communication systems for exchanging messages between distributed systems
(e.g.,
RabbitMQ, Apache Kafka).
🔐 OAuth
+
An open standard for access delegation, commonly used as a way for Internet
users to
grant websites or applications access to their information on other websites
but
without giving them the passwords.
👤 Identity and Access Management (IAM)
+
A framework of business processes, policies and technologies that
facilitates
🗄 NoSQL Databases
+
Database systems designed to handle large volumes of data that do not fit
the
traditional relational model (e.g., MongoDB, Cassandra).
🏝 Serverless Functions
+
Also known as Functions as a Service (FaaS), these are a type of cloud
service that
allows you to execute specific functions in response to events (e.g., AWS
Lambda).
🔁 ETL (Extract, Transform, Load)
+
A data warehousing process that uses batch processing to help business users
analyze
and report on data relevant to their business focus.
📚 Data Warehousing
+
The process of constructing and using a data warehouse, which is a system
used for
reporting and data analysis.
📊 Big Data
+
Extremely large data sets that may be analyzed computationally to reveal
patterns,
trends, and associations, especially relating to human behavior and
interactions.
🌩 Edge Computing
+
A distributed computing paradigm that brings computation and data storage
closer to
the location where it is needed, to improve response times and save
bandwidth.
🔍 Log Analysis
+
The process of reviewing and evaluating log files from various sources to
identify
trends or potential security threats.
🎛 Dashboarding
+
The process of creating a visual representation of data, which can be used
to
analyze and make decisions.
🔑 Key Management
+
The administrative control of creating, distributing, using, storing, and
🔒 HTTPS (HTTP Secure)
+
An extension of the Hypertext Transfer Protocol. It is used for secure
communication
over a computer network, and is widely used on the Internet.
🌐 Web Application Firewall (WAF)
+
A firewall that monitors, filters, or blocks data packets as they travel to
and from
a web application.
🔏 Single Sign-On (SSO)
+
An authentication scheme that allows a user to log in with a single ID and
🔁 Blue-Green Deployment
+
A release management strategy that reduces downtime and risk by running two
identical production environments called Blue and Green.
🌁 Fog Computing
+
A decentralized computing infrastructure in which data, compute, storage,
and
applications are distributed in the most logical, efficient place between
the data
source and the cloud.
📝 RFC (Request for Comments)
+
A type of publication from the technology community that describes methods,
behaviors, research, or innovations applicable to the working of the
Internet and
Internet-connected systems.
🔗 REST (Representational State Transfer)
+
An architectural style for designing networked applications, often used in
🔑 Secrets Management
+
The process of managing digital authentication credentials like passwords,
keys, and
tokens.
🔐 HSM (Hardware Security Module)
+
A physical computing device that safeguards and manages digital keys,
performs
encryption and decryption functions for digital signatures, strong
authentication
and other cryptographic functions.
🔗 Microservices
+
An architectural style that structures an application as a collection of
🔬 Benchmarking
+
The practice of comparing business processes and performance metrics to
🌉 Cross-Functional Collaboration
+
Collaboration between different functional areas within an organization to
achieve
common goals.
🔄 CI/CD
+
#Continuous Integration (CI): The practice of merging all developers'
working copies
to a shared mainline several times a day. #Continuous Deployment (CD): The
practice
of releasing every change to customers through an automated pipeline.
🏗 Infrastructure as Code (IaC)
+
The process of managing and provisioning computer data centers through
machine-readable definition files, rather than physical hardware
configuration or
interactive configuration tools.
📚 Version Control Systems
+
#Git: A distributed version control system for tracking changes in source
code
during software development. #Subversion: A centralized version control
system
characterized by its reliability as a safe haven for valuable data.
🔬 Test Automation
+
#_Test Automation involves the use of special software (separate from the
software
being tested) to control the execution of tests and the comparison of actual
outcomes with predicted outcomes. Automated testing can extend the depth and
scope
of tests to help improve software quality. #_It involves automating a manual
process
necessary for the testing phase of the software development lifecycle. These
tests
can include functionality testing, performance testing, regression testing,
and
more. #_The goal of test automation is to increase efficiency,
effectiveness, and
coverage of software testing with the least amount of human intervention. It
allows
for the repeated running of these tests, which would be otherwise difficult
to
perform manually. #_Test automation is a critical part of Continuous
Integration and
Continuous Deployment (CI/CD) practices, as it enables frequent and
consistent
testing to catch issues as early as possible.
⚙️ Configuration Management
+
The process of systematically handling changes to a system in a way that it
maintains integrity over time.
📦 Containerization
+
#Docker: An open-source platform that automates the deployment, scaling, and
management of applications. #Kubernetes: An open-source system for
automating
deployment, scaling, and management of containerized applications.
👀 Monitoring and Logging
+
The process of checking the status or progress of something over time and
maintaining an ordered record of events.
🧩 Microservices
+
An architectural style that structures an application as a collection of
services
that are highly maintainable and testable.
📊 DevOps Metrics
+
Key Performance Indicators (KPIs) used to evaluate the effectiveness of a
DevOps
team, like deployment frequency or mean time to recovery.
☁ Cloud Computing
+
#AWS: Amazon's cloud computing platform that provides a mix of
infrastructure as a
service (IaaS), platform as a service (PaaS), and packaged software as a
service
(SaaS) offerings. #Azure: Microsoft's public cloud computing platform. #GCP:
Google's suite of cloud computing services that runs on the same
infrastructure that
Google uses internally for its end-user products.
🔒 Security in DevOps (DevSecOps)
+
The philosophy of integrating security practices within the DevOps process.
🗃 GitOps
+
A way of implementing Continuous Deployment for cloud native applications,
using Git
as a 'single source of truth'.
🌍 Declarative System
+
In a declarative system, the desired system state is described in a file (or
set of
files), and it's the system's responsibility to achieve this state. This
contrasts
with an imperative system, where specific commands are executed to reach the
desired
state. GitOps relies on declarative specifications to manage system
configurations.
🔄 Convergence
+
In the context of GitOps, convergence refers to the process of the system
moving
towards the desired state, as described in the Git repository. When changes
are made
to the repository, automated processes reconcile the current system state
with the
desired state.
🔁 Reconciliation Loops
+
In GitOps, reconciliation loops are the continuous cycles of checking the
current
system state and applying changes to converge towards the desired state.
These are
often managed by Kubernetes operators or controllers.
💼 Configuration Drift
+
Configuration drift refers to the phenomenon where environments become
inconsistent
over time due to manual changes or updates. GitOps helps to avoid this by
ensuring
all changes are made in the Git repository and automatically applied to the
system.
💻 Infrastructure as Code (IaC)
+
While this isn't exclusive to GitOps, IaC is a key component of the GitOps
approach.
Infrastructure as Code involves managing and provisioning computing
resources
through machine-readable definition files, rather than manual hardware
configuration
or interactive configuration tools. In GitOps, all changes to the system are
made
through the Git repository. This provides a clear audit trail of all
changes,
supports easy rollbacks, and ensures all changes are reviewed and approved
before
being applied to the system.
🚀 Canary Deployments
+
Canary deployments involve releasing new versions of a service to a small
subset of
users before rolling it out to all users. This approach, often used in
conjunction
with GitOps, allows teams to test and monitor the new version in a live
environment
with real users, reducing the risk of a full-scale deployment.
🚫💻 Serverless Architecture
+
A software design pattern where applications are hosted by a third-party
service,
eliminating the need for server software and hardware management. Agile
Methodology
An approach to project management, used in software development, that helps
teams
respond to the unpredictability of building software through incremental,
iterative
work cadences, known as sprints. IT Operations The set of all processes and
services
that are both provisioned by an IT staff to their internal or external
clients and
used by themselves.
📜 Scripting & Automation
+
The ability to write scripts in languages like Bash and Python to automate
repetitive tasks.
🔨 Build Tools
+
Tools that automate the creation of executable applications from source code
(e.g.,
Maven, Gradle, and Ant). Understanding the basics of networking is crucial
for
creating and managing applications in the Cloud.
⏱ Performance Testing
+
Testing conducted to determine how a system performs in terms of
responsiveness and
stability under a particular workload.
🔁 Load Balancing
+
The process of distributing network traffic across multiple servers to
ensure no
single server bears too much demand.
💻 Virtualization
+
The process of creating a virtual version of something, including virtual
computer
hardware systems, storage devices, and computer network resources.
🌍 Web Services
+
Services used by the network to send and receive data (e.g., REST and SOAP).
💾 Database Management
+
Understanding databases, their management, and their interaction with
applications
is a key skill (e.g., MySQL, PostgreSQL, MongoDB).
📈 Scalability
+
The capability of a system to grow and manage increased demand.
🔥 Disaster Recovery
+
The area of security planning that deals with protecting an organization
from the
effects of significant negative events.
🛡 Incident Management
+
The process to identify, analyze, and correct hazards to prevent a future
re-occurrence. The process of managing the incoming and outgoing network
traffic.
⚖ Capacity Planning
+
The process of determining the production capacity needed by an organization
to meet
changing demands for its products.
📝 Documentation
+
Creating high-quality documentation is a key skill for any DevOps engineer.
🧪 Chaos Engineering
+
The discipline of experimenting on a system to build confidence in the
system's
capability to withstand turbulent conditions in production.
🔐 Access Management
+
The process of granting authorized users the right to use a service, while
preventing access to non-authorized users.
🔗 API Management
+
The process of creating, publishing, documenting, and overseeing APIs in a
secure
and scalable environment.
🧱 Architecture Design
+
The practice of designing the overall architecture of a software system.
🏷 Tagging Strategy
+
A strategy for tagging resources in cloud environments to keep track of
ownership
and costs.
🔍 Observability
+
The ability to infer the internal states of a system based on the outputs it
produces. A storage space for binary and source code artifacts (e.g., JFrog
Artifactory).
🧰 Toolchain Management
+
The process of selecting, integrating, and managing the right set of tools
to
support collaborative development, build, test, and release.
📟 On-call Duty
+
The responsibility of engineers to be available to troubleshoot and resolve
issues
that arise in a production environment.
🎛 Feature Toggles
+
A technique that allows teams to modify system behavior without changing
code.
📑 License Management
+
The process of managing and optimizing the purchase, deployment,
maintenance,
utilization, and disposal of software applications within an organization.
🐳 Docker Images
+
Docker images are lightweight, stand-alone, executable packages that include
everything needed to run a piece of software.
🔄 Kubernetes Pods
+
A pod is the smallest and simplest unit in the Kubernetes object model that
you
create or deploy.
🚀 Deployment Strategies
+
Techniques for updating applications, such as rolling updates, blue/green
deployments, or canary releases.
⚙ YAML, JSON
+
These are data serialization languages often used for configuration files
and in
applications where data is being stored or transmitted. A software emulation
of a
physical computer, running an operating system and applications just like a
physical
computer.
💽 Disk Imaging
+
The process of copying the contents of a computer hard disk into a data file
or disk
image.
📚 Knowledge Sharing
+
A key aspect of DevOps culture, involving the sharing of knowledge and best
practices across the organization.
🌐 Cloud Services Models
+
Different models of cloud services, including IaaS, PaaS, and SaaS.
💤 Idle Process Management
+
The management and removal of idle processes to free up resources.
🕸 Service Mesh
+
A dedicated infrastructure layer for handling service-to-service
communication,
often used in microservices architecture.
💼 Project Management Tools
+
Tools used for project management, like Jira, Trello, or Asana.
📡 Proxy Servers
+
Servers that act as intermediaries for requests from clients seeking
resources from
other servers.
🌁 Cloud Migration
+
The process of moving data, applications, and other business elements from
an
organization's onsite computers to the cloud.
Hybrid Cloud
+
A cloud computing environment that uses a mix of on-premises, private cloud,
and
third-party, public cloud services with orchestration between the two
platforms.
☸ Helm in Kubernetes
+
Helm is a package manager for Kubernetes that allows developers and
operators to
more easily package, configure, and deploy applications and services onto
Kubernetes
clusters.
🔒 Secure Sockets Layer (SSL)
+
A standard security technology for establishing an encrypted link between a
server
and a client.
👥 User Experience (UX)
+
The process of creating products that provide meaningful and relevant
experiences to
users.
🔄 Reverse Proxy
+
A type of proxy server that retrieves resources on behalf of a client from
one or
more servers.
👾 Anomaly Detection
+
The identification of rare items, events, or observations which raise
suspicions by
differing significantly from the majority of the data.
🗺 Site Reliability Engineering (SRE)
+
#_ A discipline that incorporates aspects of software engineering and
applies them
to infrastructure and operations problems. The main goals are to create
scalable and
highly reliable software systems. SRE is a role that was originated at
Google to
bridge the gap between development and operations by applying a software
engineering
mindset to system administration topics. SREs use software as a tool to
manage
systems, solve problems, and automate operations tasks. #_ The core
principle of SRE
is to treat operations as if it's a software problem. They define a set of
work that
includes automation, continuous integration/delivery, ensuring reliability
and
uptime, and enforcing performance. They work closely with product teams to
advise on
the operability of systems, ensure they are prepared for new releases and
can scale
to the demands of the business.
🔄 Autoscaling
+
A cloud computing feature that automatically adds or removes compute
resources
depending upon actual usage.
🔑 SSH (Secure Shell)
+
A cryptographic network protocol for operating network services securely
over an
unsecured network.
🧪 Test-Driven Development (TDD)
+
A software development process that relies on the repetition of a very short
development cycle: requirements are turned into very specific test cases,
then the
code is improved so that the tests pass.
💡 Problem Solving
+
The process of finding solutions to difficult or complex issues.
💼 IT Service Management (ITSM)
+
The activities that are performed by an organization to design, plan,
deliver,
operate and control information technology (IT) services offered to
customers.
👀 Peer Reviews
+
The evaluation of work by one or more people with similar competencies who
are not
the people who produced the work.
📊 Data Analysis
+
The process of inspecting, cleansing, transforming, and modeling data with
the goal
of discovering useful information, informing conclusions, and supporting
decision-making.
UI Design
+
The process of making interfaces in software or computerized devices with a
focus on
looks or style.
🌐 Content Delivery Network (CDN)
+
A geographically distributed network of proxy servers and their data
centers. Visual
Regression Testing A form of regression testing that involves checking a
system's
graphical user interface (GUI) against previous versions.
🔄 Canary Deployment
+
A pattern for rolling out releases to a subset of users or servers.
📨 Messaging Systems
+
Communication systems for exchanging messages between distributed systems
(e.g.,
RabbitMQ, Apache Kafka).
🔐 OAuth
+
An open standard for access delegation, commonly used as a way for Internet
users to
grant websites or applications access to their information on other websites
but
without giving them the passwords.
👤 Identity and Access Management (IAM)
+
A framework of business processes, policies and technologies that
facilitates the
management of electronic or digital identities.
🗄 NoSQL Databases
+
Database systems designed to handle large volumes of data that do not fit
the
traditional relational model (e.g., MongoDB, Cassandra).
🏝 Serverless Functions
+
Also known as Functions as a Service (FaaS), these are a type of cloud
service that
allows you to execute specific functions in response to events (e.g., AWS
Lambda).
Hexagonal Architecture
+
Also known as Ports and Adapters, this is a design pattern that favors the
separation of concerns and loose coupling.
🔁 ETL (Extract, Transform, Load)
+
A data warehousing process that uses batch processing to help business users
analyze
and report on data relevant to their business focus.
📚 Data Warehousing
+
The process of constructing and using a data warehouse, which is a system
used for
reporting and data analysis.
📊 Big Data
+
Extremely large data sets that may be analyzed computationally to reveal
patterns,
trends, and associations, especially relating to human behavior and
interactions.
🌩 Edge Computing
+
A distributed computing paradigm that brings computation and data storage
closer to
the location where it is needed, to improve response times and save
bandwidth.
🔍 Log Analysis
+
The process of reviewing and evaluating log files from various sources to
identify
trends or potential security threats.
🎛 Dashboarding
+
The process of creating a visual representation of data, which can be used
to
analyze and make decisions.
🔑 Key Management
+
The administrative control of creating, distributing, using, storing, and
replacing
cryptographic keys in a cryptosystem.
🔍 A/B Testing
+
A randomized experiment with two variants, A and B, which are the control
and
variation in the controlled experiment.
🔒 HTTPS (HTTP Secure)
+
An extension of the Hypertext Transfer Protocol. It is used for secure
communication
over a computer network, and is widely used on the Internet.
🌐 Web Application Firewall (WAF)
+
A firewall that monitors, filters, or blocks data packets as they travel to
and from
a web application.
🔏 Single Sign-On (SSO)
+
An authentication scheme that allows a user to log in with a single ID and
password
to any of several related, yet independent, software systems.
🔁 Blue-Green Deployment
+
A release management strategy that reduces downtime and risk by running two
identical production environments called Blue and Green.
🌁 Fog Computing
+
A decentralized computing infrastructure in which data, compute, storage,
and
applications are distributed in the most logical, efficient place between
the data
source and the cloud.
⛓ Blockchain
+
#_ Blockchain is a type of distributed ledger technology that maintains a
growing
list of records, called blocks, that are linked using cryptography. Each
block
contains a cryptographic hash of the previous block, a timestamp, and
transaction
data. #_ The design of a blockchain is inherently resistant to data
modification.
Once recorded, the data in any given block cannot be altered retroactively
without
alteration of all subsequent blocks. This makes blockchain technology
suitable for
the recording of events, medical records, identity management, transaction
processing, and documenting provenance, among other things.
🚀 Progressive Delivery
+
A methodology that focuses on delivering new functionality gradually to
prevent
issues and minimize risk.
📝 RFC (Request for Comments)
+
A type of publication from the technology community that describes methods,
behaviors, research, or innovations applicable to the working of the
Internet and
Internet-connected systems.
🔗 REST (Representational State Transfer)
+
An architectural style for designing networked applications, often used in
web
services development.
🔑 Secrets Management
+
The process of managing digital authentication credentials like passwords,
keys, and
tokens.
🔐 HSM (Hardware Security Module)
+
A physical computing device that safeguards and manages digital keys,
performs
encryption and decryption functions for digital signatures, strong
authentication
and other cryptographic functions.
⛅ Cloud-native Technologies
+
Technologies that empower organizations to build and run scalable
applications in
modern, dynamic environments such as public, private, and hybrid clouds.
⚠ Vulnerability Scanning
+
The process of inspecting potential points of exploit on a computer or
network to
identify security holes.
🔗 Microservices
+
An architectural style that structures an application as a collection of
loosely
coupled services, which implement business capabilities. An open standard
(RFC 7519)
that defines a compact and self-contained way for securely transmitting
information
between parties as a JSON object.
🔬 Benchmarking
+
The practice of comparing business processes and performance metrics to
industry
bests and best practices from other companies.
🌉 Cross-Functional Collaboration
+
Collaboration between different functional areas within an organization to
achieve
common goals.
🔄 CI/CD
+
#Continuous Integration (CI): The practice of merging all developers'
working copies
to a shared mainline several times a day.
🏗 Infrastructure as Code (IaC)
+
The process of managing and provisioning computer data centers through
machine-readable definition files, rather than physical hardware
configuration or
interactive configuration tools.
📚 Version Control Systems
+
#Git: A distributed version control system for tracking changes in source
code
during software development.
🔬 Test Automation
+
#_Test Automation involves the use of special software (separate from the
software
being tested) to control the execution of tests and the comparison of actual
outcomes with predicted outcomes. Automated testing can extend the depth and
scope
of tests to help improve software quality.
📦 Containerization
+
#Docker: An open-source platform that automates the deployment, scaling, and
management of applications.
👀 Monitoring and Logging
+
The process of checking the status or progress of something over time and
🧩 Microservices
+
An architectural style that structures an application as a collection of
📊 DevOps Metrics
+
Key Performance Indicators (KPIs) used to evaluate the effectiveness of a
🔒 Security in DevOps (DevSecOps)
+
The philosophy of integrating security practices within the DevOps process.
🗃 GitOps
+
A way of implementing Continuous Deployment for cloud native applications,
🌍 Declarative System
+
In a declarative system, the desired system state is described in a file (or
set of
files), and it's the system's responsibility to achieve this state.
🔄 Convergence
+
In the context of GitOps, convergence refers to the process of the system
moving
towards the desired state, as described in the Git repository. When changes
are made
to the repository, automated processes reconcile the current system state
with the
desired state.
🔁 Reconciliation Loops
+
In GitOps, reconciliation loops are the continuous cycles of checking the
current
system state and applying changes to converge towards the desired state.
These are
often managed by Kubernetes operators or controllers.
💼 Configuration Drift
+
Configuration drift refers to the phenomenon where environments become
inconsistent
over time due to manual changes or updates. GitOps helps to avoid this by
ensuring
all changes are made in the Git repository and automatically applied to the
system.
💻 Infrastructure as Code (IaC)
+
While this isn't exclusive to GitOps, IaC is a key component of the GitOps
approach.
Infrastructure as Code involves managing and provisioning computing
resources
through machine-readable definition files, rather than manual hardware
configuration
or interactive configuration tools.
🚀 Canary Deployments
+
Canary deployments involve releasing new versions of a service to a small
subset of
users before rolling it out to all users. This approach, often used in
conjunction
with GitOps, allows teams to test and monitor the new version in a live
environment
with real users, reducing the risk of a full-scale deployment.
🚫💻 Serverless Architecture
+
A software design pattern where applications are hosted by a third-party
service,
eliminating the need for server software and hardware management.
📜 Scripting & Automation
+
The ability to write scripts in languages like Bash and Python to automate
repetitive tasks.
🔨 Build Tools
+
Tools that automate the creation of executable applications from source code
(e.g.,
Maven, Gradle, and Ant).
🔁 Load Balancing
+
The process of distributing network traffic across multiple servers to
ensure no
single server bears too much demand.
💻 Virtualization
+
The process of creating a virtual version of something, including virtual
computer
hardware systems, storage devices, and computer network resources.
🌍 Web Services
+
Services used by the network to send and receive data (e.g., REST and SOAP).
💾 Database Management
+
Understanding databases, their management, and their interaction with
applications
is a key skill (e.g., MySQL, PostgreSQL, MongoDB).
📈 Scalability
+
The capability of a system to grow and manage increased demand.
🔥 Disaster Recovery
+
The area of security planning that deals with protecting an organization
from
🛡 Incident Management
+
The process to identify, analyze, and correct hazards to prevent a future
re-occurrence.
📝 Documentation
+
Creating high-quality documentation is a key skill for any DevOps engineer.
🧪 Chaos Engineering
+
The discipline of experimenting on a system to build confidence in the
🔐 Access Management
+
The process of granting authorized users the right to use a service, while
🔗 API Management
+
The process of creating, publishing, documenting, and overseeing APIs in a
🧱 Architecture Design
+
The practice of designing the overall architecture of a software system.
🏷 Tagging Strategy
+
A strategy for tagging resources in cloud environments to keep track of
🔍 Observability
+
The ability to infer the internal states of a system based on the outputs it
produces.
🧰 Toolchain Management
+
The process of selecting, integrating, and managing the right set of tools
to
support collaborative development, build, test, and release.
📟 On-call Duty
+
The responsibility of engineers to be available to troubleshoot and resolve
issues
that arise in a production environment.
🎛 Feature Toggles
+
A technique that allows teams to modify system behavior without changing
code.
📑 License Management
+
The process of managing and optimizing the purchase, deployment,
maintenance,
utilization, and disposal of software applications within an organization.
🐳 Docker Images
+
Docker images are lightweight, stand-alone, executable packages that include
everything needed to run a piece of software.
🔄 Kubernetes Pods
+
A pod is the smallest and simplest unit in the Kubernetes object model that
you
create or deploy.
🚀 Deployment Strategies
+
Techniques for updating applications, such as rolling updates, blue/green
deployments, or canary releases.
💽 Disk Imaging
+
The process of copying the contents of a computer hard disk into a data file
📚 Knowledge Sharing
+
A key aspect of DevOps culture, involving the sharing of knowledge and best
practices across the organization.
🌐 Cloud Services Models
+
Different models of cloud services, including IaaS, PaaS, and SaaS.
💤 Idle Process Management
+
The management and removal of idle processes to free up resources.
🕸 Service Mesh
+
A dedicated infrastructure layer for handling service-to-service
communication,
often used in microservices architecture.
💼 Project Management Tools
+
Tools used for project management, like Jira, Trello, or Asana.
📡 Proxy Servers
+
Servers that act as intermediaries for requests from clients seeking
resources from
other servers.
🌁 Cloud Migration
+
The process of moving data, applications, and other business elements from
an
🔒 Secure Sockets Layer (SSL)
+
A standard security technology for establishing an encrypted link between a
server
and a client.
👥 User Experience (UX)
+
The process of creating products that provide meaningful and relevant
experiences to
users.
🔄 Reverse Proxy
+
A type of proxy server that retrieves resources on behalf of a client from
👾 Anomaly Detection
+
The identification of rare items, events, or observations which raise
suspicions by
differing significantly from the majority of the data.
🗺 Site Reliability Engineering (SRE)
+
#_ A discipline that incorporates aspects of software engineering and
applies them
to infrastructure and operations problems. The main goals are to create
scalable and
highly reliable software systems. SRE is a role that was originated at
Google to
bridge the gap between development and operations by applying a software
engineering
mindset to system administration topics. SREs use software as a tool to
manage
systems, solve problems, and automate operations tasks.
🔄 Autoscaling
+
A cloud computing feature that automatically adds or removes compute
resources
depending upon actual usage.
🔑 SSH (Secure Shell)
+
A cryptographic network protocol for operating network services securely
over an
unsecured network.
🧪 Test-Driven Development (TDD)
+
A software development process that relies on the repetition of a very short
development cycle: requirements are turned into very specific test cases,
then the
code is improved so that the tests pass.
💡 Problem Solving
+
The process of finding solutions to difficult or complex issues.
💼 IT Service Management (ITSM)
+
The activities that are performed by an organization to design, plan,
deliver,
operate and control information technology (IT) services offered to
customers.
👀 Peer Reviews
+
The evaluation of work by one or more people with similar competencies who
are not
the people who produced the work.
📊 Data Analysis
+
The process of inspecting, cleansing, transforming, and modeling data with
the goal
of discovering useful information, informing conclusions, and supporting
decision-making.
🌐 Content Delivery Network (CDN)
+
A geographically distributed network of proxy servers and their data
centers.
🔄 Canary Deployment
+
A pattern for rolling out releases to a subset of users or servers.
📨 Messaging Systems
+
Communication systems for exchanging messages between distributed systems
(e.g.,
RabbitMQ, Apache Kafka).
🔐 OAuth
+
An open standard for access delegation, commonly used as a way for Internet
users to
grant websites or applications access to their information on other websites
but
without giving them the passwords.
👤 Identity and Access Management (IAM)
+
A framework of business processes, policies and technologies that
facilitates
🗄 NoSQL Databases
+
Database systems designed to handle large volumes of data that do not fit
the
traditional relational model (e.g., MongoDB, Cassandra).
🏝 Serverless Functions
+
Also known as Functions as a Service (FaaS), these are a type of cloud
service that
allows you to execute specific functions in response to events (e.g., AWS
Lambda).
🔁 ETL (Extract, Transform, Load)
+
A data warehousing process that uses batch processing to help business users
analyze
and report on data relevant to their business focus.
📚 Data Warehousing
+
The process of constructing and using a data warehouse, which is a system
used for
reporting and data analysis.
📊 Big Data
+
Extremely large data sets that may be analyzed computationally to reveal
patterns,
trends, and associations, especially relating to human behavior and
interactions.
🌩 Edge Computing
+
A distributed computing paradigm that brings computation and data storage
closer to
the location where it is needed, to improve response times and save
bandwidth.
🔍 Log Analysis
+
The process of reviewing and evaluating log files from various sources to
identify
trends or potential security threats.
🎛 Dashboarding
+
The process of creating a visual representation of data, which can be used
to
analyze and make decisions.
🔑 Key Management
+
The administrative control of creating, distributing, using, storing, and
🔒 HTTPS (HTTP Secure)
+
An extension of the Hypertext Transfer Protocol. It is used for secure
communication
over a computer network, and is widely used on the Internet.
🌐 Web Application Firewall (WAF)
+
A firewall that monitors, filters, or blocks data packets as they travel to
and from
a web application.
🔏 Single Sign-On (SSO)
+
An authentication scheme that allows a user to log in with a single ID and
🔁 Blue-Green Deployment
+
A release management strategy that reduces downtime and risk by running two
identical production environments called Blue and Green.
🌁 Fog Computing
+
A decentralized computing infrastructure in which data, compute, storage,
and
applications are distributed in the most logical, efficient place between
the data
source and the cloud.
📝 RFC (Request for Comments)
+
A type of publication from the technology community that describes methods,
behaviors, research, or innovations applicable to the working of the
Internet and
Internet-connected systems.
🔗 REST (Representational State Transfer)
+
An architectural style for designing networked applications, often used in
🔑 Secrets Management
+
The process of managing digital authentication credentials like passwords,
keys, and
tokens.
🔐 HSM (Hardware Security Module)
+
A physical computing device that safeguards and manages digital keys,
performs
encryption and decryption functions for digital signatures, strong
authentication
and other cryptographic functions.
🔗 Microservices
+
An architectural style that structures an application as a collection of
🔬 Benchmarking
+
The practice of comparing business processes and performance metrics to
🌉 Cross-Functional Collaboration
+
Collaboration between different functional areas within an organization to
achieve
common goals.
🔄 CI/CD
+
#Continuous Integration (CI): The practice of merging all developers'
working copies
to a shared mainline several times a day. #Continuous Deployment (CD): The
practice
of releasing every change to customers through an automated pipeline.
🏗 Infrastructure as Code (IaC)
+
The process of managing and provisioning computer data centers through
machine-readable definition files, rather than physical hardware
configuration or
interactive configuration tools.
📚 Version Control Systems
+
#Git: A distributed version control system for tracking changes in source
code
during software development. #Subversion: A centralized version control
system
characterized by its reliability as a safe haven for valuable data.
🔬 Test Automation
+
#_Test Automation involves the use of special software (separate from the
software
being tested) to control the execution of tests and the comparison of actual
outcomes with predicted outcomes. Automated testing can extend the depth and
scope
of tests to help improve software quality. #_It involves automating a manual
process
necessary for the testing phase of the software development lifecycle. These
tests
can include functionality testing, performance testing, regression testing,
and
more. #_The goal of test automation is to increase efficiency,
effectiveness, and
coverage of software testing with the least amount of human intervention. It
allows
for the repeated running of these tests, which would be otherwise difficult
to
perform manually. #_Test automation is a critical part of Continuous
Integration and
Continuous Deployment (CI/CD) practices, as it enables frequent and
consistent
testing to catch issues as early as possible.
⚙️ Configuration Management
+
The process of systematically handling changes to a system in a way that it
maintains integrity over time.
📦 Containerization
+
#Docker: An open-source platform that automates the deployment, scaling, and
management of applications. #Kubernetes: An open-source system for
automating
deployment, scaling, and management of containerized applications.
👀 Monitoring and Logging
+
The process of checking the status or progress of something over time and
maintaining an ordered record of events.
🧩 Microservices
+
An architectural style that structures an application as a collection of
services
that are highly maintainable and testable.
📊 DevOps Metrics
+
Key Performance Indicators (KPIs) used to evaluate the effectiveness of a
DevOps
team, like deployment frequency or mean time to recovery.
☁ Cloud Computing
+
#AWS: Amazon's cloud computing platform that provides a mix of
infrastructure as a
service (IaaS), platform as a service (PaaS), and packaged software as a
service
(SaaS) offerings. #Azure: Microsoft's public cloud computing platform. #GCP:
Google's suite of cloud computing services that runs on the same
infrastructure that
Google uses internally for its end-user products.
🔒 Security in DevOps (DevSecOps)
+
The philosophy of integrating security practices within the DevOps process.
🗃 GitOps
+
A way of implementing Continuous Deployment for cloud native applications,
using Git
as a 'single source of truth'.
🌍 Declarative System
+
In a declarative system, the desired system state is described in a file (or
set of
files), and it's the system's responsibility to achieve this state. This
contrasts
with an imperative system, where specific commands are executed to reach the
desired
state. GitOps relies on declarative specifications to manage system
configurations.
🔄 Convergence
+
In the context of GitOps, convergence refers to the process of the system
moving
towards the desired state, as described in the Git repository. When changes
are made
to the repository, automated processes reconcile the current system state
with the
desired state.
🔁 Reconciliation Loops
+
In GitOps, reconciliation loops are the continuous cycles of checking the
current
system state and applying changes to converge towards the desired state.
These are
often managed by Kubernetes operators or controllers.
💼 Configuration Drift
+
Configuration drift refers to the phenomenon where environments become
inconsistent
over time due to manual changes or updates. GitOps helps to avoid this by
ensuring
all changes are made in the Git repository and automatically applied to the
system.
💻 Infrastructure as Code (IaC)
+
While this isn't exclusive to GitOps, IaC is a key component of the GitOps
approach.
Infrastructure as Code involves managing and provisioning computing
resources
through machine-readable definition files, rather than manual hardware
configuration
or interactive configuration tools. In GitOps, all changes to the system are
made
through the Git repository. This provides a clear audit trail of all
changes,
supports easy rollbacks, and ensures all changes are reviewed and approved
before
being applied to the system.
🚀 Canary Deployments
+
Canary deployments involve releasing new versions of a service to a small
subset of
users before rolling it out to all users. This approach, often used in
conjunction
with GitOps, allows teams to test and monitor the new version in a live
environment
with real users, reducing the risk of a full-scale deployment.
🚫💻 Serverless Architecture
+
A software design pattern where applications are hosted by a third-party
service,
eliminating the need for server software and hardware management. Agile
Methodology
An approach to project management, used in software development, that helps
teams
respond to the unpredictability of building software through incremental,
iterative
work cadences, known as sprints. IT Operations The set of all processes and
services
that are both provisioned by an IT staff to their internal or external
clients and
used by themselves.
📜 Scripting & Automation
+
The ability to write scripts in languages like Bash and Python to automate
repetitive tasks.
🔨 Build Tools
+
Tools that automate the creation of executable applications from source code
(e.g.,
Maven, Gradle, and Ant). Understanding the basics of networking is crucial
for
creating and managing applications in the Cloud.
⏱ Performance Testing
+
Testing conducted to determine how a system performs in terms of
responsiveness and
stability under a particular workload.
🔁 Load Balancing
+
The process of distributing network traffic across multiple servers to
ensure no
single server bears too much demand.
💻 Virtualization
+
The process of creating a virtual version of something, including virtual
computer
hardware systems, storage devices, and computer network resources.
🌍 Web Services
+
Services used by the network to send and receive data (e.g., REST and SOAP).
💾 Database Management
+
Understanding databases, their management, and their interaction with
applications
is a key skill (e.g., MySQL, PostgreSQL, MongoDB).
📈 Scalability
+
The capability of a system to grow and manage increased demand.
🔥 Disaster Recovery
+
The area of security planning that deals with protecting an organization
from the
effects of significant negative events.
🛡 Incident Management
+
The process to identify, analyze, and correct hazards to prevent a future
re-occurrence. The process of managing the incoming and outgoing network
traffic.
⚖ Capacity Planning
+
The process of determining the production capacity needed by an organization
to meet
changing demands for its products.
📝 Documentation
+
Creating high-quality documentation is a key skill for any DevOps engineer.
🧪 Chaos Engineering
+
The discipline of experimenting on a system to build confidence in the
system's
capability to withstand turbulent conditions in production.
🔐 Access Management
+
The process of granting authorized users the right to use a service, while
preventing access to non-authorized users.
🔗 API Management
+
The process of creating, publishing, documenting, and overseeing APIs in a
secure
and scalable environment.
🧱 Architecture Design
+
The practice of designing the overall architecture of a software system.
🏷 Tagging Strategy
+
A strategy for tagging resources in cloud environments to keep track of
ownership
and costs.
🔍 Observability
+
The ability to infer the internal states of a system based on the outputs it
produces. A storage space for binary and source code artifacts (e.g., JFrog
Artifactory).
🧰 Toolchain Management
+
The process of selecting, integrating, and managing the right set of tools
to
support collaborative development, build, test, and release.
📟 On-call Duty
+
The responsibility of engineers to be available to troubleshoot and resolve
issues
that arise in a production environment.
🎛 Feature Toggles
+
A technique that allows teams to modify system behavior without changing
code.
📑 License Management
+
The process of managing and optimizing the purchase, deployment,
maintenance,
utilization, and disposal of software applications within an organization.
🐳 Docker Images
+
Docker images are lightweight, stand-alone, executable packages that include
everything needed to run a piece of software.
🔄 Kubernetes Pods
+
A pod is the smallest and simplest unit in the Kubernetes object model that
you
create or deploy.
🚀 Deployment Strategies
+
Techniques for updating applications, such as rolling updates, blue/green
deployments, or canary releases.
⚙ YAML, JSON
+
These are data serialization languages often used for configuration files
and in
applications where data is being stored or transmitted. A software emulation
of a
physical computer, running an operating system and applications just like a
physical
computer.
💽 Disk Imaging
+
The process of copying the contents of a computer hard disk into a data file
or disk
image.
📚 Knowledge Sharing
+
A key aspect of DevOps culture, involving the sharing of knowledge and best
practices across the organization.
🌐 Cloud Services Models
+
Different models of cloud services, including IaaS, PaaS, and SaaS.
💤 Idle Process Management
+
The management and removal of idle processes to free up resources.
🕸 Service Mesh
+
A dedicated infrastructure layer for handling service-to-service
communication,
often used in microservices architecture.
💼 Project Management Tools
+
Tools used for project management, like Jira, Trello, or Asana.
📡 Proxy Servers
+
Servers that act as intermediaries for requests from clients seeking
resources from
other servers.
🌁 Cloud Migration
+
The process of moving data, applications, and other business elements from
an
organization's onsite computers to the cloud.
Hybrid Cloud
+
A cloud computing environment that uses a mix of on-premises, private cloud,
and
third-party, public cloud services with orchestration between the two
platforms.
☸ Helm in Kubernetes
+
Helm is a package manager for Kubernetes that allows developers and
operators to
more easily package, configure, and deploy applications and services onto
Kubernetes
clusters.
🔒 Secure Sockets Layer (SSL)
+
A standard security technology for establishing an encrypted link between a
server
and a client.
👥 User Experience (UX)
+
The process of creating products that provide meaningful and relevant
experiences to
users.
🔄 Reverse Proxy
+
A type of proxy server that retrieves resources on behalf of a client from
one or
more servers.
👾 Anomaly Detection
+
The identification of rare items, events, or observations which raise
suspicions by
differing significantly from the majority of the data.
🗺 Site Reliability Engineering (SRE)
+
#_ A discipline that incorporates aspects of software engineering and
applies them
to infrastructure and operations problems. The main goals are to create
scalable and
highly reliable software systems. SRE is a role that was originated at
Google to
bridge the gap between development and operations by applying a software
engineering
mindset to system administration topics. SREs use software as a tool to
manage
systems, solve problems, and automate operations tasks. #_ The core
principle of SRE
is to treat operations as if it's a software problem. They define a set of
work that
includes automation, continuous integration/delivery, ensuring reliability
and
uptime, and enforcing performance. They work closely with product teams to
advise on
the operability of systems, ensure they are prepared for new releases and
can scale
to the demands of the business.
🔄 Autoscaling
+
A cloud computing feature that automatically adds or removes compute
resources
depending upon actual usage.
🔑 SSH (Secure Shell)
+
A cryptographic network protocol for operating network services securely
over an
unsecured network.
🧪 Test-Driven Development (TDD)
+
A software development process that relies on the repetition of a very short
development cycle: requirements are turned into very specific test cases,
then the
code is improved so that the tests pass.
💡 Problem Solving
+
The process of finding solutions to difficult or complex issues.
💼 IT Service Management (ITSM)
+
The activities that are performed by an organization to design, plan,
deliver,
operate and control information technology (IT) services offered to
customers.
👀 Peer Reviews
+
The evaluation of work by one or more people with similar competencies who
are not
the people who produced the work.
📊 Data Analysis
+
The process of inspecting, cleansing, transforming, and modeling data with
the goal
of discovering useful information, informing conclusions, and supporting
decision-making.
UI Design
+
The process of making interfaces in software or computerized devices with a
focus on
looks or style.
🌐 Content Delivery Network (CDN)
+
A geographically distributed network of proxy servers and their data
centers. Visual
Regression Testing A form of regression testing that involves checking a
system's
graphical user interface (GUI) against previous versions.
🔄 Canary Deployment
+
A pattern for rolling out releases to a subset of users or servers.
📨 Messaging Systems
+
Communication systems for exchanging messages between distributed systems
(e.g.,
RabbitMQ, Apache Kafka).
🔐 OAuth
+
An open standard for access delegation, commonly used as a way for Internet
users to
grant websites or applications access to their information on other websites
but
without giving them the passwords.
👤 Identity and Access Management (IAM)
+
A framework of business processes, policies and technologies that
facilitates the
management of electronic or digital identities.
🗄 NoSQL Databases
+
Database systems designed to handle large volumes of data that do not fit
the
traditional relational model (e.g., MongoDB, Cassandra).
🏝 Serverless Functions
+
Also known as Functions as a Service (FaaS), these are a type of cloud
service that
allows you to execute specific functions in response to events (e.g., AWS
Lambda).
Hexagonal Architecture
+
Also known as Ports and Adapters, this is a design pattern that favors the
separation of concerns and loose coupling.
🔁 ETL (Extract, Transform, Load)
+
A data warehousing process that uses batch processing to help business users
analyze
and report on data relevant to their business focus.
📚 Data Warehousing
+
The process of constructing and using a data warehouse, which is a system
used for
reporting and data analysis.
📊 Big Data
+
Extremely large data sets that may be analyzed computationally to reveal
patterns,
trends, and associations, especially relating to human behavior and
interactions.
🌩 Edge Computing
+
A distributed computing paradigm that brings computation and data storage
closer to
the location where it is needed, to improve response times and save
bandwidth.
🔍 Log Analysis
+
The process of reviewing and evaluating log files from various sources to
identify
trends or potential security threats.
🎛 Dashboarding
+
The process of creating a visual representation of data, which can be used
to
analyze and make decisions.
🔑 Key Management
+
The administrative control of creating, distributing, using, storing, and
replacing
cryptographic keys in a cryptosystem.
🔍 A/B Testing
+
A randomized experiment with two variants, A and B, which are the control
and
variation in the controlled experiment.
🔒 HTTPS (HTTP Secure)
+
An extension of the Hypertext Transfer Protocol. It is used for secure
communication
over a computer network, and is widely used on the Internet.
🌐 Web Application Firewall (WAF)
+
A firewall that monitors, filters, or blocks data packets as they travel to
and from
a web application.
🔏 Single Sign-On (SSO)
+
An authentication scheme that allows a user to log in with a single ID and
password
to any of several related, yet independent, software systems.
🔁 Blue-Green Deployment
+
A release management strategy that reduces downtime and risk by running two
identical production environments called Blue and Green.
🌁 Fog Computing
+
A decentralized computing infrastructure in which data, compute, storage,
and
applications are distributed in the most logical, efficient place between
the data
source and the cloud.
⛓ Blockchain
+
#_ Blockchain is a type of distributed ledger technology that maintains a
growing
list of records, called blocks, that are linked using cryptography. Each
block
contains a cryptographic hash of the previous block, a timestamp, and
transaction
data. #_ The design of a blockchain is inherently resistant to data
modification.
Once recorded, the data in any given block cannot be altered retroactively
without
alteration of all subsequent blocks. This makes blockchain technology
suitable for
the recording of events, medical records, identity management, transaction
processing, and documenting provenance, among other things.
🚀 Progressive Delivery
+
A methodology that focuses on delivering new functionality gradually to
prevent
issues and minimize risk.
📝 RFC (Request for Comments)
+
A type of publication from the technology community that describes methods,
behaviors, research, or innovations applicable to the working of the
Internet and
Internet-connected systems.
🔗 REST (Representational State Transfer)
+
An architectural style for designing networked applications, often used in
web
services development.
🔑 Secrets Management
+
The process of managing digital authentication credentials like passwords,
keys, and
tokens.
🔐 HSM (Hardware Security Module)
+
A physical computing device that safeguards and manages digital keys,
performs
encryption and decryption functions for digital signatures, strong
authentication
and other cryptographic functions.
⛅ Cloud-native Technologies
+
Technologies that empower organizations to build and run scalable
applications in
modern, dynamic environments such as public, private, and hybrid clouds.
⚠ Vulnerability Scanning
+
The process of inspecting potential points of exploit on a computer or
network to
identify security holes.
🔗 Microservices
+
An architectural style that structures an application as a collection of
loosely
coupled services, which implement business capabilities. An open standard
(RFC 7519)
that defines a compact and self-contained way for securely transmitting
information
between parties as a JSON object.
🔬 Benchmarking
+
The practice of comparing business processes and performance metrics to
industry
bests and best practices from other companies.
🌉 Cross-Functional Collaboration
+
Collaboration between different functional areas within an organization to
achieve
common goals.
🔄 CI/CD
+
#Continuous Integration (CI): The practice of merging all developers'
working copies
to a shared mainline several times a day.
🏗 Infrastructure as Code (IaC)
+
The process of managing and provisioning computer data centers through
machine-readable definition files, rather than physical hardware
configuration or
interactive configuration tools.
📚 Version Control Systems
+
#Git: A distributed version control system for tracking changes in source
code
during software development.
🔬 Test Automation
+
#_Test Automation involves the use of special software (separate from the
software
being tested) to control the execution of tests and the comparison of actual
outcomes with predicted outcomes. Automated testing can extend the depth and
scope
of tests to help improve software quality.
📦 Containerization
+
#Docker: An open-source platform that automates the deployment, scaling, and
management of applications.
👀 Monitoring and Logging
+
The process of checking the status or progress of something over time and
🧩 Microservices
+
An architectural style that structures an application as a collection of
📊 DevOps Metrics
+
Key Performance Indicators (KPIs) used to evaluate the effectiveness of a
🔒 Security in DevOps (DevSecOps)
+
The philosophy of integrating security practices within the DevOps process.
🗃 GitOps
+
A way of implementing Continuous Deployment for cloud native applications,
🌍 Declarative System
+
In a declarative system, the desired system state is described in a file (or
set of
files), and it's the system's responsibility to achieve this state.
🔄 Convergence
+
In the context of GitOps, convergence refers to the process of the system
moving
towards the desired state, as described in the Git repository. When changes
are made
to the repository, automated processes reconcile the current system state
with the
desired state.
🔁 Reconciliation Loops
+
In GitOps, reconciliation loops are the continuous cycles of checking the
current
system state and applying changes to converge towards the desired state.
These are
often managed by Kubernetes operators or controllers.
💼 Configuration Drift
+
Configuration drift refers to the phenomenon where environments become
inconsistent
over time due to manual changes or updates. GitOps helps to avoid this by
ensuring
all changes are made in the Git repository and automatically applied to the
system.
💻 Infrastructure as Code (IaC)
+
While this isn't exclusive to GitOps, IaC is a key component of the GitOps
approach.
Infrastructure as Code involves managing and provisioning computing
resources
through machine-readable definition files, rather than manual hardware
configuration
or interactive configuration tools.
🚀 Canary Deployments
+
Canary deployments involve releasing new versions of a service to a small
subset of
users before rolling it out to all users. This approach, often used in
conjunction
with GitOps, allows teams to test and monitor the new version in a live
environment
with real users, reducing the risk of a full-scale deployment.
🚫💻 Serverless Architecture
+
A software design pattern where applications are hosted by a third-party
service,
eliminating the need for server software and hardware management.
📜 Scripting & Automation
+
The ability to write scripts in languages like Bash and Python to automate
repetitive tasks.
🔨 Build Tools
+
Tools that automate the creation of executable applications from source code
(e.g.,
Maven, Gradle, and Ant).
🔁 Load Balancing
+
The process of distributing network traffic across multiple servers to
ensure no
single server bears too much demand.
💻 Virtualization
+
The process of creating a virtual version of something, including virtual
computer
hardware systems, storage devices, and computer network resources.
🌍 Web Services
+
Services used by the network to send and receive data (e.g., REST and SOAP).
💾 Database Management
+
Understanding databases, their management, and their interaction with
applications
is a key skill (e.g., MySQL, PostgreSQL, MongoDB).
📈 Scalability
+
The capability of a system to grow and manage increased demand.
🔥 Disaster Recovery
+
The area of security planning that deals with protecting an organization
from
🛡 Incident Management
+
The process to identify, analyze, and correct hazards to prevent a future
re-occurrence.
📝 Documentation
+
Creating high-quality documentation is a key skill for any DevOps engineer.
🧪 Chaos Engineering
+
The discipline of experimenting on a system to build confidence in the
🔐 Access Management
+
The process of granting authorized users the right to use a service, while
🔗 API Management
+
The process of creating, publishing, documenting, and overseeing APIs in a
🧱 Architecture Design
+
The practice of designing the overall architecture of a software system.
🏷 Tagging Strategy
+
A strategy for tagging resources in cloud environments to keep track of
🔍 Observability
+
The ability to infer the internal states of a system based on the outputs it
produces.
🧰 Toolchain Management
+
The process of selecting, integrating, and managing the right set of tools
to
support collaborative development, build, test, and release.
📟 On-call Duty
+
The responsibility of engineers to be available to troubleshoot and resolve
issues
that arise in a production environment.
🎛 Feature Toggles
+
A technique that allows teams to modify system behavior without changing
code.
📑 License Management
+
The process of managing and optimizing the purchase, deployment,
maintenance,
utilization, and disposal of software applications within an organization.
🐳 Docker Images
+
Docker images are lightweight, stand-alone, executable packages that include
everything needed to run a piece of software.
🔄 Kubernetes Pods
+
A pod is the smallest and simplest unit in the Kubernetes object model that
you
create or deploy.
🚀 Deployment Strategies
+
Techniques for updating applications, such as rolling updates, blue/green
deployments, or canary releases.
💽 Disk Imaging
+
The process of copying the contents of a computer hard disk into a data file
📚 Knowledge Sharing
+
A key aspect of DevOps culture, involving the sharing of knowledge and best
practices across the organization.
🌐 Cloud Services Models
+
Different models of cloud services, including IaaS, PaaS, and SaaS.
💤 Idle Process Management
+
The management and removal of idle processes to free up resources.
🕸 Service Mesh
+
A dedicated infrastructure layer for handling service-to-service
communication,
often used in microservices architecture.
💼 Project Management Tools
+
Tools used for project management, like Jira, Trello, or Asana.
📡 Proxy Servers
+
Servers that act as intermediaries for requests from clients seeking
resources from
other servers.
🌁 Cloud Migration
+
The process of moving data, applications, and other business elements from
an
🔒 Secure Sockets Layer (SSL)
+
A standard security technology for establishing an encrypted link between a
server
and a client.
👥 User Experience (UX)
+
The process of creating products that provide meaningful and relevant
experiences to
users.
🔄 Reverse Proxy
+
A type of proxy server that retrieves resources on behalf of a client from
👾 Anomaly Detection
+
The identification of rare items, events, or observations which raise
suspicions by
differing significantly from the majority of the data.
🗺 Site Reliability Engineering (SRE)
+
#_ A discipline that incorporates aspects of software engineering and
applies them
to infrastructure and operations problems. The main goals are to create
scalable and
highly reliable software systems. SRE is a role that was originated at
Google to
bridge the gap between development and operations by applying a software
engineering
mindset to system administration topics. SREs use software as a tool to
manage
systems, solve problems, and automate operations tasks.
🔄 Autoscaling
+
A cloud computing feature that automatically adds or removes compute
resources
depending upon actual usage.
🔑 SSH (Secure Shell)
+
A cryptographic network protocol for operating network services securely
over an
unsecured network.
🧪 Test-Driven Development (TDD)
+
A software development process that relies on the repetition of a very short
development cycle: requirements are turned into very specific test cases,
then the
code is improved so that the tests pass.
💡 Problem Solving
+
The process of finding solutions to difficult or complex issues.
💼 IT Service Management (ITSM)
+
The activities that are performed by an organization to design, plan,
deliver,
operate and control information technology (IT) services offered to
customers.
👀 Peer Reviews
+
The evaluation of work by one or more people with similar competencies who
are not
the people who produced the work.
📊 Data Analysis
+
The process of inspecting, cleansing, transforming, and modeling data with
the goal
of discovering useful information, informing conclusions, and supporting
decision-making.
🌐 Content Delivery Network (CDN)
+
A geographically distributed network of proxy servers and their data
centers.
🔄 Canary Deployment
+
A pattern for rolling out releases to a subset of users or servers.
📨 Messaging Systems
+
Communication systems for exchanging messages between distributed systems
(e.g.,
RabbitMQ, Apache Kafka).
🔐 OAuth
+
An open standard for access delegation, commonly used as a way for Internet
users to
grant websites or applications access to their information on other websites
but
without giving them the passwords.
👤 Identity and Access Management (IAM)
+
A framework of business processes, policies and technologies that
facilitates
🗄 NoSQL Databases
+
Database systems designed to handle large volumes of data that do not fit
the
traditional relational model (e.g., MongoDB, Cassandra).
🏝 Serverless Functions
+
Also known as Functions as a Service (FaaS), these are a type of cloud
service that
allows you to execute specific functions in response to events (e.g., AWS
Lambda).
🔁 ETL (Extract, Transform, Load)
+
A data warehousing process that uses batch processing to help business users
analyze
and report on data relevant to their business focus.
📚 Data Warehousing
+
The process of constructing and using a data warehouse, which is a system
used for
reporting and data analysis.
📊 Big Data
+
Extremely large data sets that may be analyzed computationally to reveal
patterns,
trends, and associations, especially relating to human behavior and
interactions.
🌩 Edge Computing
+
A distributed computing paradigm that brings computation and data storage
closer to
the location where it is needed, to improve response times and save
bandwidth.
🔍 Log Analysis
+
The process of reviewing and evaluating log files from various sources to
identify
trends or potential security threats.
🎛 Dashboarding
+
The process of creating a visual representation of data, which can be used
to
analyze and make decisions.
🔑 Key Management
+
The administrative control of creating, distributing, using, storing, and
🔒 HTTPS (HTTP Secure)
+
An extension of the Hypertext Transfer Protocol. It is used for secure
communication
over a computer network, and is widely used on the Internet.
🌐 Web Application Firewall (WAF)
+
A firewall that monitors, filters, or blocks data packets as they travel to
and from
a web application.
🔏 Single Sign-On (SSO)
+
An authentication scheme that allows a user to log in with a single ID and
🔁 Blue-Green Deployment
+
A release management strategy that reduces downtime and risk by running two
identical production environments called Blue and Green.
🌁 Fog Computing
+
A decentralized computing infrastructure in which data, compute, storage,
and
applications are distributed in the most logical, efficient place between
the data
source and the cloud.
📝 RFC (Request for Comments)
+
A type of publication from the technology community that describes methods,
behaviors, research, or innovations applicable to the working of the
Internet and
Internet-connected systems.
🔗 REST (Representational State Transfer)
+
An architectural style for designing networked applications, often used in
🔑 Secrets Management
+
The process of managing digital authentication credentials like passwords,
keys, and
tokens.
🔐 HSM (Hardware Security Module)
+
A physical computing device that safeguards and manages digital keys,
performs
encryption and decryption functions for digital signatures, strong
authentication
and other cryptographic functions.
🔗 Microservices
+
An architectural style that structures an application as a collection of
🔬 Benchmarking
+
The practice of comparing business processes and performance metrics to
🌉 Cross-Functional Collaboration
+
Collaboration between different functional areas within an organization to
achieve
common goals.
JKM ADO.NET
Access data from DataReader?
+
Call ExecuteReader() and iterate rows using Read(). Access values using
index or
column names. It is forward-only and read-only.
ADO.NET Components.
+
Key components are:, · Connection, · Command, · DataReader, · DataAdapter, ·
DataSet, Each helps in performing database operations efficiently.
ADO.NET Data Provider?
+
A Data Provider is a set of classes (Connection, Command, DataAdapter,
DataReader)
that interacts with a specific database like SQL Server, Oracle, or OleDb.
ADO.NET Data Providers?
+
Examples:, · SqlClient, · OleDb, · Odbc, · OracleClient
ADO.NET?
+
ADO.NET is a set of classes in the .NET framework used to access and
manipulate data
from data sources such as SQL Server, Oracle, and XML.
ADO.NET?
+
ADO.NET is a .NET framework component used to interact with databases. It
provides
disconnected and connected communication models and supports commands, data
readers,
connection objects, and datasets.
ADO.NET?
+
ADO.NET is a data access framework in .NET used to interact with databases.
It
supports connected and disconnected models and works with SQL Server,
Oracle, and
others.
ADO.NET?
+
ADO.NET is a data access framework in .NET for interacting with databases
using
DataReader, DataSet, and DataAdapter.
Advantages of ADO.NET?
+
Supports disconnected model, XML integration, scalable architecture, and
high
performance. Works with multiple data sources and provides secure
parameterized
queries.
Aggregate in LINQ?
+
Perform operations like Sum, Count, Min, Max, Average on collections.
Authentication techniques for SQL Server
+
Common authentication types are Windows Authentication, SQL Server
Authentication,
and Mixed Mode Authentication.
Benefits of ADO.NET?
+
Scalable, secure, supports XML, disconnected architecture, multiple DB
providers.
Best method to get two values
+
Use ExecuteReader() or stored procedure returning multiple columns.
BindingSource class in ADO.NET?
+
BindingSource acts as a mediator between UI and data. It simplifies sorting,
filtering, and navigation with data controls like DataGridView.
boxing and unboxing?
+
Boxing converts a value type into object type. Unboxing extracts the value
back.
Boxing/unboxing?
+
Boxing: value type → object, Unboxing: object → value type
Can multiple tables be loaded into a DataSet?
+
Yes, multiple tables can be loaded into a DataSet using DataAdapter.Fill(),
and
relationships can be defined between them.
Catch multiple exceptions at once?
+
Use catch(Exception ex) when(ex is X || ex is Y) or multiple catch blocks.
Classes available in System.Data Namespace
+
Includes DataSet, DataTable, DataRow, DataColumn, DataRelation, Constraint,
and
DataView.
Classes in System.Data.Common Namespace
+
Includes DbConnection, DbCommand, DbDataAdapter, DbDataReader, and
DbParameter,
offering provider-independent access.
Clear(), Clone(), Copy() in DataSet?
+
Clear(): removes all data, keeps schema, Clone(): copies schema only,
Copy(): copies
schema + data
Clone() method of DataSet?
+
Clone() copies the structure of a DataSet including tables, schemas, and
constraints. It does not copy data. It is used when the same schema is
needed for
new datasets.
Command object in ADO.NET?
+
Command object represents an SQL statement or stored procedure to execute
against a
data source.
Commands used with DataAdapter
+
DataAdapter uses SelectCommand, InsertCommand, UpdateCommand, and
DeleteCommand for
CRUD operations. These commands define how data is fetched and updated
between
DataSet and database.
Components of ADO.NET Data Provider
+
ADO.NET Data Provider consists of four main objects: Connection, Command,
DataReader, and DataAdapter. The Connection connects to the database,
Command
executes SQL, DataReader retrieves forward-only data, and DataAdapter fills
DataSets
and updates changes.
Concurrency in EF?
+
Manages simultaneous access to data using Optimistic or Pessimistic
concurrency.
Connection object in ADO.NET?
+
Connection object represents a connection to a data source and is used to
open and
close connections.
Connection object properties and members?
+
Common properties include ConnectionString, State, Database, ServerVersion,
and
DataSource. Methods include Open(), Close(), CreateCommand(), and
BeginTransaction().
Connection Object?
+
The connection object establishes communication between application and
database. It
includes connection strings and manages session initiation and termination.
Connection pooling in ADO.NET?
+
Connection pooling reuses active connections to improve performance instead
of
opening a new connection every time.
Connection Pooling in ADO.NET?
+
Connection pooling reuses existing database connections instead of creating
new ones
repeatedly. It improves performance and reduces overhead by efficiently
managing
active and idle connections.
Connection Pooling?
+
Reuses previously opened DB connections to reduce overhead and improve
scalability.
Connection pooling?
+
Reuses open database connections to improve performance and scalability.
Connection timeout in ADO.NET?
+
Connection timeout specifies the time to wait while establishing a
connection before
throwing an exception.
ConnectionString?
+
Defines DB server, database name, credentials, and options for establishing
connection.
Copy() method of DataSet?
+
Copy() creates a duplicate DataSet including structure and data. It is
useful when
preserving a dataset snapshot.
Create and Manage Connections in ADO.NET?
+
Use classes like SqlConnection with a valid connection string. Methods such
as
Open() and Close() handle connection lifecycle, often used inside using(){}
blocks.
Create SqlConnection?
+
SqlConnection con = new SqlConnection("connectionString");, con.Open();
DAO?
+
DAO (Data Access Object) is a design pattern used to abstract and
encapsulate
database access logic. It helps separate persistence logic from business
logic.
Data Providers in ADO.NET
+
Examples include SqlClient, OleDb, OracleClient, Odbc, and EntityClient.
DataAdapter and its Property?
+
DataAdapter is used to transfer data between database and DataSet.
Properties
include SelectCommand, InsertCommand, UpdateCommand, and DeleteCommand.
DataAdapter in ADO.NET?
+
DataAdapter acts as a bridge between a DataSet and a data source for
retrieving and
saving data.
DataAdapter in ADO.NET?
+
DataAdapter acts as a bridge between the database and DataSet. It uses
select,
insert, update, and delete commands to sync data between memory and the
database.
DataAdapter?
+
Acts as a bridge between DataSet and database for retrieving and updating
data.
DataAdapter?
+
Acts as a bridge between DataSet and DB, provides methods for Fill() and
Update().
DataColumn, DataRow, DataTable relationship?
+
DataTable holds rows and columns; DataRow is a record; DataColumn defines
schema.
DataReader in ADO.NET?
+
DataReader is a forward-only, read-only stream of data from a data source,
optimized
for performance.
DataReader Object?
+
A fast, forward-only, read-only way to retrieve data from a database. Works
in
connected mode.
DataReader?
+
A DataReader provides fast, forward-only reading of results from a query. It
keeps
the connection open while reading data, making it ideal for large datasets.
DataReader?
+
Forward-only, read-only, fast access to database records.
DataRelation Class?
+
It establishes parent-child relational mapping between DataTables inside a
DataSet,
similar to foreign keys in a database.
DataSet in ADO.NET?
+
DataSet is an in-memory, disconnected collection of data tables,
relationships, and
constraints.
Dataset Object?
+
A disconnected, in-memory collection of DataTables supporting relationships
and XML.
DataSet replaces ADO Recordset?
+
Dataset provides disconnected, XML-based storage, supporting multiple
tables,
relationships, and offline editing. Unlike Recordset, it does not require a
live
database connection.
DataSet?
+
An in-memory representation of tables, relationships, and constraints,
supports
disconnected data.
DataTable in ADO.NET?
+
DataTable is a single in-memory table of data in a DataSet.
DataTable in ADO.NET?
+
A DataTable stores rows and columns similar to a database table. It exists
in memory
and can be part of a DataSet, supporting constraints, relations, and
indexing.
DataView in ADO.NET?
+
DataView provides a customizable view of a DataTable, allowing sorting,
filtering,
and searching.
DataView?
+
A DataView provides a sorted, filtered view of a DataTable without modifying
the
actual data. It supports searching and custom ordering.
DataView?
+
DataView provides filtered and sorted views of a DataTable without modifying
original data.
Default CommandTimeout value
+
The default value of CommandTimeout is 30 seconds.
Define DataSet structure?
+
A DataSet stores relational data in memory as tables, relations, and
constraints. It
can contain multiple DataTables and supports XML schema definitions using
ReadXmlSchema() and WriteXmlSchema().
DifBet AcceptChanges() and RejectChanges() in DataSet?
+
AcceptChanges() commits changes to DataSet; RejectChanges() rolls back
changes.
DifBet AcceptChanges() and RejectChanges()?
+
AcceptChanges commits changes; RejectChanges reverts changes to original
state.
DifBet ADO and ADO.NET?
+
ADO is COM-based and works with connected architecture; ADO.NET is
.NET-based and
supports both connected and disconnected architecture.
DifBet BeginTransaction() and EnlistTransaction()?
+
BeginTransaction starts a local transaction; EnlistTransaction enrolls the
connection in a distributed transaction.
DifBet Close() and Dispose() on SqlConnection?
+
Close() closes the connection; Dispose() releases all resources used by the
connection object.
DifBet CommandBehavior.CloseConnection and default
behavior?
+
CloseConnection automatically closes connection when DataReader is closed;
default
keeps connection open.
DifBet CommandType.Text and
CommandType.StoredProcedure?
+
CommandType.Text executes raw SQL queries; CommandType.StoredProcedure
executes
stored procedures.
DifBet connected and disconnected architecture in
ADO.NET?
+
Connected architecture uses active database connection (DataReader);
disconnected
architecture uses in-memory objects (DataSet).
DifBet connected and disconnected DataSet updates?
+
Connected updates immediately affect the database; disconnected updates
require
calling DataAdapter.Update().
DifBet connection string and connection object?
+
Connection string contains parameters to connect to database; connection
object uses
connection string to establish connection.
DifBet DataAdapter.Fill(DataSet) and Fill(DataTable)?
+
Fill(DataSet) can load multiple tables; Fill(DataTable) loads single table.
DifBet DataAdapter.MissingSchemaAction.AddWithKey and
Add?
+
AddWithKey loads primary key info; Add loads only columns without keys.
DifBet DataAdapter.Update() and
SqlCommand.ExecuteNonQuery()?
+
Update() propagates DataSet changes; ExecuteNonQuery executes a single SQL
command.
DifBet DataColumn.Expression and DataTable.Compute()?
+
DataColumn.Expression defines calculated column in DataTable; Compute
evaluates
expression on-demand.
DifBet DataReader and DataAdapter?
+
DataReader is forward-only, read-only, connected; DataAdapter works with
DataSet in
disconnected mode.
DifBet DataReader and DataSet?
+
DataReader is connected, fast, and read-only; DataSet is disconnected, can
hold
multiple tables, and supports updates.
DifBet DataRowState.Added, Modified, Deleted, and
Unchanged?
+
Added: new row; Modified: updated row; Deleted: marked for deletion;
Unchanged: no
changes.
DifBet DataSet and DataTable?
+
DataSet can hold multiple tables and relationships; DataTable represents a
single
table.
DifBet DataSet.EnforceConstraints = true and false?
+
True enforces constraints (keys, relationships); false disables constraint
checking
temporarily.
DifBet DataSet.GetChanges() and
DataSet.AcceptChanges()?
+
GetChanges() returns a copy of changes made; AcceptChanges() commits changes
to
DataSet.
DifBet DataSet.Merge() and ImportRow()?
+
Merge combines two DataSets while preserving changes; ImportRow copies a
single
DataRow into another DataTable.
DifBet DataSet.ReadXml() and DataSet.WriteXml()?
+
ReadXml loads data from XML; WriteXml saves data to XML.
DifBet DataSet.ReadXmlSchema() and
DataSet.WriteXmlSchema()?
+
ReadXmlSchema reads only schema; WriteXmlSchema writes only schema to XML.
DifBet DataSet.Relations.Add() and
DataTable.ChildRelations?
+
Relations.Add() creates relationship between tables; ChildRelations shows
existing
child relations.
DifBet DataSet.Tables and DataSet.Tables[TableName"]?"
+
Tables returns collection of all tables; Tables[TableName"] returns specific
table."
DifBet DataTable.Compute() and DataView.RowFilter?
+
Compute evaluates expressions like SUM, COUNT; RowFilter filters rows
dynamically.
DifBet DataTable.NewRow() and DataTable.Rows.Add()?
+
NewRow() creates a new DataRow; Rows.Add() adds DataRow to DataTable.
DifBet DataTable.Select() and DataView.RowFilter?
+
DataTable.Select() returns an array of DataRows; DataView.RowFilter filters
rows
dynamically in a DataView.
DifBet disconnected DataSet and connected DataReader?
+
DataSet is disconnected and can store multiple tables; DataReader is
connected,
forward-only, and read-only.
DifBet disconnected DataSet and XML in ADO.NET?
+
DataSet stores relational data in memory; XML stores hierarchical data in a
text
format.
DifBet ExecuteReader, ExecuteScalar, and
ExecuteNonQuery?
+
ExecuteReader returns a DataReader; ExecuteScalar returns a single value;
ExecuteNonQuery executes commands like INSERT, UPDATE, DELETE.
DifBet ExecuteScalar() and ExecuteNonQuery()?
+
ExecuteScalar returns a single value; ExecuteNonQuery returns number of rows
affected.
DifBet ExecuteXmlReader() and ExecuteReader()?
+
ExecuteXmlReader() returns XML data as XmlReader; ExecuteReader() returns
relational
data as DataReader.
DifBet Fill() and Update() methods in DataAdapter?
+
Fill() populates a DataSet with data from a data source; Update() saves
changes from
a DataSet back to the data source.
DifBet FillSchema() and Fill() in DataAdapter?
+
FillSchema() loads structure (columns, constraints); Fill() loads data into
DataSet.
DifBet GetSchema() and DataTable.Columns?
+
GetSchema() retrieves database metadata; DataTable.Columns retrieves column
info of
DataTable.
DifBet Load() and Fill() in DataAdapter?
+
Load() loads data into DataTable directly; Fill() loads data into DataSet.
DifBet multiple ResultSets and DataSet.Tables?
+
Multiple ResultSets are multiple queries from database; DataSet.Tables
stores
multiple tables in memory.
DifBet optimistic concurrency using Timestamp and
original values?
+
Timestamp compares version number for updates; original values compare
previous data
values.
DifBet ReadOnly and ReadWrite DataSet?
+
ReadOnly DataSet cannot update the source; ReadWrite DataSet allows changes
to be
persisted back.
DifBet schema-only and key information loading?
+
Schema-only loads column structure; key information includes primary,
foreign keys,
and constraints.
DifBet SqlBulkCopy and DataAdapter.Update()?
+
SqlBulkCopy is fast bulk insert; DataAdapter.Update() updates based on
DataRow
changes.
DifBet SqlCommand and OleDbCommand?
+
SqlCommand is SQL Server-specific; OleDbCommand works with OLE DB providers
for
multiple databases.
DifBet SqlCommand.ExecuteReader(CommandBehavior)
options?
+
Options like SingleRow, SingleResult, CloseConnection modify behavior of
DataReader.
DifBet SqlCommand.Parameters.Add() and AddWithValue()?
+
Add() allows specifying type and size; AddWithValue() infers type from
value.
DifBet SqlCommandBuilder and manually writing SQL
commands?
+
CommandBuilder automatically generates INSERT, UPDATE, DELETE commands;
manual SQL
provides more control.
DifBet SqlConnection and OleDbConnection?
+
SqlConnection is specific to SQL Server; OleDbConnection is generic and can
connect
to multiple databases via OLE DB provider.
DifBet SqlDataAdapter and OleDbDataAdapter?
+
SqlDataAdapter is SQL Server-specific; OleDbDataAdapter works with OLE DB
providers
for multiple databases.
DifBet SqlDataAdapter and SqlDataReader?
+
DataAdapter works with disconnected DataSet; DataReader is connected and
forward-only.
DifBet SqlDataAdapter.Fill() and
SqlDataAdapter.FillSchema()?
+
Fill() loads data; FillSchema() loads table structure including constraints.
DifBet SqlDataReader and SqlDataAdapter?
+
SqlDataReader is connected, fast, and read-only; SqlDataAdapter works in
disconnected mode with DataSet.
DifBet synchronous and asynchronous ADO.NET
operations?
+
Synchronous operations block until complete; asynchronous operations run in
background without blocking.
DifBet TableMapping and ColumnMapping?
+
TableMapping maps source table names to DataSet tables; ColumnMapping maps
source
columns to DataSet columns.
DifBet typed and untyped DataSet?
+
Typed DataSet has a predefined schema with compile-time checks; untyped is
generic
and dynamic.
DiffBet ADO and ADO.NET.
+
ADO is connected and recordset-based, whereas ADO.NET supports disconnected
architecture using DataSet. ADO.NET is XML-based and works well with
distributed
applications.
DiffBet ADO and ADO.NET?
+
ADO uses connected model and Recordsets. ADO.NET supports disconnected
model, XML,
and multiple tables.
DiffBet Command and CommandBuilder
+
Command executes SQL statements, while CommandBuilder automatically
generates SQL
(Insert, Update, Delete) commands for DataAdapters.
DiffBet connected and disconnected model?
+
Connected: DataReader, requires live DB connection., Disconnected: DataSet,
DataAdapter, works offline.
DiffBet DataReader and DataAdapter?
+
DataReader is forward-only, read-only; DataAdapter fills DataSet and
supports
disconnected operations.
DiffBet DataReader and DataSet.
+
· DataReader: forward-only, read-only, connected model, high performance., ·
DataSet: in-memory collection, disconnected model, supports navigation and
editing.
DiffBet DataReader and Dataset?
+
DataReader is fast, connected, read-only; Dataset is disconnected, editable,
and
supports multiple tables.
DiffBet DataSet and DataReader.
+
(Already answered in Q5, summarized above.)
DiffBet DataSet and Recordset?
+
DataSet is disconnected, supports multiple tables and relationships.,
Recordset is
connected and read-only or updatable depending on type.
DiffBet Dataset.Clone and Dataset.Copy
+
Clone() copies only the schema of the DataSet without data. Copy()
duplicates both
the schema and data, creating a full dataset replica.
DiffBet ExecuteScalar, ExecuteReader, ExecuteNonQuery?
+
Scalar: single value, Reader: forward-only rows, NonQuery:
update/delete/insert.
DiffBet Fill() and Update()?
+
Fill() loads data from DB to DataSet; Update() writes changes back to DB.
DiffBet IQueryable and IEnumerable?
+
IQueryable: server-side execution, LINQ to SQL/Entities, IEnumerable:
client-side,
in-memory
DiffBet OLEDB and SQLClient Providers
+
OLEDB provider works with multiple data sources like Access, Oracle, and
Excel,
while SQLClient is optimized specifically for SQL Server. SQLClient offers
better
speed, security, and support for SQL Server features like stored procedures
and
transactions.
Difference: Response.Expires vs
Response.ExpiresAbsolute
+
Expires specifies duration in minutes. ExpiresAbsolute sets exact expiration
date/time.
Different Execute Methods in ADO.NET
+
Key execution methods include ExecuteReader() for row data, ExecuteScalar()
for a
single value, ExecuteNonQuery() for insert/update/delete operations, and
ExecuteXmlReader() for XML data.
Disconnected data?
+
Disconnected data allows retrieving, modifying, and working with data
without
continuous DB connection. DataSet and DataTable support this model.
Dispose() in ADO.NET?
+
Releases unmanaged resources like DB connections, commonly used with using
block.
Do we use stored procedures in ADO.NET?
+
Yes, stored procedures can be executed using the Command object by setting
CommandType.StoredProcedure.
EF Migration?
+
Updates DB schema as models evolve without losing data.
Execute raw SQL in EF?
+
Use context.Database.SqlQuery() or ExecuteSqlCommand().
ExecuteNonQuery()?
+
This method executes commands that do not return results (Insert, Update,
Delete).
It returns the number of affected rows.
ExecuteNonQuery()?
+
Executes insert, update, or delete commands and returns affected row count.
ExecuteReader()?
+
Executes a query and returns a DataReader for reading rows forward-only.
ExecuteScalar()?
+
ExecuteScalar() returns a single value from a query, typically used for
count, sum,
or identity queries. It is faster than returning full data structures.
ExecuteScalar()?
+
Executes a query that returns a single value (first column of first row).
Explain DataTable, DataRow & DataColumn relationship.
+
DataTable stores rows and columns of data. DataRow represents a single
record, while
DataColumn defines the schema (fields). Together they form structured
tabular data.
Explain ExecuteReader().
+
ExecuteReader returns a DataReader object to read result sets row-by-row in
forward-only mode, ideal for performance in large data retrieval.
Explain ExecuteXmlReader?
+
ExecuteXmlReader is used with SQL Server to read XML data returned by a
command. It
returns an XmlReader object that allows forward-only streaming of XML. It is
useful
when retrieving XML documents from queries or stored procedures.
Explain OleDbDataAdapter Command Properties with
Example?
+
OleDbDataAdapter has properties like SelectCommand, InsertCommand,
UpdateCommand,
and DeleteCommand. These commands define SQL operations for reading and
updating
data. Example:, adapter.SelectCommand = new OleDbCommand("SELECT * FROM
Students",
connection);
Explain the Clear() method of DataSet?
+
Clear() removes all rows from all DataTables within the DataSet. The
structure
remains intact, but data is deleted. It is useful when reloading fresh data.
Explain the ExecuteScalar method in ADO.NET?
+
ExecuteScalar executes a SQL command and returns a single scalar value. It
is
commonly used for aggregate queries like COUNT(), MAX(), MIN(), or
retrieving a
single field. It improves performance as it does not return rows or a
dataset. It
returns the first column of the first row.
Features of ADO.NET?
+
Disconnected model, XML support, DataReader, DataSet, DataAdapter, object
pooling.
Filtering in LINQ?
+
Using Where() to filter elements by a condition.
GetChanges() in DataSet?
+
Returns modified rows (Added, Deleted, Modified) from DataSet for update
operations.
GetChanges()?
+
GetChanges() returns a copy of DataSet with only changed rows (Added,
Deleted,
Modified). Useful for updating only modified records.
Grouping in LINQ?
+
Organizes elements into groups based on a key using GroupBy().
HasChanges() in DataSet?
+
Checks if DataSet has any changes since last load or accept changes.
HasChanges() method of DataSet?
+
HasChanges() checks if the DataSet contains modified, deleted, or new rows.
It
returns true if changes exist, helping detect update needs.
IDisposable?
+
Interface for releasing unmanaged resources manually via Dispose().
Immediate Execution in LINQ?
+
Using methods like ToList(), Count() forces query execution immediately.
Important Classes in ADO.NET.
+
Key classes include SqlConnection, SqlCommand, SqlDataReader,
SqlDataAdapter,
DataSet, DataTable, and SqlParameter.
Is it possible to edit data in Repeater control?
+
No, Repeater does not provide built-in editing support like GridView.
Joining in LINQ?
+
Combines collections/tables based on key with Join() or GroupJoin().
Keyword to accept variable parameters
+
The keyword params is used to accept a variable number of arguments in C#.
Layers of ADO.NET
+
The two layers are Connected Layer (Connection, Command, DataReader) and
Disconnected Layer (DataSet, DataTable, DataAdapter).
Lazy vs eager loading in EF?
+
Lazy: loads related entities on demand, Eager: loads with query using
Include()
LINQ deferred execution?
+
Query runs only when enumerated (foreach, ToList()).
LINQ?
+
LINQ (Language Integrated Query) allows querying data using C# syntax across
objects, SQL, XML, and Entity Framework.
LINQ?
+
LINQ (Language Integrated Query) allows querying objects, collections,
databases,
and XML using C# language syntax.
Main components of ADO.NET?
+
Connection, Command, DataReader, DataSet, DataAdapter, DataTable, and
DataView.
Method in OleDbAdapter to populate dataset
+
The method is Fill(), used to load records into DataSet/DataTable.
Method in OleDbDataAdapter populates a dataset with
records?
+
The Fill() method of OleDbDataAdapter populates a DataSet or DataTable with
data. It
executes the SELECT command and loads the returned rows into the dataset for
disconnected use.
Method to execute SQL returning single value
+
The method is ExecuteScalar(), which returns the first column of the first
row.
Method used to read XML daily
+
The Read() or Load() methods using XmlReader or XDocument are used to
process XML
files.
Method used to sort data
+
Sorting can be done using DataView.Sort property.
Methods of DataSet.
+
Common methods include AcceptChanges(), RejectChanges(), ReadXml(),
WriteXml(), and
GetChanges() for data manipulation and synchronization.
Methods of XML DataSet Object
+
Common methods include ReadXml(), WriteXml(), ReadXmlSchema(), and
WriteXmlSchema(),
which allow reading and writing XML data and schema.
Methods under SqlCommand
+
Common methods include ExecuteReader(), ExecuteScalar(), ExecuteNonQuery(),
ExecuteXmlReader(), Cancel(), Prepare() and ExecuteAsync() for asynchronous
calls.
Namespaces for Data Access.
+
Common namespaces:, · System.Data, · System.Data.SqlClient, ·
System.Data.OleDb
Namespaces used in ADO.NET?
+
Common namespaces:, · System.Data, · System.Data.SqlClient, ·
System.Data.OleDb
Navigation property in EF?
+
Represents relationships and allows traversing related entities easily.
Object Pooling?
+
A technique to reuse created objects instead of recreating new ones,
improving
performance.
object pooling?
+
Reusing instantiated objects to reduce overhead and improve performance.
Object used to add relationship
+
DataRelation object is used to create relationships between DataTables.
Optimistic concurrency in ADO.NET?
+
Optimistic concurrency allows multiple users to access data and checks for
conflicts
only when updating.
OrderBy/ThenBy in LINQ?
+
Sorts collection first by OrderBy, then further sorting with ThenBy.
Parameterized query in ADO.NET?
+
A parameterized query uses parameters to prevent SQL injection and pass
values
safely.
Parameterized query?
+
Prevents SQL injection and allows passing parameters safely in SqlCommand.
Parameters in ADO.NET?
+
Parameters are used in parameterized queries or stored procedures to prevent
SQL
injection and pass values securely.
Pessimistic concurrency in ADO.NET?
+
Pessimistic concurrency locks data while a user is editing to prevent
conflicts.
Preferred method for executing SQL with parameters?
+
Use Parameterized queries with SqlCommand and Parameters collection. This
prevents
SQL injection and handles data safely.
Projection in LINQ?
+
Selecting specific columns or transforming data with Select().
Properties and Methods of Command Object.
+
Properties: CommandText, Connection, CommandType., Methods: ExecuteReader(),
ExecuteScalar(), ExecuteNonQuery().
Provider used for MS Access, Oracle, etc.
+
The OleDb provider is used to connect to multiple heterogeneous databases
like MS
Access, Excel, and Oracle.
RowVersion in ADO.NET?
+
RowVersion represents the state of a DataRow (Original, Current, Proposed)
for
concurrency control.
SqlCommand Object?
+
The SqlCommand object executes SQL queries and stored procedures against a
SQL
Server database. It supports methods like ExecuteReader(), ExecuteScalar(),
and
ExecuteNonQuery().
SqlCommand?
+
Executes SQL queries, commands, and stored procedures on a database.
SqlCommandBuilder?
+
SqlCommandBuilder auto-generates Insert, Update, and Delete commands for a
DataAdapter based on a select query. It reduces manual SQL writing.
SqlTransaction in ADO.NET?
+
SqlTransaction allows executing multiple commands as a single transaction
with
commit or rollback.
SqlTransaction?
+
SqlTransaction ensures multiple operations execute as a single unit. If any
operation fails, the entire transaction can be rolled back.
Stop a running thread?
+
Threads can be stopped using Thread.Abort(), CancellationToken, or
cooperative
flag-based termination (recommended).
Strongly typed DataSet?
+
Strongly typed DataSet has a predefined schema and provides compile-time
checking of
tables and columns.
System.Data Namespace Class.
+
System.Data namespace provides classes for working with relational data. It
includes
DataTable, DataSet, DataRelation, DataColumn, and connection-related
classes.
TableMapping in ADO.NET?
+
TableMapping maps source table names from a DataAdapter to destination
DataSet table
names.
Transaction in ADO.NET?
+
A transaction is a set of operations executed as a single unit, ensuring
ACID
properties.
Transactions and Concurrency in ADO.NET?
+
Transactions ensure multiple database operations execute as a unit
(commit/rollback). Concurrency manages simultaneous access using locking or
optimistic/pessimistic control.
Transactions in ADO.NET?
+
Ensures a set of operations execute as a unit; rollback occurs on failure.
Two Fundamental Objects in ADO.NET.
+
· Connection Object, · Command Object
Two important ADO.NET objects?
+
DataReader for connected model and DataSet for disconnected model.
Typed vs. Untyped Dataset
+
Typed DataSet has predefined schema with IntelliSense support. Untyped
DataSet does
not have fixed schema and works with dynamic tables.
Use of connection object?
+
Creates a link to the database and opens/closes transactions and commands.
Use of DataSet Object.
+
A DataSet stores multiple tables in memory, supports XML formatting,
relational
mapping, and offline work. Changes can later be synchronized with the
database via
DataAdapter.
Use of DataView
+
DataView provides a filtered, sorted view of a DataTable without modifying
actual
data. It supports searching, sorting, and binding to UI controls.
Use of SqlCommand object?
+
Executes SQL statements: SELECT, INSERT, UPDATE, DELETE, stored procedures.
Uses of Stored Procedure
+
Stored procedures enhance performance, security, reusability, and reduce
traffic by
executing on the server.
Which object needs to be closed?
+
Objects like Connection, DataReader, and XmlReader must be closed to release
resources.
XML support in ADO.NET?
+
ADO.NET can read, write, and manipulate XML using DataSet, DataTable, and
XML
methods like ReadXml and WriteXml.
Access data from DataReader?
+
Call ExecuteReader() and iterate rows using Read(). Access values using
index or
column names. It is forward-only and read-only.
ADO.NET Components.
+
Key components are:, · Connection, · Command, · DataReader, · DataAdapter, ·
DataSet, Each helps in performing database operations efficiently.
ADO.NET Data Provider?
+
A Data Provider is a set of classes (Connection, Command, DataAdapter,
DataReader)
that interacts with a specific database like SQL Server, Oracle, or OleDb.
ADO.NET Data Providers?
+
Examples:, · SqlClient, · OleDb, · Odbc, · OracleClient
ADO.NET?
+
ADO.NET is a set of classes in the .NET framework used to access and
manipulate data
from data sources such as SQL Server, Oracle, and XML.
ADO.NET?
+
ADO.NET is a .NET framework component used to interact with databases. It
provides
disconnected and connected communication models and supports commands, data
readers,
connection objects, and datasets.
ADO.NET?
+
ADO.NET is a data access framework in .NET used to interact with databases.
It
supports connected and disconnected models and works with SQL Server,
Oracle, and
others.
ADO.NET?
+
ADO.NET is a data access framework in .NET for interacting with databases
using
DataReader, DataSet, and DataAdapter.
Advantages of ADO.NET?
+
Supports disconnected model, XML integration, scalable architecture, and
high
performance. Works with multiple data sources and provides secure
parameterized
queries.
Aggregate in LINQ?
+
Perform operations like Sum, Count, Min, Max, Average on collections.
Authentication techniques for SQL Server
+
Common authentication types are Windows Authentication, SQL Server
Authentication,
and Mixed Mode Authentication.
Benefits of ADO.NET?
+
Scalable, secure, supports XML, disconnected architecture, multiple DB
providers.
Best method to get two values
+
Use ExecuteReader() or stored procedure returning multiple columns.
BindingSource class in ADO.NET?
+
BindingSource acts as a mediator between UI and data. It simplifies sorting,
filtering, and navigation with data controls like DataGridView.
boxing and unboxing?
+
Boxing converts a value type into object type. Unboxing extracts the value
back.
Boxing/unboxing?
+
Boxing: value type → object, Unboxing: object → value type
Can multiple tables be loaded into a DataSet?
+
Yes, multiple tables can be loaded into a DataSet using DataAdapter.Fill(),
and
relationships can be defined between them.
Catch multiple exceptions at once?
+
Use catch(Exception ex) when(ex is X || ex is Y) or multiple catch blocks.
Classes available in System.Data Namespace
+
Includes DataSet, DataTable, DataRow, DataColumn, DataRelation, Constraint,
and
DataView.
Classes in System.Data.Common Namespace
+
Includes DbConnection, DbCommand, DbDataAdapter, DbDataReader, and
DbParameter,
offering provider-independent access.
Clear(), Clone(), Copy() in DataSet?
+
Clear(): removes all data, keeps schema, Clone(): copies schema only,
Copy(): copies
schema + data
Clone() method of DataSet?
+
Clone() copies the structure of a DataSet including tables, schemas, and
constraints. It does not copy data. It is used when the same schema is
needed for
new datasets.
Command object in ADO.NET?
+
Command object represents an SQL statement or stored procedure to execute
against a
data source.
Commands used with DataAdapter
+
DataAdapter uses SelectCommand, InsertCommand, UpdateCommand, and
DeleteCommand for
CRUD operations. These commands define how data is fetched and updated
between
DataSet and database.
Components of ADO.NET Data Provider
+
ADO.NET Data Provider consists of four main objects: Connection, Command,
DataReader, and DataAdapter. The Connection connects to the database,
Command
executes SQL, DataReader retrieves forward-only data, and DataAdapter fills
DataSets
and updates changes.
Concurrency in EF?
+
Manages simultaneous access to data using Optimistic or Pessimistic
concurrency.
Connection object in ADO.NET?
+
Connection object represents a connection to a data source and is used to
open and
close connections.
Connection object properties and members?
+
Common properties include ConnectionString, State, Database, ServerVersion,
and
DataSource. Methods include Open(), Close(), CreateCommand(), and
BeginTransaction().
Connection Object?
+
The connection object establishes communication between application and
database. It
includes connection strings and manages session initiation and termination.
Connection pooling in ADO.NET?
+
Connection pooling reuses active connections to improve performance instead
of
opening a new connection every time.
Connection Pooling in ADO.NET?
+
Connection pooling reuses existing database connections instead of creating
new ones
repeatedly. It improves performance and reduces overhead by efficiently
managing
active and idle connections.
Connection Pooling?
+
Reuses previously opened DB connections to reduce overhead and improve
scalability.
Connection pooling?
+
Reuses open database connections to improve performance and scalability.
Connection timeout in ADO.NET?
+
Connection timeout specifies the time to wait while establishing a
connection before
throwing an exception.
ConnectionString?
+
Defines DB server, database name, credentials, and options for establishing
connection.
Copy() method of DataSet?
+
Copy() creates a duplicate DataSet including structure and data. It is
useful when
preserving a dataset snapshot.
Create and Manage Connections in ADO.NET?
+
Use classes like SqlConnection with a valid connection string. Methods such
as
Open() and Close() handle connection lifecycle, often used inside using(){}
blocks.
Create SqlConnection?
+
SqlConnection con = new SqlConnection("connectionString");, con.Open();
DAO?
+
DAO (Data Access Object) is a design pattern used to abstract and
encapsulate
database access logic. It helps separate persistence logic from business
logic.
Data Providers in ADO.NET
+
Examples include SqlClient, OleDb, OracleClient, Odbc, and EntityClient.
DataAdapter and its Property?
+
DataAdapter is used to transfer data between database and DataSet.
Properties
include SelectCommand, InsertCommand, UpdateCommand, and DeleteCommand.
DataAdapter in ADO.NET?
+
DataAdapter acts as a bridge between a DataSet and a data source for
retrieving and
saving data.
DataAdapter in ADO.NET?
+
DataAdapter acts as a bridge between the database and DataSet. It uses
select,
insert, update, and delete commands to sync data between memory and the
database.
DataAdapter?
+
Acts as a bridge between DataSet and database for retrieving and updating
data.
DataAdapter?
+
Acts as a bridge between DataSet and DB, provides methods for Fill() and
Update().
DataColumn, DataRow, DataTable relationship?
+
DataTable holds rows and columns; DataRow is a record; DataColumn defines
schema.
DataReader in ADO.NET?
+
DataReader is a forward-only, read-only stream of data from a data source,
optimized
for performance.
DataReader Object?
+
A fast, forward-only, read-only way to retrieve data from a database. Works
in
connected mode.
DataReader?
+
A DataReader provides fast, forward-only reading of results from a query. It
keeps
the connection open while reading data, making it ideal for large datasets.
DataReader?
+
Forward-only, read-only, fast access to database records.
DataRelation Class?
+
It establishes parent-child relational mapping between DataTables inside a
DataSet,
similar to foreign keys in a database.
DataSet in ADO.NET?
+
DataSet is an in-memory, disconnected collection of data tables,
relationships, and
constraints.
Dataset Object?
+
A disconnected, in-memory collection of DataTables supporting relationships
and XML.
DataSet replaces ADO Recordset?
+
Dataset provides disconnected, XML-based storage, supporting multiple
tables,
relationships, and offline editing. Unlike Recordset, it does not require a
live
database connection.
DataSet?
+
An in-memory representation of tables, relationships, and constraints,
supports
disconnected data.
DataTable in ADO.NET?
+
DataTable is a single in-memory table of data in a DataSet.
DataTable in ADO.NET?
+
A DataTable stores rows and columns similar to a database table. It exists
in memory
and can be part of a DataSet, supporting constraints, relations, and
indexing.
DataView in ADO.NET?
+
DataView provides a customizable view of a DataTable, allowing sorting,
filtering,
and searching.
DataView?
+
A DataView provides a sorted, filtered view of a DataTable without modifying
the
actual data. It supports searching and custom ordering.
DataView?
+
DataView provides filtered and sorted views of a DataTable without modifying
original data.
Default CommandTimeout value
+
The default value of CommandTimeout is 30 seconds.
Define DataSet structure?
+
A DataSet stores relational data in memory as tables, relations, and
constraints. It
can contain multiple DataTables and supports XML schema definitions using
ReadXmlSchema() and WriteXmlSchema().
DifBet AcceptChanges() and RejectChanges() in DataSet?
+
AcceptChanges() commits changes to DataSet; RejectChanges() rolls back
changes.
DifBet AcceptChanges() and RejectChanges()?
+
AcceptChanges commits changes; RejectChanges reverts changes to original
state.
DifBet ADO and ADO.NET?
+
ADO is COM-based and works with connected architecture; ADO.NET is
.NET-based and
supports both connected and disconnected architecture.
DifBet BeginTransaction() and EnlistTransaction()?
+
BeginTransaction starts a local transaction; EnlistTransaction enrolls the
connection in a distributed transaction.
DifBet Close() and Dispose() on SqlConnection?
+
Close() closes the connection; Dispose() releases all resources used by the
connection object.
DifBet CommandBehavior.CloseConnection and default
behavior?
+
CloseConnection automatically closes connection when DataReader is closed;
default
keeps connection open.
DifBet CommandType.Text and
CommandType.StoredProcedure?
+
CommandType.Text executes raw SQL queries; CommandType.StoredProcedure
executes
stored procedures.
DifBet connected and disconnected architecture in
ADO.NET?
+
Connected architecture uses active database connection (DataReader);
disconnected
architecture uses in-memory objects (DataSet).
DifBet connected and disconnected DataSet updates?
+
Connected updates immediately affect the database; disconnected updates
require
calling DataAdapter.Update().
DifBet connection string and connection object?
+
Connection string contains parameters to connect to database; connection
object uses
connection string to establish connection.
DifBet DataAdapter.Fill(DataSet) and Fill(DataTable)?
+
Fill(DataSet) can load multiple tables; Fill(DataTable) loads single table.
DifBet DataAdapter.MissingSchemaAction.AddWithKey and
Add?
+
AddWithKey loads primary key info; Add loads only columns without keys.
DifBet DataAdapter.Update() and
SqlCommand.ExecuteNonQuery()?
+
Update() propagates DataSet changes; ExecuteNonQuery executes a single SQL
command.
DifBet DataColumn.Expression and DataTable.Compute()?
+
DataColumn.Expression defines calculated column in DataTable; Compute
evaluates
expression on-demand.
DifBet DataReader and DataAdapter?
+
DataReader is forward-only, read-only, connected; DataAdapter works with
DataSet in
disconnected mode.
DifBet DataReader and DataSet?
+
DataReader is connected, fast, and read-only; DataSet is disconnected, can
hold
multiple tables, and supports updates.
DifBet DataRowState.Added, Modified, Deleted, and
Unchanged?
+
Added: new row; Modified: updated row; Deleted: marked for deletion;
Unchanged: no
changes.
DifBet DataSet and DataTable?
+
DataSet can hold multiple tables and relationships; DataTable represents a
single
table.
DifBet DataSet.EnforceConstraints = true and false?
+
True enforces constraints (keys, relationships); false disables constraint
checking
temporarily.
DifBet DataSet.GetChanges() and
DataSet.AcceptChanges()?
+
GetChanges() returns a copy of changes made; AcceptChanges() commits changes
to
DataSet.
DifBet DataSet.Merge() and ImportRow()?
+
Merge combines two DataSets while preserving changes; ImportRow copies a
single
DataRow into another DataTable.
DifBet DataSet.ReadXml() and DataSet.WriteXml()?
+
ReadXml loads data from XML; WriteXml saves data to XML.
DifBet DataSet.ReadXmlSchema() and
DataSet.WriteXmlSchema()?
+
ReadXmlSchema reads only schema; WriteXmlSchema writes only schema to XML.
DifBet DataSet.Relations.Add() and
DataTable.ChildRelations?
+
Relations.Add() creates relationship between tables; ChildRelations shows
existing
child relations.
DifBet DataSet.Tables and DataSet.Tables[TableName"]?"
+
Tables returns collection of all tables; Tables[TableName"] returns specific
table."
DifBet DataTable.Compute() and DataView.RowFilter?
+
Compute evaluates expressions like SUM, COUNT; RowFilter filters rows
dynamically.
DifBet DataTable.NewRow() and DataTable.Rows.Add()?
+
NewRow() creates a new DataRow; Rows.Add() adds DataRow to DataTable.
DifBet DataTable.Select() and DataView.RowFilter?
+
DataTable.Select() returns an array of DataRows; DataView.RowFilter filters
rows
dynamically in a DataView.
DifBet disconnected DataSet and connected DataReader?
+
DataSet is disconnected and can store multiple tables; DataReader is
connected,
forward-only, and read-only.
DifBet disconnected DataSet and XML in ADO.NET?
+
DataSet stores relational data in memory; XML stores hierarchical data in a
text
format.
DifBet ExecuteReader, ExecuteScalar, and
ExecuteNonQuery?
+
ExecuteReader returns a DataReader; ExecuteScalar returns a single value;
ExecuteNonQuery executes commands like INSERT, UPDATE, DELETE.
DifBet ExecuteScalar() and ExecuteNonQuery()?
+
ExecuteScalar returns a single value; ExecuteNonQuery returns number of rows
affected.
DifBet ExecuteXmlReader() and ExecuteReader()?
+
ExecuteXmlReader() returns XML data as XmlReader; ExecuteReader() returns
relational
data as DataReader.
DifBet Fill() and Update() methods in DataAdapter?
+
Fill() populates a DataSet with data from a data source; Update() saves
changes from
a DataSet back to the data source.
DifBet FillSchema() and Fill() in DataAdapter?
+
FillSchema() loads structure (columns, constraints); Fill() loads data into
DataSet.
DifBet GetSchema() and DataTable.Columns?
+
GetSchema() retrieves database metadata; DataTable.Columns retrieves column
info of
DataTable.
DifBet Load() and Fill() in DataAdapter?
+
Load() loads data into DataTable directly; Fill() loads data into DataSet.
DifBet multiple ResultSets and DataSet.Tables?
+
Multiple ResultSets are multiple queries from database; DataSet.Tables
stores
multiple tables in memory.
DifBet optimistic concurrency using Timestamp and
original values?
+
Timestamp compares version number for updates; original values compare
previous data
values.
DifBet ReadOnly and ReadWrite DataSet?
+
ReadOnly DataSet cannot update the source; ReadWrite DataSet allows changes
to be
persisted back.
DifBet schema-only and key information loading?
+
Schema-only loads column structure; key information includes primary,
foreign keys,
and constraints.
DifBet SqlBulkCopy and DataAdapter.Update()?
+
SqlBulkCopy is fast bulk insert; DataAdapter.Update() updates based on
DataRow
changes.
DifBet SqlCommand and OleDbCommand?
+
SqlCommand is SQL Server-specific; OleDbCommand works with OLE DB providers
for
multiple databases.
DifBet SqlCommand.ExecuteReader(CommandBehavior)
options?
+
Options like SingleRow, SingleResult, CloseConnection modify behavior of
DataReader.
DifBet SqlCommand.Parameters.Add() and AddWithValue()?
+
Add() allows specifying type and size; AddWithValue() infers type from
value.
DifBet SqlCommandBuilder and manually writing SQL
commands?
+
CommandBuilder automatically generates INSERT, UPDATE, DELETE commands;
manual SQL
provides more control.
DifBet SqlConnection and OleDbConnection?
+
SqlConnection is specific to SQL Server; OleDbConnection is generic and can
connect
to multiple databases via OLE DB provider.
DifBet SqlDataAdapter and OleDbDataAdapter?
+
SqlDataAdapter is SQL Server-specific; OleDbDataAdapter works with OLE DB
providers
for multiple databases.
DifBet SqlDataAdapter and SqlDataReader?
+
DataAdapter works with disconnected DataSet; DataReader is connected and
forward-only.
DifBet SqlDataAdapter.Fill() and
SqlDataAdapter.FillSchema()?
+
Fill() loads data; FillSchema() loads table structure including constraints.
DifBet SqlDataReader and SqlDataAdapter?
+
SqlDataReader is connected, fast, and read-only; SqlDataAdapter works in
disconnected mode with DataSet.
DifBet synchronous and asynchronous ADO.NET
operations?
+
Synchronous operations block until complete; asynchronous operations run in
background without blocking.
DifBet TableMapping and ColumnMapping?
+
TableMapping maps source table names to DataSet tables; ColumnMapping maps
source
columns to DataSet columns.
DifBet typed and untyped DataSet?
+
Typed DataSet has a predefined schema with compile-time checks; untyped is
generic
and dynamic.
DiffBet ADO and ADO.NET.
+
ADO is connected and recordset-based, whereas ADO.NET supports disconnected
architecture using DataSet. ADO.NET is XML-based and works well with
distributed
applications.
DiffBet ADO and ADO.NET?
+
ADO uses connected model and Recordsets. ADO.NET supports disconnected
model, XML,
and multiple tables.
DiffBet Command and CommandBuilder
+
Command executes SQL statements, while CommandBuilder automatically
generates SQL
(Insert, Update, Delete) commands for DataAdapters.
DiffBet connected and disconnected model?
+
Connected: DataReader, requires live DB connection., Disconnected: DataSet,
DataAdapter, works offline.
DiffBet DataReader and DataAdapter?
+
DataReader is forward-only, read-only; DataAdapter fills DataSet and
supports
disconnected operations.
DiffBet DataReader and DataSet.
+
· DataReader: forward-only, read-only, connected model, high performance., ·
DataSet: in-memory collection, disconnected model, supports navigation and
editing.
DiffBet DataReader and Dataset?
+
DataReader is fast, connected, read-only; Dataset is disconnected, editable,
and
supports multiple tables.
DiffBet DataSet and DataReader.
+
(Already answered in Q5, summarized above.)
DiffBet DataSet and Recordset?
+
DataSet is disconnected, supports multiple tables and relationships.,
Recordset is
connected and read-only or updatable depending on type.
DiffBet Dataset.Clone and Dataset.Copy
+
Clone() copies only the schema of the DataSet without data. Copy()
duplicates both
the schema and data, creating a full dataset replica.
DiffBet ExecuteScalar, ExecuteReader, ExecuteNonQuery?
+
Scalar: single value, Reader: forward-only rows, NonQuery:
update/delete/insert.
DiffBet Fill() and Update()?
+
Fill() loads data from DB to DataSet; Update() writes changes back to DB.
DiffBet IQueryable and IEnumerable?
+
IQueryable: server-side execution, LINQ to SQL/Entities, IEnumerable:
client-side,
in-memory
DiffBet OLEDB and SQLClient Providers
+
OLEDB provider works with multiple data sources like Access, Oracle, and
Excel,
while SQLClient is optimized specifically for SQL Server. SQLClient offers
better
speed, security, and support for SQL Server features like stored procedures
and
transactions.
Difference: Response.Expires vs
Response.ExpiresAbsolute
+
Expires specifies duration in minutes. ExpiresAbsolute sets exact expiration
date/time.
Different Execute Methods in ADO.NET
+
Key execution methods include ExecuteReader() for row data, ExecuteScalar()
for a
single value, ExecuteNonQuery() for insert/update/delete operations, and
ExecuteXmlReader() for XML data.
Disconnected data?
+
Disconnected data allows retrieving, modifying, and working with data
without
continuous DB connection. DataSet and DataTable support this model.
Dispose() in ADO.NET?
+
Releases unmanaged resources like DB connections, commonly used with using
block.
Do we use stored procedures in ADO.NET?
+
Yes, stored procedures can be executed using the Command object by setting
CommandType.StoredProcedure.
EF Migration?
+
Updates DB schema as models evolve without losing data.
Execute raw SQL in EF?
+
Use context.Database.SqlQuery() or ExecuteSqlCommand().
ExecuteNonQuery()?
+
This method executes commands that do not return results (Insert, Update,
Delete).
It returns the number of affected rows.
ExecuteNonQuery()?
+
Executes insert, update, or delete commands and returns affected row count.
ExecuteReader()?
+
Executes a query and returns a DataReader for reading rows forward-only.
ExecuteScalar()?
+
ExecuteScalar() returns a single value from a query, typically used for
count, sum,
or identity queries. It is faster than returning full data structures.
ExecuteScalar()?
+
Executes a query that returns a single value (first column of first row).
Explain DataTable, DataRow & DataColumn relationship.
+
DataTable stores rows and columns of data. DataRow represents a single
record, while
DataColumn defines the schema (fields). Together they form structured
tabular data.
Explain ExecuteReader().
+
ExecuteReader returns a DataReader object to read result sets row-by-row in
forward-only mode, ideal for performance in large data retrieval.
Explain ExecuteXmlReader?
+
ExecuteXmlReader is used with SQL Server to read XML data returned by a
command. It
returns an XmlReader object that allows forward-only streaming of XML. It is
useful
when retrieving XML documents from queries or stored procedures.
Explain OleDbDataAdapter Command Properties with
Example?
+
OleDbDataAdapter has properties like SelectCommand, InsertCommand,
UpdateCommand,
and DeleteCommand. These commands define SQL operations for reading and
updating
data. Example:, adapter.SelectCommand = new OleDbCommand("SELECT * FROM
Students",
connection);
Explain the Clear() method of DataSet?
+
Clear() removes all rows from all DataTables within the DataSet. The
structure
remains intact, but data is deleted. It is useful when reloading fresh data.
Explain the ExecuteScalar method in ADO.NET?
+
ExecuteScalar executes a SQL command and returns a single scalar value. It
is
commonly used for aggregate queries like COUNT(), MAX(), MIN(), or
retrieving a
single field. It improves performance as it does not return rows or a
dataset. It
returns the first column of the first row.
Features of ADO.NET?
+
Disconnected model, XML support, DataReader, DataSet, DataAdapter, object
pooling.
Filtering in LINQ?
+
Using Where() to filter elements by a condition.
GetChanges() in DataSet?
+
Returns modified rows (Added, Deleted, Modified) from DataSet for update
operations.
GetChanges()?
+
GetChanges() returns a copy of DataSet with only changed rows (Added,
Deleted,
Modified). Useful for updating only modified records.
Grouping in LINQ?
+
Organizes elements into groups based on a key using GroupBy().
HasChanges() in DataSet?
+
Checks if DataSet has any changes since last load or accept changes.
HasChanges() method of DataSet?
+
HasChanges() checks if the DataSet contains modified, deleted, or new rows.
It
returns true if changes exist, helping detect update needs.
IDisposable?
+
Interface for releasing unmanaged resources manually via Dispose().
Immediate Execution in LINQ?
+
Using methods like ToList(), Count() forces query execution immediately.
Important Classes in ADO.NET.
+
Key classes include SqlConnection, SqlCommand, SqlDataReader,
SqlDataAdapter,
DataSet, DataTable, and SqlParameter.
Is it possible to edit data in Repeater control?
+
No, Repeater does not provide built-in editing support like GridView.
Joining in LINQ?
+
Combines collections/tables based on key with Join() or GroupJoin().
Keyword to accept variable parameters
+
The keyword params is used to accept a variable number of arguments in C#.
Layers of ADO.NET
+
The two layers are Connected Layer (Connection, Command, DataReader) and
Disconnected Layer (DataSet, DataTable, DataAdapter).
Lazy vs eager loading in EF?
+
Lazy: loads related entities on demand, Eager: loads with query using
Include()
LINQ deferred execution?
+
Query runs only when enumerated (foreach, ToList()).
LINQ?
+
LINQ (Language Integrated Query) allows querying data using C# syntax across
objects, SQL, XML, and Entity Framework.
LINQ?
+
LINQ (Language Integrated Query) allows querying objects, collections,
databases,
and XML using C# language syntax.
Main components of ADO.NET?
+
Connection, Command, DataReader, DataSet, DataAdapter, DataTable, and
DataView.
Method in OleDbAdapter to populate dataset
+
The method is Fill(), used to load records into DataSet/DataTable.
Method in OleDbDataAdapter populates a dataset with
records?
+
The Fill() method of OleDbDataAdapter populates a DataSet or DataTable with
data. It
executes the SELECT command and loads the returned rows into the dataset for
disconnected use.
Method to execute SQL returning single value
+
The method is ExecuteScalar(), which returns the first column of the first
row.
Method used to read XML daily
+
The Read() or Load() methods using XmlReader or XDocument are used to
process XML
files.
Method used to sort data
+
Sorting can be done using DataView.Sort property.
Methods of DataSet.
+
Common methods include AcceptChanges(), RejectChanges(), ReadXml(),
WriteXml(), and
GetChanges() for data manipulation and synchronization.
Methods of XML DataSet Object
+
Common methods include ReadXml(), WriteXml(), ReadXmlSchema(), and
WriteXmlSchema(),
which allow reading and writing XML data and schema.
Methods under SqlCommand
+
Common methods include ExecuteReader(), ExecuteScalar(), ExecuteNonQuery(),
ExecuteXmlReader(), Cancel(), Prepare() and ExecuteAsync() for asynchronous
calls.
Namespaces for Data Access.
+
Common namespaces:, · System.Data, · System.Data.SqlClient, ·
System.Data.OleDb
Namespaces used in ADO.NET?
+
Common namespaces:, · System.Data, · System.Data.SqlClient, ·
System.Data.OleDb
Navigation property in EF?
+
Represents relationships and allows traversing related entities easily.
Object Pooling?
+
A technique to reuse created objects instead of recreating new ones,
improving
performance.
object pooling?
+
Reusing instantiated objects to reduce overhead and improve performance.
Object used to add relationship
+
DataRelation object is used to create relationships between DataTables.
Optimistic concurrency in ADO.NET?
+
Optimistic concurrency allows multiple users to access data and checks for
conflicts
only when updating.
OrderBy/ThenBy in LINQ?
+
Sorts collection first by OrderBy, then further sorting with ThenBy.
Parameterized query in ADO.NET?
+
A parameterized query uses parameters to prevent SQL injection and pass
values
safely.
Parameterized query?
+
Prevents SQL injection and allows passing parameters safely in SqlCommand.
Parameters in ADO.NET?
+
Parameters are used in parameterized queries or stored procedures to prevent
SQL
injection and pass values securely.
Pessimistic concurrency in ADO.NET?
+
Pessimistic concurrency locks data while a user is editing to prevent
conflicts.
Preferred method for executing SQL with parameters?
+
Use Parameterized queries with SqlCommand and Parameters collection. This
prevents
SQL injection and handles data safely.
Projection in LINQ?
+
Selecting specific columns or transforming data with Select().
Properties and Methods of Command Object.
+
Properties: CommandText, Connection, CommandType., Methods: ExecuteReader(),
ExecuteScalar(), ExecuteNonQuery().
Provider used for MS Access, Oracle, etc.
+
The OleDb provider is used to connect to multiple heterogeneous databases
like MS
Access, Excel, and Oracle.
RowVersion in ADO.NET?
+
RowVersion represents the state of a DataRow (Original, Current, Proposed)
for
concurrency control.
SqlCommand Object?
+
The SqlCommand object executes SQL queries and stored procedures against a
SQL
Server database. It supports methods like ExecuteReader(), ExecuteScalar(),
and
ExecuteNonQuery().
SqlCommand?
+
Executes SQL queries, commands, and stored procedures on a database.
SqlCommandBuilder?
+
SqlCommandBuilder auto-generates Insert, Update, and Delete commands for a
DataAdapter based on a select query. It reduces manual SQL writing.
SqlTransaction in ADO.NET?
+
SqlTransaction allows executing multiple commands as a single transaction
with
commit or rollback.
SqlTransaction?
+
SqlTransaction ensures multiple operations execute as a single unit. If any
operation fails, the entire transaction can be rolled back.
Stop a running thread?
+
Threads can be stopped using Thread.Abort(), CancellationToken, or
cooperative
flag-based termination (recommended).
Strongly typed DataSet?
+
Strongly typed DataSet has a predefined schema and provides compile-time
checking of
tables and columns.
System.Data Namespace Class.
+
System.Data namespace provides classes for working with relational data. It
includes
DataTable, DataSet, DataRelation, DataColumn, and connection-related
classes.
TableMapping in ADO.NET?
+
TableMapping maps source table names from a DataAdapter to destination
DataSet table
names.
Transaction in ADO.NET?
+
A transaction is a set of operations executed as a single unit, ensuring
ACID
properties.
Transactions and Concurrency in ADO.NET?
+
Transactions ensure multiple database operations execute as a unit
(commit/rollback). Concurrency manages simultaneous access using locking or
optimistic/pessimistic control.
Transactions in ADO.NET?
+
Ensures a set of operations execute as a unit; rollback occurs on failure.
Two Fundamental Objects in ADO.NET.
+
· Connection Object, · Command Object
Two important ADO.NET objects?
+
DataReader for connected model and DataSet for disconnected model.
Typed vs. Untyped Dataset
+
Typed DataSet has predefined schema with IntelliSense support. Untyped
DataSet does
not have fixed schema and works with dynamic tables.
Use of connection object?
+
Creates a link to the database and opens/closes transactions and commands.
Use of DataSet Object.
+
A DataSet stores multiple tables in memory, supports XML formatting,
relational
mapping, and offline work. Changes can later be synchronized with the
database via
DataAdapter.
Use of DataView
+
DataView provides a filtered, sorted view of a DataTable without modifying
actual
data. It supports searching, sorting, and binding to UI controls.
Use of SqlCommand object?
+
Executes SQL statements: SELECT, INSERT, UPDATE, DELETE, stored procedures.
Uses of Stored Procedure
+
Stored procedures enhance performance, security, reusability, and reduce
traffic by
executing on the server.
Which object needs to be closed?
+
Objects like Connection, DataReader, and XmlReader must be closed to release
resources.
XML support in ADO.NET?
+
ADO.NET can read, write, and manipulate XML using DataSet, DataTable, and
XML
methods like ReadXml and WriteXml.
Access data from DataReader?
+
Call ExecuteReader() and iterate rows using Read(). Access values using
index or
column names. It is forward-only and read-only.
ADO.NET Components.
+
Key components are:, · Connection, · Command, · DataReader, · DataAdapter, ·
DataSet, Each helps in performing database operations efficiently.
ADO.NET Data Provider?
+
A Data Provider is a set of classes (Connection, Command, DataAdapter,
DataReader)
that interacts with a specific database like SQL Server, Oracle, or OleDb.
ADO.NET Data Providers?
+
Examples:, · SqlClient, · OleDb, · Odbc, · OracleClient
ADO.NET?
+
ADO.NET is a set of classes in the .NET framework used to access and
manipulate data
from data sources such as SQL Server, Oracle, and XML.
ADO.NET?
+
ADO.NET is a .NET framework component used to interact with databases. It
provides
disconnected and connected communication models and supports commands, data
readers,
connection objects, and datasets.
ADO.NET?
+
ADO.NET is a data access framework in .NET used to interact with databases.
It
supports connected and disconnected models and works with SQL Server,
Oracle, and
others.
ADO.NET?
+
ADO.NET is a data access framework in .NET for interacting with databases
using
DataReader, DataSet, and DataAdapter.
Advantages of ADO.NET?
+
Supports disconnected model, XML integration, scalable architecture, and
high
performance. Works with multiple data sources and provides secure
parameterized
queries.
Aggregate in LINQ?
+
Perform operations like Sum, Count, Min, Max, Average on collections.
Authentication techniques for SQL Server
+
Common authentication types are Windows Authentication, SQL Server
Authentication,
and Mixed Mode Authentication.
Benefits of ADO.NET?
+
Scalable, secure, supports XML, disconnected architecture, multiple DB
providers.
Best method to get two values
+
Use ExecuteReader() or stored procedure returning multiple columns.
BindingSource class in ADO.NET?
+
BindingSource acts as a mediator between UI and data. It simplifies sorting,
filtering, and navigation with data controls like DataGridView.
boxing and unboxing?
+
Boxing converts a value type into object type. Unboxing extracts the value
back.
Boxing/unboxing?
+
Boxing: value type → object, Unboxing: object → value type
Can multiple tables be loaded into a DataSet?
+
Yes, multiple tables can be loaded into a DataSet using DataAdapter.Fill(),
and
relationships can be defined between them.
Catch multiple exceptions at once?
+
Use catch(Exception ex) when(ex is X || ex is Y) or multiple catch blocks.
Classes available in System.Data Namespace
+
Includes DataSet, DataTable, DataRow, DataColumn, DataRelation, Constraint,
and
DataView.
Classes in System.Data.Common Namespace
+
Includes DbConnection, DbCommand, DbDataAdapter, DbDataReader, and
DbParameter,
offering provider-independent access.
Clear(), Clone(), Copy() in DataSet?
+
Clear(): removes all data, keeps schema, Clone(): copies schema only,
Copy(): copies
schema + data
Clone() method of DataSet?
+
Clone() copies the structure of a DataSet including tables, schemas, and
constraints. It does not copy data. It is used when the same schema is
needed for
new datasets.
Command object in ADO.NET?
+
Command object represents an SQL statement or stored procedure to execute
against a
data source.
Commands used with DataAdapter
+
DataAdapter uses SelectCommand, InsertCommand, UpdateCommand, and
DeleteCommand for
CRUD operations. These commands define how data is fetched and updated
between
DataSet and database.
Components of ADO.NET Data Provider
+
ADO.NET Data Provider consists of four main objects: Connection, Command,
DataReader, and DataAdapter. The Connection connects to the database,
Command
executes SQL, DataReader retrieves forward-only data, and DataAdapter fills
DataSets
and updates changes.
Concurrency in EF?
+
Manages simultaneous access to data using Optimistic or Pessimistic
concurrency.
Connection object in ADO.NET?
+
Connection object represents a connection to a data source and is used to
open and
close connections.
Connection object properties and members?
+
Common properties include ConnectionString, State, Database, ServerVersion,
and
DataSource. Methods include Open(), Close(), CreateCommand(), and
BeginTransaction().
Connection Object?
+
The connection object establishes communication between application and
database. It
includes connection strings and manages session initiation and termination.
Connection pooling in ADO.NET?
+
Connection pooling reuses active connections to improve performance instead
of
opening a new connection every time.
Connection Pooling in ADO.NET?
+
Connection pooling reuses existing database connections instead of creating
new ones
repeatedly. It improves performance and reduces overhead by efficiently
managing
active and idle connections.
Connection Pooling?
+
Reuses previously opened DB connections to reduce overhead and improve
scalability.
Connection pooling?
+
Reuses open database connections to improve performance and scalability.
Connection timeout in ADO.NET?
+
Connection timeout specifies the time to wait while establishing a
connection before
throwing an exception.
ConnectionString?
+
Defines DB server, database name, credentials, and options for establishing
connection.
Copy() method of DataSet?
+
Copy() creates a duplicate DataSet including structure and data. It is
useful when
preserving a dataset snapshot.
Create and Manage Connections in ADO.NET?
+
Use classes like SqlConnection with a valid connection string. Methods such
as
Open() and Close() handle connection lifecycle, often used inside using(){}
blocks.
Create SqlConnection?
+
SqlConnection con = new SqlConnection("connectionString");, con.Open();
DAO?
+
DAO (Data Access Object) is a design pattern used to abstract and
encapsulate
database access logic. It helps separate persistence logic from business
logic.
Data Providers in ADO.NET
+
Examples include SqlClient, OleDb, OracleClient, Odbc, and EntityClient.
DataAdapter and its Property?
+
DataAdapter is used to transfer data between database and DataSet.
Properties
include SelectCommand, InsertCommand, UpdateCommand, and DeleteCommand.
DataAdapter in ADO.NET?
+
DataAdapter acts as a bridge between a DataSet and a data source for
retrieving and
saving data.
DataAdapter in ADO.NET?
+
DataAdapter acts as a bridge between the database and DataSet. It uses
select,
insert, update, and delete commands to sync data between memory and the
database.
DataAdapter?
+
Acts as a bridge between DataSet and database for retrieving and updating
data.
DataAdapter?
+
Acts as a bridge between DataSet and DB, provides methods for Fill() and
Update().
DataColumn, DataRow, DataTable relationship?
+
DataTable holds rows and columns; DataRow is a record; DataColumn defines
schema.
DataReader in ADO.NET?
+
DataReader is a forward-only, read-only stream of data from a data source,
optimized
for performance.
DataReader Object?
+
A fast, forward-only, read-only way to retrieve data from a database. Works
in
connected mode.
DataReader?
+
A DataReader provides fast, forward-only reading of results from a query. It
keeps
the connection open while reading data, making it ideal for large datasets.
DataReader?
+
Forward-only, read-only, fast access to database records.
DataRelation Class?
+
It establishes parent-child relational mapping between DataTables inside a
DataSet,
similar to foreign keys in a database.
DataSet in ADO.NET?
+
DataSet is an in-memory, disconnected collection of data tables,
relationships, and
constraints.
Dataset Object?
+
A disconnected, in-memory collection of DataTables supporting relationships
and XML.
DataSet replaces ADO Recordset?
+
Dataset provides disconnected, XML-based storage, supporting multiple
tables,
relationships, and offline editing. Unlike Recordset, it does not require a
live
database connection.
DataSet?
+
An in-memory representation of tables, relationships, and constraints,
supports
disconnected data.
DataTable in ADO.NET?
+
DataTable is a single in-memory table of data in a DataSet.
DataTable in ADO.NET?
+
A DataTable stores rows and columns similar to a database table. It exists
in memory
and can be part of a DataSet, supporting constraints, relations, and
indexing.
DataView in ADO.NET?
+
DataView provides a customizable view of a DataTable, allowing sorting,
filtering,
and searching.
DataView?
+
A DataView provides a sorted, filtered view of a DataTable without modifying
the
actual data. It supports searching and custom ordering.
DataView?
+
DataView provides filtered and sorted views of a DataTable without modifying
original data.
Default CommandTimeout value
+
The default value of CommandTimeout is 30 seconds.
Define DataSet structure?
+
A DataSet stores relational data in memory as tables, relations, and
constraints. It
can contain multiple DataTables and supports XML schema definitions using
ReadXmlSchema() and WriteXmlSchema().
DifBet AcceptChanges() and RejectChanges() in DataSet?
+
AcceptChanges() commits changes to DataSet; RejectChanges() rolls back
changes.
DifBet AcceptChanges() and RejectChanges()?
+
AcceptChanges commits changes; RejectChanges reverts changes to original
state.
DifBet ADO and ADO.NET?
+
ADO is COM-based and works with connected architecture; ADO.NET is
.NET-based and
supports both connected and disconnected architecture.
DifBet BeginTransaction() and EnlistTransaction()?
+
BeginTransaction starts a local transaction; EnlistTransaction enrolls the
connection in a distributed transaction.
DifBet Close() and Dispose() on SqlConnection?
+
Close() closes the connection; Dispose() releases all resources used by the
connection object.
DifBet CommandBehavior.CloseConnection and default
behavior?
+
CloseConnection automatically closes connection when DataReader is closed;
default
keeps connection open.
DifBet CommandType.Text and
CommandType.StoredProcedure?
+
CommandType.Text executes raw SQL queries; CommandType.StoredProcedure
executes
stored procedures.
DifBet connected and disconnected architecture in
ADO.NET?
+
Connected architecture uses active database connection (DataReader);
disconnected
architecture uses in-memory objects (DataSet).
DifBet connected and disconnected DataSet updates?
+
Connected updates immediately affect the database; disconnected updates
require
calling DataAdapter.Update().
DifBet connection string and connection object?
+
Connection string contains parameters to connect to database; connection
object uses
connection string to establish connection.
DifBet DataAdapter.Fill(DataSet) and Fill(DataTable)?
+
Fill(DataSet) can load multiple tables; Fill(DataTable) loads single table.
DifBet DataAdapter.MissingSchemaAction.AddWithKey and
Add?
+
AddWithKey loads primary key info; Add loads only columns without keys.
DifBet DataAdapter.Update() and
SqlCommand.ExecuteNonQuery()?
+
Update() propagates DataSet changes; ExecuteNonQuery executes a single SQL
command.
DifBet DataColumn.Expression and DataTable.Compute()?
+
DataColumn.Expression defines calculated column in DataTable; Compute
evaluates
expression on-demand.
DifBet DataReader and DataAdapter?
+
DataReader is forward-only, read-only, connected; DataAdapter works with
DataSet in
disconnected mode.
DifBet DataReader and DataSet?
+
DataReader is connected, fast, and read-only; DataSet is disconnected, can
hold
multiple tables, and supports updates.
DifBet DataRowState.Added, Modified, Deleted, and
Unchanged?
+
Added: new row; Modified: updated row; Deleted: marked for deletion;
Unchanged: no
changes.
DifBet DataSet and DataTable?
+
DataSet can hold multiple tables and relationships; DataTable represents a
single
table.
DifBet DataSet.EnforceConstraints = true and false?
+
True enforces constraints (keys, relationships); false disables constraint
checking
temporarily.
DifBet DataSet.GetChanges() and
DataSet.AcceptChanges()?
+
GetChanges() returns a copy of changes made; AcceptChanges() commits changes
to
DataSet.
DifBet DataSet.Merge() and ImportRow()?
+
Merge combines two DataSets while preserving changes; ImportRow copies a
single
DataRow into another DataTable.
DifBet DataSet.ReadXml() and DataSet.WriteXml()?
+
ReadXml loads data from XML; WriteXml saves data to XML.
DifBet DataSet.ReadXmlSchema() and
DataSet.WriteXmlSchema()?
+
ReadXmlSchema reads only schema; WriteXmlSchema writes only schema to XML.
DifBet DataSet.Relations.Add() and
DataTable.ChildRelations?
+
Relations.Add() creates relationship between tables; ChildRelations shows
existing
child relations.
DifBet DataSet.Tables and DataSet.Tables[TableName"]?"
+
Tables returns collection of all tables; Tables[TableName"] returns specific
table."
DifBet DataTable.Compute() and DataView.RowFilter?
+
Compute evaluates expressions like SUM, COUNT; RowFilter filters rows
dynamically.
DifBet DataTable.NewRow() and DataTable.Rows.Add()?
+
NewRow() creates a new DataRow; Rows.Add() adds DataRow to DataTable.
DifBet DataTable.Select() and DataView.RowFilter?
+
DataTable.Select() returns an array of DataRows; DataView.RowFilter filters
rows
dynamically in a DataView.
DifBet disconnected DataSet and connected DataReader?
+
DataSet is disconnected and can store multiple tables; DataReader is
connected,
forward-only, and read-only.
DifBet disconnected DataSet and XML in ADO.NET?
+
DataSet stores relational data in memory; XML stores hierarchical data in a
text
format.
DifBet ExecuteReader, ExecuteScalar, and
ExecuteNonQuery?
+
ExecuteReader returns a DataReader; ExecuteScalar returns a single value;
ExecuteNonQuery executes commands like INSERT, UPDATE, DELETE.
DifBet ExecuteScalar() and ExecuteNonQuery()?
+
ExecuteScalar returns a single value; ExecuteNonQuery returns number of rows
affected.
DifBet ExecuteXmlReader() and ExecuteReader()?
+
ExecuteXmlReader() returns XML data as XmlReader; ExecuteReader() returns
relational
data as DataReader.
DifBet Fill() and Update() methods in DataAdapter?
+
Fill() populates a DataSet with data from a data source; Update() saves
changes from
a DataSet back to the data source.
DifBet FillSchema() and Fill() in DataAdapter?
+
FillSchema() loads structure (columns, constraints); Fill() loads data into
DataSet.
DifBet GetSchema() and DataTable.Columns?
+
GetSchema() retrieves database metadata; DataTable.Columns retrieves column
info of
DataTable.
DifBet Load() and Fill() in DataAdapter?
+
Load() loads data into DataTable directly; Fill() loads data into DataSet.
DifBet multiple ResultSets and DataSet.Tables?
+
Multiple ResultSets are multiple queries from database; DataSet.Tables
stores
multiple tables in memory.
DifBet optimistic concurrency using Timestamp and
original values?
+
Timestamp compares version number for updates; original values compare
previous data
values.
DifBet ReadOnly and ReadWrite DataSet?
+
ReadOnly DataSet cannot update the source; ReadWrite DataSet allows changes
to be
persisted back.
DifBet schema-only and key information loading?
+
Schema-only loads column structure; key information includes primary,
foreign keys,
and constraints.
DifBet SqlBulkCopy and DataAdapter.Update()?
+
SqlBulkCopy is fast bulk insert; DataAdapter.Update() updates based on
DataRow
changes.
DifBet SqlCommand and OleDbCommand?
+
SqlCommand is SQL Server-specific; OleDbCommand works with OLE DB providers
for
multiple databases.
DifBet SqlCommand.ExecuteReader(CommandBehavior)
options?
+
Options like SingleRow, SingleResult, CloseConnection modify behavior of
DataReader.
DifBet SqlCommand.Parameters.Add() and AddWithValue()?
+
Add() allows specifying type and size; AddWithValue() infers type from
value.
DifBet SqlCommandBuilder and manually writing SQL
commands?
+
CommandBuilder automatically generates INSERT, UPDATE, DELETE commands;
manual SQL
provides more control.
DifBet SqlConnection and OleDbConnection?
+
SqlConnection is specific to SQL Server; OleDbConnection is generic and can
connect
to multiple databases via OLE DB provider.
DifBet SqlDataAdapter and OleDbDataAdapter?
+
SqlDataAdapter is SQL Server-specific; OleDbDataAdapter works with OLE DB
providers
for multiple databases.
DifBet SqlDataAdapter and SqlDataReader?
+
DataAdapter works with disconnected DataSet; DataReader is connected and
forward-only.
DifBet SqlDataAdapter.Fill() and
SqlDataAdapter.FillSchema()?
+
Fill() loads data; FillSchema() loads table structure including constraints.
DifBet SqlDataReader and SqlDataAdapter?
+
SqlDataReader is connected, fast, and read-only; SqlDataAdapter works in
disconnected mode with DataSet.
DifBet synchronous and asynchronous ADO.NET
operations?
+
Synchronous operations block until complete; asynchronous operations run in
background without blocking.
DifBet TableMapping and ColumnMapping?
+
TableMapping maps source table names to DataSet tables; ColumnMapping maps
source
columns to DataSet columns.
DifBet typed and untyped DataSet?
+
Typed DataSet has a predefined schema with compile-time checks; untyped is
generic
and dynamic.
DiffBet ADO and ADO.NET.
+
ADO is connected and recordset-based, whereas ADO.NET supports disconnected
architecture using DataSet. ADO.NET is XML-based and works well with
distributed
applications.
DiffBet ADO and ADO.NET?
+
ADO uses connected model and Recordsets. ADO.NET supports disconnected
model, XML,
and multiple tables.
DiffBet Command and CommandBuilder
+
Command executes SQL statements, while CommandBuilder automatically
generates SQL
(Insert, Update, Delete) commands for DataAdapters.
DiffBet connected and disconnected model?
+
Connected: DataReader, requires live DB connection., Disconnected: DataSet,
DataAdapter, works offline.
DiffBet DataReader and DataAdapter?
+
DataReader is forward-only, read-only; DataAdapter fills DataSet and
supports
disconnected operations.
DiffBet DataReader and DataSet.
+
· DataReader: forward-only, read-only, connected model, high performance., ·
DataSet: in-memory collection, disconnected model, supports navigation and
editing.
DiffBet DataReader and Dataset?
+
DataReader is fast, connected, read-only; Dataset is disconnected, editable,
and
supports multiple tables.
DiffBet DataSet and DataReader.
+
(Already answered in Q5, summarized above.)
DiffBet DataSet and Recordset?
+
DataSet is disconnected, supports multiple tables and relationships.,
Recordset is
connected and read-only or updatable depending on type.
DiffBet Dataset.Clone and Dataset.Copy
+
Clone() copies only the schema of the DataSet without data. Copy()
duplicates both
the schema and data, creating a full dataset replica.
DiffBet ExecuteScalar, ExecuteReader, ExecuteNonQuery?
+
Scalar: single value, Reader: forward-only rows, NonQuery:
update/delete/insert.
DiffBet Fill() and Update()?
+
Fill() loads data from DB to DataSet; Update() writes changes back to DB.
DiffBet IQueryable and IEnumerable?
+
IQueryable: server-side execution, LINQ to SQL/Entities, IEnumerable:
client-side,
in-memory
DiffBet OLEDB and SQLClient Providers
+
OLEDB provider works with multiple data sources like Access, Oracle, and
Excel,
while SQLClient is optimized specifically for SQL Server. SQLClient offers
better
speed, security, and support for SQL Server features like stored procedures
and
transactions.
Difference: Response.Expires vs
Response.ExpiresAbsolute
+
Expires specifies duration in minutes. ExpiresAbsolute sets exact expiration
date/time.
Different Execute Methods in ADO.NET
+
Key execution methods include ExecuteReader() for row data, ExecuteScalar()
for a
single value, ExecuteNonQuery() for insert/update/delete operations, and
ExecuteXmlReader() for XML data.
Disconnected data?
+
Disconnected data allows retrieving, modifying, and working with data
without
continuous DB connection. DataSet and DataTable support this model.
Dispose() in ADO.NET?
+
Releases unmanaged resources like DB connections, commonly used with using
block.
Do we use stored procedures in ADO.NET?
+
Yes, stored procedures can be executed using the Command object by setting
CommandType.StoredProcedure.
EF Migration?
+
Updates DB schema as models evolve without losing data.
Execute raw SQL in EF?
+
Use context.Database.SqlQuery() or ExecuteSqlCommand().
ExecuteNonQuery()?
+
This method executes commands that do not return results (Insert, Update,
Delete).
It returns the number of affected rows.
ExecuteNonQuery()?
+
Executes insert, update, or delete commands and returns affected row count.
ExecuteReader()?
+
Executes a query and returns a DataReader for reading rows forward-only.
ExecuteScalar()?
+
ExecuteScalar() returns a single value from a query, typically used for
count, sum,
or identity queries. It is faster than returning full data structures.
ExecuteScalar()?
+
Executes a query that returns a single value (first column of first row).
Explain DataTable, DataRow & DataColumn relationship.
+
DataTable stores rows and columns of data. DataRow represents a single
record, while
DataColumn defines the schema (fields). Together they form structured
tabular data.
Explain ExecuteReader().
+
ExecuteReader returns a DataReader object to read result sets row-by-row in
forward-only mode, ideal for performance in large data retrieval.
Explain ExecuteXmlReader?
+
ExecuteXmlReader is used with SQL Server to read XML data returned by a
command. It
returns an XmlReader object that allows forward-only streaming of XML. It is
useful
when retrieving XML documents from queries or stored procedures.
Explain OleDbDataAdapter Command Properties with
Example?
+
OleDbDataAdapter has properties like SelectCommand, InsertCommand,
UpdateCommand,
and DeleteCommand. These commands define SQL operations for reading and
updating
data. Example:, adapter.SelectCommand = new OleDbCommand("SELECT * FROM
Students",
connection);
Explain the Clear() method of DataSet?
+
Clear() removes all rows from all DataTables within the DataSet. The
structure
remains intact, but data is deleted. It is useful when reloading fresh data.
Explain the ExecuteScalar method in ADO.NET?
+
ExecuteScalar executes a SQL command and returns a single scalar value. It
is
commonly used for aggregate queries like COUNT(), MAX(), MIN(), or
retrieving a
single field. It improves performance as it does not return rows or a
dataset. It
returns the first column of the first row.
Features of ADO.NET?
+
Disconnected model, XML support, DataReader, DataSet, DataAdapter, object
pooling.
Filtering in LINQ?
+
Using Where() to filter elements by a condition.
GetChanges() in DataSet?
+
Returns modified rows (Added, Deleted, Modified) from DataSet for update
operations.
GetChanges()?
+
GetChanges() returns a copy of DataSet with only changed rows (Added,
Deleted,
Modified). Useful for updating only modified records.
Grouping in LINQ?
+
Organizes elements into groups based on a key using GroupBy().
HasChanges() in DataSet?
+
Checks if DataSet has any changes since last load or accept changes.
HasChanges() method of DataSet?
+
HasChanges() checks if the DataSet contains modified, deleted, or new rows.
It
returns true if changes exist, helping detect update needs.
IDisposable?
+
Interface for releasing unmanaged resources manually via Dispose().
Immediate Execution in LINQ?
+
Using methods like ToList(), Count() forces query execution immediately.
Important Classes in ADO.NET.
+
Key classes include SqlConnection, SqlCommand, SqlDataReader,
SqlDataAdapter,
DataSet, DataTable, and SqlParameter.
Is it possible to edit data in Repeater control?
+
No, Repeater does not provide built-in editing support like GridView.
Joining in LINQ?
+
Combines collections/tables based on key with Join() or GroupJoin().
Keyword to accept variable parameters
+
The keyword params is used to accept a variable number of arguments in C#.
Layers of ADO.NET
+
The two layers are Connected Layer (Connection, Command, DataReader) and
Disconnected Layer (DataSet, DataTable, DataAdapter).
Lazy vs eager loading in EF?
+
Lazy: loads related entities on demand, Eager: loads with query using
Include()
LINQ deferred execution?
+
Query runs only when enumerated (foreach, ToList()).
LINQ?
+
LINQ (Language Integrated Query) allows querying data using C# syntax across
objects, SQL, XML, and Entity Framework.
LINQ?
+
LINQ (Language Integrated Query) allows querying objects, collections,
databases,
and XML using C# language syntax.
Main components of ADO.NET?
+
Connection, Command, DataReader, DataSet, DataAdapter, DataTable, and
DataView.
Method in OleDbAdapter to populate dataset
+
The method is Fill(), used to load records into DataSet/DataTable.
Method in OleDbDataAdapter populates a dataset with
records?
+
The Fill() method of OleDbDataAdapter populates a DataSet or DataTable with
data. It
executes the SELECT command and loads the returned rows into the dataset for
disconnected use.
Method to execute SQL returning single value
+
The method is ExecuteScalar(), which returns the first column of the first
row.
Method used to read XML daily
+
The Read() or Load() methods using XmlReader or XDocument are used to
process XML
files.
Method used to sort data
+
Sorting can be done using DataView.Sort property.
Methods of DataSet.
+
Common methods include AcceptChanges(), RejectChanges(), ReadXml(),
WriteXml(), and
GetChanges() for data manipulation and synchronization.
Methods of XML DataSet Object
+
Common methods include ReadXml(), WriteXml(), ReadXmlSchema(), and
WriteXmlSchema(),
which allow reading and writing XML data and schema.
Methods under SqlCommand
+
Common methods include ExecuteReader(), ExecuteScalar(), ExecuteNonQuery(),
ExecuteXmlReader(), Cancel(), Prepare() and ExecuteAsync() for asynchronous
calls.
Namespaces for Data Access.
+
Common namespaces:, · System.Data, · System.Data.SqlClient, ·
System.Data.OleDb
Namespaces used in ADO.NET?
+
Common namespaces:, · System.Data, · System.Data.SqlClient, ·
System.Data.OleDb
Navigation property in EF?
+
Represents relationships and allows traversing related entities easily.
Object Pooling?
+
A technique to reuse created objects instead of recreating new ones,
improving
performance.
object pooling?
+
Reusing instantiated objects to reduce overhead and improve performance.
Object used to add relationship
+
DataRelation object is used to create relationships between DataTables.
Optimistic concurrency in ADO.NET?
+
Optimistic concurrency allows multiple users to access data and checks for
conflicts
only when updating.
OrderBy/ThenBy in LINQ?
+
Sorts collection first by OrderBy, then further sorting with ThenBy.
Parameterized query in ADO.NET?
+
A parameterized query uses parameters to prevent SQL injection and pass
values
safely.
Parameterized query?
+
Prevents SQL injection and allows passing parameters safely in SqlCommand.
Parameters in ADO.NET?
+
Parameters are used in parameterized queries or stored procedures to prevent
SQL
injection and pass values securely.
Pessimistic concurrency in ADO.NET?
+
Pessimistic concurrency locks data while a user is editing to prevent
conflicts.
Preferred method for executing SQL with parameters?
+
Use Parameterized queries with SqlCommand and Parameters collection. This
prevents
SQL injection and handles data safely.
Projection in LINQ?
+
Selecting specific columns or transforming data with Select().
Properties and Methods of Command Object.
+
Properties: CommandText, Connection, CommandType., Methods: ExecuteReader(),
ExecuteScalar(), ExecuteNonQuery().
Provider used for MS Access, Oracle, etc.
+
The OleDb provider is used to connect to multiple heterogeneous databases
like MS
Access, Excel, and Oracle.
RowVersion in ADO.NET?
+
RowVersion represents the state of a DataRow (Original, Current, Proposed)
for
concurrency control.
SqlCommand Object?
+
The SqlCommand object executes SQL queries and stored procedures against a
SQL
Server database. It supports methods like ExecuteReader(), ExecuteScalar(),
and
ExecuteNonQuery().
SqlCommand?
+
Executes SQL queries, commands, and stored procedures on a database.
SqlCommandBuilder?
+
SqlCommandBuilder auto-generates Insert, Update, and Delete commands for a
DataAdapter based on a select query. It reduces manual SQL writing.
SqlTransaction in ADO.NET?
+
SqlTransaction allows executing multiple commands as a single transaction
with
commit or rollback.
SqlTransaction?
+
SqlTransaction ensures multiple operations execute as a single unit. If any
operation fails, the entire transaction can be rolled back.
Stop a running thread?
+
Threads can be stopped using Thread.Abort(), CancellationToken, or
cooperative
flag-based termination (recommended).
Strongly typed DataSet?
+
Strongly typed DataSet has a predefined schema and provides compile-time
checking of
tables and columns.
System.Data Namespace Class.
+
System.Data namespace provides classes for working with relational data. It
includes
DataTable, DataSet, DataRelation, DataColumn, and connection-related
classes.
TableMapping in ADO.NET?
+
TableMapping maps source table names from a DataAdapter to destination
DataSet table
names.
Transaction in ADO.NET?
+
A transaction is a set of operations executed as a single unit, ensuring
ACID
properties.
Transactions and Concurrency in ADO.NET?
+
Transactions ensure multiple database operations execute as a unit
(commit/rollback). Concurrency manages simultaneous access using locking or
optimistic/pessimistic control.
Transactions in ADO.NET?
+
Ensures a set of operations execute as a unit; rollback occurs on failure.
Two Fundamental Objects in ADO.NET.
+
· Connection Object, · Command Object
Two important ADO.NET objects?
+
DataReader for connected model and DataSet for disconnected model.
Typed vs. Untyped Dataset
+
Typed DataSet has predefined schema with IntelliSense support. Untyped
DataSet does
not have fixed schema and works with dynamic tables.
Use of connection object?
+
Creates a link to the database and opens/closes transactions and commands.
Use of DataSet Object.
+
A DataSet stores multiple tables in memory, supports XML formatting,
relational
mapping, and offline work. Changes can later be synchronized with the
database via
DataAdapter.
Use of DataView
+
DataView provides a filtered, sorted view of a DataTable without modifying
actual
data. It supports searching, sorting, and binding to UI controls.
Use of SqlCommand object?
+
Executes SQL statements: SELECT, INSERT, UPDATE, DELETE, stored procedures.
Uses of Stored Procedure
+
Stored procedures enhance performance, security, reusability, and reduce
traffic by
executing on the server.
Which object needs to be closed?
+
Objects like Connection, DataReader, and XmlReader must be closed to release
resources.
XML support in ADO.NET?
+
ADO.NET can read, write, and manipulate XML using DataSet, DataTable, and
XML
methods like ReadXml and WriteXml.
Access data from DataReader?
+
Call ExecuteReader() and iterate rows using Read(). Access values using
index or
column names. It is forward-only and read-only.
ADO.NET Components.
+
Key components are:, · Connection, · Command, · DataReader, · DataAdapter, ·
DataSet, Each helps in performing database operations efficiently.
ADO.NET Data Provider?
+
A Data Provider is a set of classes (Connection, Command, DataAdapter,
DataReader)
that interacts with a specific database like SQL Server, Oracle, or OleDb.
ADO.NET Data Providers?
+
Examples:, · SqlClient, · OleDb, · Odbc, · OracleClient
ADO.NET?
+
ADO.NET is a set of classes in the .NET framework used to access and
manipulate data
from data sources such as SQL Server, Oracle, and XML.
ADO.NET?
+
ADO.NET is a .NET framework component used to interact with databases. It
provides
disconnected and connected communication models and supports commands, data
readers,
connection objects, and datasets.
ADO.NET?
+
ADO.NET is a data access framework in .NET used to interact with databases.
It
supports connected and disconnected models and works with SQL Server,
Oracle, and
others.
ADO.NET?
+
ADO.NET is a data access framework in .NET for interacting with databases
using
DataReader, DataSet, and DataAdapter.
Advantages of ADO.NET?
+
Supports disconnected model, XML integration, scalable architecture, and
high
performance. Works with multiple data sources and provides secure
parameterized
queries.
Aggregate in LINQ?
+
Perform operations like Sum, Count, Min, Max, Average on collections.
Authentication techniques for SQL Server
+
Common authentication types are Windows Authentication, SQL Server
Authentication,
and Mixed Mode Authentication.
Benefits of ADO.NET?
+
Scalable, secure, supports XML, disconnected architecture, multiple DB
providers.
Best method to get two values
+
Use ExecuteReader() or stored procedure returning multiple columns.
BindingSource class in ADO.NET?
+
BindingSource acts as a mediator between UI and data. It simplifies sorting,
filtering, and navigation with data controls like DataGridView.
boxing and unboxing?
+
Boxing converts a value type into object type. Unboxing extracts the value
back.
Boxing/unboxing?
+
Boxing: value type → object, Unboxing: object → value type
Can multiple tables be loaded into a DataSet?
+
Yes, multiple tables can be loaded into a DataSet using DataAdapter.Fill(),
and
relationships can be defined between them.
Catch multiple exceptions at once?
+
Use catch(Exception ex) when(ex is X || ex is Y) or multiple catch blocks.
Classes available in System.Data Namespace
+
Includes DataSet, DataTable, DataRow, DataColumn, DataRelation, Constraint,
and
DataView.
Classes in System.Data.Common Namespace
+
Includes DbConnection, DbCommand, DbDataAdapter, DbDataReader, and
DbParameter,
offering provider-independent access.
Clear(), Clone(), Copy() in DataSet?
+
Clear(): removes all data, keeps schema, Clone(): copies schema only,
Copy(): copies
schema + data
Clone() method of DataSet?
+
Clone() copies the structure of a DataSet including tables, schemas, and
constraints. It does not copy data. It is used when the same schema is
needed for
new datasets.
Command object in ADO.NET?
+
Command object represents an SQL statement or stored procedure to execute
against a
data source.
Commands used with DataAdapter
+
DataAdapter uses SelectCommand, InsertCommand, UpdateCommand, and
DeleteCommand for
CRUD operations. These commands define how data is fetched and updated
between
DataSet and database.
Components of ADO.NET Data Provider
+
ADO.NET Data Provider consists of four main objects: Connection, Command,
DataReader, and DataAdapter. The Connection connects to the database,
Command
executes SQL, DataReader retrieves forward-only data, and DataAdapter fills
DataSets
and updates changes.
Concurrency in EF?
+
Manages simultaneous access to data using Optimistic or Pessimistic
concurrency.
Connection object in ADO.NET?
+
Connection object represents a connection to a data source and is used to
open and
close connections.
Connection object properties and members?
+
Common properties include ConnectionString, State, Database, ServerVersion,
and
DataSource. Methods include Open(), Close(), CreateCommand(), and
BeginTransaction().
Connection Object?
+
The connection object establishes communication between application and
database. It
includes connection strings and manages session initiation and termination.
Connection pooling in ADO.NET?
+
Connection pooling reuses active connections to improve performance instead
of
opening a new connection every time.
Connection Pooling in ADO.NET?
+
Connection pooling reuses existing database connections instead of creating
new ones
repeatedly. It improves performance and reduces overhead by efficiently
managing
active and idle connections.
Connection Pooling?
+
Reuses previously opened DB connections to reduce overhead and improve
scalability.
Connection pooling?
+
Reuses open database connections to improve performance and scalability.
Connection timeout in ADO.NET?
+
Connection timeout specifies the time to wait while establishing a
connection before
throwing an exception.
ConnectionString?
+
Defines DB server, database name, credentials, and options for establishing
connection.
Copy() method of DataSet?
+
Copy() creates a duplicate DataSet including structure and data. It is
useful when
preserving a dataset snapshot.
Create and Manage Connections in ADO.NET?
+
Use classes like SqlConnection with a valid connection string. Methods such
as
Open() and Close() handle connection lifecycle, often used inside using(){}
blocks.
Create SqlConnection?
+
SqlConnection con = new SqlConnection("connectionString");, con.Open();
DAO?
+
DAO (Data Access Object) is a design pattern used to abstract and
encapsulate
database access logic. It helps separate persistence logic from business
logic.
Data Providers in ADO.NET
+
Examples include SqlClient, OleDb, OracleClient, Odbc, and EntityClient.
DataAdapter and its Property?
+
DataAdapter is used to transfer data between database and DataSet.
Properties
include SelectCommand, InsertCommand, UpdateCommand, and DeleteCommand.
DataAdapter in ADO.NET?
+
DataAdapter acts as a bridge between a DataSet and a data source for
retrieving and
saving data.
DataAdapter in ADO.NET?
+
DataAdapter acts as a bridge between the database and DataSet. It uses
select,
insert, update, and delete commands to sync data between memory and the
database.
DataAdapter?
+
Acts as a bridge between DataSet and database for retrieving and updating
data.
DataAdapter?
+
Acts as a bridge between DataSet and DB, provides methods for Fill() and
Update().
DataColumn, DataRow, DataTable relationship?
+
DataTable holds rows and columns; DataRow is a record; DataColumn defines
schema.
DataReader in ADO.NET?
+
DataReader is a forward-only, read-only stream of data from a data source,
optimized
for performance.
DataReader Object?
+
A fast, forward-only, read-only way to retrieve data from a database. Works
in
connected mode.
DataReader?
+
A DataReader provides fast, forward-only reading of results from a query. It
keeps
the connection open while reading data, making it ideal for large datasets.
DataReader?
+
Forward-only, read-only, fast access to database records.
DataRelation Class?
+
It establishes parent-child relational mapping between DataTables inside a
DataSet,
similar to foreign keys in a database.
DataSet in ADO.NET?
+
DataSet is an in-memory, disconnected collection of data tables,
relationships, and
constraints.
Dataset Object?
+
A disconnected, in-memory collection of DataTables supporting relationships
and XML.
DataSet replaces ADO Recordset?
+
Dataset provides disconnected, XML-based storage, supporting multiple
tables,
relationships, and offline editing. Unlike Recordset, it does not require a
live
database connection.
DataSet?
+
An in-memory representation of tables, relationships, and constraints,
supports
disconnected data.
DataTable in ADO.NET?
+
DataTable is a single in-memory table of data in a DataSet.
DataTable in ADO.NET?
+
A DataTable stores rows and columns similar to a database table. It exists
in memory
and can be part of a DataSet, supporting constraints, relations, and
indexing.
DataView in ADO.NET?
+
DataView provides a customizable view of a DataTable, allowing sorting,
filtering,
and searching.
DataView?
+
A DataView provides a sorted, filtered view of a DataTable without modifying
the
actual data. It supports searching and custom ordering.
DataView?
+
DataView provides filtered and sorted views of a DataTable without modifying
original data.
Default CommandTimeout value
+
The default value of CommandTimeout is 30 seconds.
Define DataSet structure?
+
A DataSet stores relational data in memory as tables, relations, and
constraints. It
can contain multiple DataTables and supports XML schema definitions using
ReadXmlSchema() and WriteXmlSchema().
DifBet AcceptChanges() and RejectChanges() in DataSet?
+
AcceptChanges() commits changes to DataSet; RejectChanges() rolls back
changes.
DifBet AcceptChanges() and RejectChanges()?
+
AcceptChanges commits changes; RejectChanges reverts changes to original
state.
DifBet ADO and ADO.NET?
+
ADO is COM-based and works with connected architecture; ADO.NET is
.NET-based and
supports both connected and disconnected architecture.
DifBet BeginTransaction() and EnlistTransaction()?
+
BeginTransaction starts a local transaction; EnlistTransaction enrolls the
connection in a distributed transaction.
DifBet Close() and Dispose() on SqlConnection?
+
Close() closes the connection; Dispose() releases all resources used by the
connection object.
DifBet CommandBehavior.CloseConnection and default
behavior?
+
CloseConnection automatically closes connection when DataReader is closed;
default
keeps connection open.
DifBet CommandType.Text and
CommandType.StoredProcedure?
+
CommandType.Text executes raw SQL queries; CommandType.StoredProcedure
executes
stored procedures.
DifBet connected and disconnected architecture in
ADO.NET?
+
Connected architecture uses active database connection (DataReader);
disconnected
architecture uses in-memory objects (DataSet).
DifBet connected and disconnected DataSet updates?
+
Connected updates immediately affect the database; disconnected updates
require
calling DataAdapter.Update().
DifBet connection string and connection object?
+
Connection string contains parameters to connect to database; connection
object uses
connection string to establish connection.
DifBet DataAdapter.Fill(DataSet) and Fill(DataTable)?
+
Fill(DataSet) can load multiple tables; Fill(DataTable) loads single table.
DifBet DataAdapter.MissingSchemaAction.AddWithKey and
Add?
+
AddWithKey loads primary key info; Add loads only columns without keys.
DifBet DataAdapter.Update() and
SqlCommand.ExecuteNonQuery()?
+
Update() propagates DataSet changes; ExecuteNonQuery executes a single SQL
command.
DifBet DataColumn.Expression and DataTable.Compute()?
+
DataColumn.Expression defines calculated column in DataTable; Compute
evaluates
expression on-demand.
DifBet DataReader and DataAdapter?
+
DataReader is forward-only, read-only, connected; DataAdapter works with
DataSet in
disconnected mode.
DifBet DataReader and DataSet?
+
DataReader is connected, fast, and read-only; DataSet is disconnected, can
hold
multiple tables, and supports updates.
DifBet DataRowState.Added, Modified, Deleted, and
Unchanged?
+
Added: new row; Modified: updated row; Deleted: marked for deletion;
Unchanged: no
changes.
DifBet DataSet and DataTable?
+
DataSet can hold multiple tables and relationships; DataTable represents a
single
table.
DifBet DataSet.EnforceConstraints = true and false?
+
True enforces constraints (keys, relationships); false disables constraint
checking
temporarily.
DifBet DataSet.GetChanges() and
DataSet.AcceptChanges()?
+
GetChanges() returns a copy of changes made; AcceptChanges() commits changes
to
DataSet.
DifBet DataSet.Merge() and ImportRow()?
+
Merge combines two DataSets while preserving changes; ImportRow copies a
single
DataRow into another DataTable.
DifBet DataSet.ReadXml() and DataSet.WriteXml()?
+
ReadXml loads data from XML; WriteXml saves data to XML.
DifBet DataSet.ReadXmlSchema() and
DataSet.WriteXmlSchema()?
+
ReadXmlSchema reads only schema; WriteXmlSchema writes only schema to XML.
DifBet DataSet.Relations.Add() and
DataTable.ChildRelations?
+
Relations.Add() creates relationship between tables; ChildRelations shows
existing
child relations.
DifBet DataSet.Tables and DataSet.Tables[TableName"]?"
+
Tables returns collection of all tables; Tables[TableName"] returns specific
table."
DifBet DataTable.Compute() and DataView.RowFilter?
+
Compute evaluates expressions like SUM, COUNT; RowFilter filters rows
dynamically.
DifBet DataTable.NewRow() and DataTable.Rows.Add()?
+
NewRow() creates a new DataRow; Rows.Add() adds DataRow to DataTable.
DifBet DataTable.Select() and DataView.RowFilter?
+
DataTable.Select() returns an array of DataRows; DataView.RowFilter filters
rows
dynamically in a DataView.
DifBet disconnected DataSet and connected DataReader?
+
DataSet is disconnected and can store multiple tables; DataReader is
connected,
forward-only, and read-only.
DifBet disconnected DataSet and XML in ADO.NET?
+
DataSet stores relational data in memory; XML stores hierarchical data in a
text
format.
DifBet ExecuteReader, ExecuteScalar, and
ExecuteNonQuery?
+
ExecuteReader returns a DataReader; ExecuteScalar returns a single value;
ExecuteNonQuery executes commands like INSERT, UPDATE, DELETE.
DifBet ExecuteScalar() and ExecuteNonQuery()?
+
ExecuteScalar returns a single value; ExecuteNonQuery returns number of rows
affected.
DifBet ExecuteXmlReader() and ExecuteReader()?
+
ExecuteXmlReader() returns XML data as XmlReader; ExecuteReader() returns
relational
data as DataReader.
DifBet Fill() and Update() methods in DataAdapter?
+
Fill() populates a DataSet with data from a data source; Update() saves
changes from
a DataSet back to the data source.
DifBet FillSchema() and Fill() in DataAdapter?
+
FillSchema() loads structure (columns, constraints); Fill() loads data into
DataSet.
DifBet GetSchema() and DataTable.Columns?
+
GetSchema() retrieves database metadata; DataTable.Columns retrieves column
info of
DataTable.
DifBet Load() and Fill() in DataAdapter?
+
Load() loads data into DataTable directly; Fill() loads data into DataSet.
DifBet multiple ResultSets and DataSet.Tables?
+
Multiple ResultSets are multiple queries from database; DataSet.Tables
stores
multiple tables in memory.
DifBet optimistic concurrency using Timestamp and
original values?
+
Timestamp compares version number for updates; original values compare
previous data
values.
DifBet ReadOnly and ReadWrite DataSet?
+
ReadOnly DataSet cannot update the source; ReadWrite DataSet allows changes
to be
persisted back.
DifBet schema-only and key information loading?
+
Schema-only loads column structure; key information includes primary,
foreign keys,
and constraints.
DifBet SqlBulkCopy and DataAdapter.Update()?
+
SqlBulkCopy is fast bulk insert; DataAdapter.Update() updates based on
DataRow
changes.
DifBet SqlCommand and OleDbCommand?
+
SqlCommand is SQL Server-specific; OleDbCommand works with OLE DB providers
for
multiple databases.
DifBet SqlCommand.ExecuteReader(CommandBehavior)
options?
+
Options like SingleRow, SingleResult, CloseConnection modify behavior of
DataReader.
DifBet SqlCommand.Parameters.Add() and AddWithValue()?
+
Add() allows specifying type and size; AddWithValue() infers type from
value.
DifBet SqlCommandBuilder and manually writing SQL
commands?
+
CommandBuilder automatically generates INSERT, UPDATE, DELETE commands;
manual SQL
provides more control.
DifBet SqlConnection and OleDbConnection?
+
SqlConnection is specific to SQL Server; OleDbConnection is generic and can
connect
to multiple databases via OLE DB provider.
DifBet SqlDataAdapter and OleDbDataAdapter?
+
SqlDataAdapter is SQL Server-specific; OleDbDataAdapter works with OLE DB
providers
for multiple databases.
DifBet SqlDataAdapter and SqlDataReader?
+
DataAdapter works with disconnected DataSet; DataReader is connected and
forward-only.
DifBet SqlDataAdapter.Fill() and
SqlDataAdapter.FillSchema()?
+
Fill() loads data; FillSchema() loads table structure including constraints.
DifBet SqlDataReader and SqlDataAdapter?
+
SqlDataReader is connected, fast, and read-only; SqlDataAdapter works in
disconnected mode with DataSet.
DifBet synchronous and asynchronous ADO.NET
operations?
+
Synchronous operations block until complete; asynchronous operations run in
background without blocking.
DifBet TableMapping and ColumnMapping?
+
TableMapping maps source table names to DataSet tables; ColumnMapping maps
source
columns to DataSet columns.
DifBet typed and untyped DataSet?
+
Typed DataSet has a predefined schema with compile-time checks; untyped is
generic
and dynamic.
DiffBet ADO and ADO.NET.
+
ADO is connected and recordset-based, whereas ADO.NET supports disconnected
architecture using DataSet. ADO.NET is XML-based and works well with
distributed
applications.
DiffBet ADO and ADO.NET?
+
ADO uses connected model and Recordsets. ADO.NET supports disconnected
model, XML,
and multiple tables.
DiffBet Command and CommandBuilder
+
Command executes SQL statements, while CommandBuilder automatically
generates SQL
(Insert, Update, Delete) commands for DataAdapters.
DiffBet connected and disconnected model?
+
Connected: DataReader, requires live DB connection., Disconnected: DataSet,
DataAdapter, works offline.
DiffBet DataReader and DataAdapter?
+
DataReader is forward-only, read-only; DataAdapter fills DataSet and
supports
disconnected operations.
DiffBet DataReader and DataSet.
+
· DataReader: forward-only, read-only, connected model, high performance., ·
DataSet: in-memory collection, disconnected model, supports navigation and
editing.
DiffBet DataReader and Dataset?
+
DataReader is fast, connected, read-only; Dataset is disconnected, editable,
and
supports multiple tables.
DiffBet DataSet and DataReader.
+
(Already answered in Q5, summarized above.)
DiffBet DataSet and Recordset?
+
DataSet is disconnected, supports multiple tables and relationships.,
Recordset is
connected and read-only or updatable depending on type.
DiffBet Dataset.Clone and Dataset.Copy
+
Clone() copies only the schema of the DataSet without data. Copy()
duplicates both
the schema and data, creating a full dataset replica.
DiffBet ExecuteScalar, ExecuteReader, ExecuteNonQuery?
+
Scalar: single value, Reader: forward-only rows, NonQuery:
update/delete/insert.
DiffBet Fill() and Update()?
+
Fill() loads data from DB to DataSet; Update() writes changes back to DB.
DiffBet IQueryable and IEnumerable?
+
IQueryable: server-side execution, LINQ to SQL/Entities, IEnumerable:
client-side,
in-memory
DiffBet OLEDB and SQLClient Providers
+
OLEDB provider works with multiple data sources like Access, Oracle, and
Excel,
while SQLClient is optimized specifically for SQL Server. SQLClient offers
better
speed, security, and support for SQL Server features like stored procedures
and
transactions.
Difference: Response.Expires vs
Response.ExpiresAbsolute
+
Expires specifies duration in minutes. ExpiresAbsolute sets exact expiration
date/time.
Different Execute Methods in ADO.NET
+
Key execution methods include ExecuteReader() for row data, ExecuteScalar()
for a
single value, ExecuteNonQuery() for insert/update/delete operations, and
ExecuteXmlReader() for XML data.
Disconnected data?
+
Disconnected data allows retrieving, modifying, and working with data
without
continuous DB connection. DataSet and DataTable support this model.
Dispose() in ADO.NET?
+
Releases unmanaged resources like DB connections, commonly used with using
block.
Do we use stored procedures in ADO.NET?
+
Yes, stored procedures can be executed using the Command object by setting
CommandType.StoredProcedure.
EF Migration?
+
Updates DB schema as models evolve without losing data.
Execute raw SQL in EF?
+
Use context.Database.SqlQuery() or ExecuteSqlCommand().
ExecuteNonQuery()?
+
This method executes commands that do not return results (Insert, Update,
Delete).
It returns the number of affected rows.
ExecuteNonQuery()?
+
Executes insert, update, or delete commands and returns affected row count.
ExecuteReader()?
+
Executes a query and returns a DataReader for reading rows forward-only.
ExecuteScalar()?
+
ExecuteScalar() returns a single value from a query, typically used for
count, sum,
or identity queries. It is faster than returning full data structures.
ExecuteScalar()?
+
Executes a query that returns a single value (first column of first row).
Explain DataTable, DataRow & DataColumn relationship.
+
DataTable stores rows and columns of data. DataRow represents a single
record, while
DataColumn defines the schema (fields). Together they form structured
tabular data.
Explain ExecuteReader().
+
ExecuteReader returns a DataReader object to read result sets row-by-row in
forward-only mode, ideal for performance in large data retrieval.
Explain ExecuteXmlReader?
+
ExecuteXmlReader is used with SQL Server to read XML data returned by a
command. It
returns an XmlReader object that allows forward-only streaming of XML. It is
useful
when retrieving XML documents from queries or stored procedures.
Explain OleDbDataAdapter Command Properties with
Example?
+
OleDbDataAdapter has properties like SelectCommand, InsertCommand,
UpdateCommand,
and DeleteCommand. These commands define SQL operations for reading and
updating
data. Example:, adapter.SelectCommand = new OleDbCommand("SELECT * FROM
Students",
connection);
Explain the Clear() method of DataSet?
+
Clear() removes all rows from all DataTables within the DataSet. The
structure
remains intact, but data is deleted. It is useful when reloading fresh data.
Explain the ExecuteScalar method in ADO.NET?
+
ExecuteScalar executes a SQL command and returns a single scalar value. It
is
commonly used for aggregate queries like COUNT(), MAX(), MIN(), or
retrieving a
single field. It improves performance as it does not return rows or a
dataset. It
returns the first column of the first row.
Features of ADO.NET?
+
Disconnected model, XML support, DataReader, DataSet, DataAdapter, object
pooling.
Filtering in LINQ?
+
Using Where() to filter elements by a condition.
GetChanges() in DataSet?
+
Returns modified rows (Added, Deleted, Modified) from DataSet for update
operations.
GetChanges()?
+
GetChanges() returns a copy of DataSet with only changed rows (Added,
Deleted,
Modified). Useful for updating only modified records.
Grouping in LINQ?
+
Organizes elements into groups based on a key using GroupBy().
HasChanges() in DataSet?
+
Checks if DataSet has any changes since last load or accept changes.
HasChanges() method of DataSet?
+
HasChanges() checks if the DataSet contains modified, deleted, or new rows.
It
returns true if changes exist, helping detect update needs.
IDisposable?
+
Interface for releasing unmanaged resources manually via Dispose().
Immediate Execution in LINQ?
+
Using methods like ToList(), Count() forces query execution immediately.
Important Classes in ADO.NET.
+
Key classes include SqlConnection, SqlCommand, SqlDataReader,
SqlDataAdapter,
DataSet, DataTable, and SqlParameter.
Is it possible to edit data in Repeater control?
+
No, Repeater does not provide built-in editing support like GridView.
Joining in LINQ?
+
Combines collections/tables based on key with Join() or GroupJoin().
Keyword to accept variable parameters
+
The keyword params is used to accept a variable number of arguments in C#.
Layers of ADO.NET
+
The two layers are Connected Layer (Connection, Command, DataReader) and
Disconnected Layer (DataSet, DataTable, DataAdapter).
Lazy vs eager loading in EF?
+
Lazy: loads related entities on demand, Eager: loads with query using
Include()
LINQ deferred execution?
+
Query runs only when enumerated (foreach, ToList()).
LINQ?
+
LINQ (Language Integrated Query) allows querying data using C# syntax across
objects, SQL, XML, and Entity Framework.
LINQ?
+
LINQ (Language Integrated Query) allows querying objects, collections,
databases,
and XML using C# language syntax.
Main components of ADO.NET?
+
Connection, Command, DataReader, DataSet, DataAdapter, DataTable, and
DataView.
Method in OleDbAdapter to populate dataset
+
The method is Fill(), used to load records into DataSet/DataTable.
Method in OleDbDataAdapter populates a dataset with
records?
+
The Fill() method of OleDbDataAdapter populates a DataSet or DataTable with
data. It
executes the SELECT command and loads the returned rows into the dataset for
disconnected use.
Method to execute SQL returning single value
+
The method is ExecuteScalar(), which returns the first column of the first
row.
Method used to read XML daily
+
The Read() or Load() methods using XmlReader or XDocument are used to
process XML
files.
Method used to sort data
+
Sorting can be done using DataView.Sort property.
Methods of DataSet.
+
Common methods include AcceptChanges(), RejectChanges(), ReadXml(),
WriteXml(), and
GetChanges() for data manipulation and synchronization.
Methods of XML DataSet Object
+
Common methods include ReadXml(), WriteXml(), ReadXmlSchema(), and
WriteXmlSchema(),
which allow reading and writing XML data and schema.
Methods under SqlCommand
+
Common methods include ExecuteReader(), ExecuteScalar(), ExecuteNonQuery(),
ExecuteXmlReader(), Cancel(), Prepare() and ExecuteAsync() for asynchronous
calls.
Namespaces for Data Access.
+
Common namespaces:, · System.Data, · System.Data.SqlClient, ·
System.Data.OleDb
Namespaces used in ADO.NET?
+
Common namespaces:, · System.Data, · System.Data.SqlClient, ·
System.Data.OleDb
Navigation property in EF?
+
Represents relationships and allows traversing related entities easily.
Object Pooling?
+
A technique to reuse created objects instead of recreating new ones,
improving
performance.
object pooling?
+
Reusing instantiated objects to reduce overhead and improve performance.
Object used to add relationship
+
DataRelation object is used to create relationships between DataTables.
Optimistic concurrency in ADO.NET?
+
Optimistic concurrency allows multiple users to access data and checks for
conflicts
only when updating.
OrderBy/ThenBy in LINQ?
+
Sorts collection first by OrderBy, then further sorting with ThenBy.
Parameterized query in ADO.NET?
+
A parameterized query uses parameters to prevent SQL injection and pass
values
safely.
Parameterized query?
+
Prevents SQL injection and allows passing parameters safely in SqlCommand.
Parameters in ADO.NET?
+
Parameters are used in parameterized queries or stored procedures to prevent
SQL
injection and pass values securely.
Pessimistic concurrency in ADO.NET?
+
Pessimistic concurrency locks data while a user is editing to prevent
conflicts.
Preferred method for executing SQL with parameters?
+
Use Parameterized queries with SqlCommand and Parameters collection. This
prevents
SQL injection and handles data safely.
Projection in LINQ?
+
Selecting specific columns or transforming data with Select().
Properties and Methods of Command Object.
+
Properties: CommandText, Connection, CommandType., Methods: ExecuteReader(),
ExecuteScalar(), ExecuteNonQuery().
Provider used for MS Access, Oracle, etc.
+
The OleDb provider is used to connect to multiple heterogeneous databases
like MS
Access, Excel, and Oracle.
RowVersion in ADO.NET?
+
RowVersion represents the state of a DataRow (Original, Current, Proposed)
for
concurrency control.
SqlCommand Object?
+
The SqlCommand object executes SQL queries and stored procedures against a
SQL
Server database. It supports methods like ExecuteReader(), ExecuteScalar(),
and
ExecuteNonQuery().
SqlCommand?
+
Executes SQL queries, commands, and stored procedures on a database.
SqlCommandBuilder?
+
SqlCommandBuilder auto-generates Insert, Update, and Delete commands for a
DataAdapter based on a select query. It reduces manual SQL writing.
SqlTransaction in ADO.NET?
+
SqlTransaction allows executing multiple commands as a single transaction
with
commit or rollback.
SqlTransaction?
+
SqlTransaction ensures multiple operations execute as a single unit. If any
operation fails, the entire transaction can be rolled back.
Stop a running thread?
+
Threads can be stopped using Thread.Abort(), CancellationToken, or
cooperative
flag-based termination (recommended).
Strongly typed DataSet?
+
Strongly typed DataSet has a predefined schema and provides compile-time
checking of
tables and columns.
System.Data Namespace Class.
+
System.Data namespace provides classes for working with relational data. It
includes
DataTable, DataSet, DataRelation, DataColumn, and connection-related
classes.
TableMapping in ADO.NET?
+
TableMapping maps source table names from a DataAdapter to destination
DataSet table
names.
Transaction in ADO.NET?
+
A transaction is a set of operations executed as a single unit, ensuring
ACID
properties.
Transactions and Concurrency in ADO.NET?
+
Transactions ensure multiple database operations execute as a unit
(commit/rollback). Concurrency manages simultaneous access using locking or
optimistic/pessimistic control.
Transactions in ADO.NET?
+
Ensures a set of operations execute as a unit; rollback occurs on failure.
Two Fundamental Objects in ADO.NET.
+
· Connection Object, · Command Object
Two important ADO.NET objects?
+
DataReader for connected model and DataSet for disconnected model.
Typed vs. Untyped Dataset
+
Typed DataSet has predefined schema with IntelliSense support. Untyped
DataSet does
not have fixed schema and works with dynamic tables.
Use of connection object?
+
Creates a link to the database and opens/closes transactions and commands.
Use of DataSet Object.
+
A DataSet stores multiple tables in memory, supports XML formatting,
relational
mapping, and offline work. Changes can later be synchronized with the
database via
DataAdapter.
Use of DataView
+
DataView provides a filtered, sorted view of a DataTable without modifying
actual
data. It supports searching, sorting, and binding to UI controls.
Use of SqlCommand object?
+
Executes SQL statements: SELECT, INSERT, UPDATE, DELETE, stored procedures.
Uses of Stored Procedure
+
Stored procedures enhance performance, security, reusability, and reduce
traffic by
executing on the server.
Which object needs to be closed?
+
Objects like Connection, DataReader, and XmlReader must be closed to release
resources.
XML support in ADO.NET?
+
ADO.NET can read, write, and manipulate XML using DataSet, DataTable, and
XML
methods like ReadXml and WriteXml.
Access data from DataReader?
+
Call ExecuteReader() and iterate rows using Read(). Access values using
index or
column names. It is forward-only and read-only.
ADO.NET Components.
+
Key components are:, · Connection, · Command, · DataReader, · DataAdapter, ·
DataSet, Each helps in performing database operations efficiently.
ADO.NET Data Provider?
+
A Data Provider is a set of classes (Connection, Command, DataAdapter,
DataReader)
that interacts with a specific database like SQL Server, Oracle, or OleDb.
ADO.NET Data Providers?
+
Examples:, · SqlClient, · OleDb, · Odbc, · OracleClient
ADO.NET?
+
ADO.NET is a set of classes in the .NET framework used to access and
manipulate data
from data sources such as SQL Server, Oracle, and XML.
ADO.NET?
+
ADO.NET is a .NET framework component used to interact with databases. It
provides
disconnected and connected communication models and supports commands, data
readers,
connection objects, and datasets.
ADO.NET?
+
ADO.NET is a data access framework in .NET used to interact with databases.
It
supports connected and disconnected models and works with SQL Server,
Oracle, and
others.
ADO.NET?
+
ADO.NET is a data access framework in .NET for interacting with databases
using
DataReader, DataSet, and DataAdapter.
Advantages of ADO.NET?
+
Supports disconnected model, XML integration, scalable architecture, and
high
performance. Works with multiple data sources and provides secure
parameterized
queries.
Aggregate in LINQ?
+
Perform operations like Sum, Count, Min, Max, Average on collections.
Authentication techniques for SQL Server
+
Common authentication types are Windows Authentication, SQL Server
Authentication,
and Mixed Mode Authentication.
Benefits of ADO.NET?
+
Scalable, secure, supports XML, disconnected architecture, multiple DB
providers.
Best method to get two values
+
Use ExecuteReader() or stored procedure returning multiple columns.
BindingSource class in ADO.NET?
+
BindingSource acts as a mediator between UI and data. It simplifies sorting,
filtering, and navigation with data controls like DataGridView.
boxing and unboxing?
+
Boxing converts a value type into object type. Unboxing extracts the value
back.
Boxing/unboxing?
+
Boxing: value type → object, Unboxing: object → value type
Can multiple tables be loaded into a DataSet?
+
Yes, multiple tables can be loaded into a DataSet using DataAdapter.Fill(),
and
relationships can be defined between them.
Catch multiple exceptions at once?
+
Use catch(Exception ex) when(ex is X || ex is Y) or multiple catch blocks.
Classes available in System.Data Namespace
+
Includes DataSet, DataTable, DataRow, DataColumn, DataRelation, Constraint,
and
DataView.
Classes in System.Data.Common Namespace
+
Includes DbConnection, DbCommand, DbDataAdapter, DbDataReader, and
DbParameter,
offering provider-independent access.
Clear(), Clone(), Copy() in DataSet?
+
Clear(): removes all data, keeps schema, Clone(): copies schema only,
Copy(): copies
schema + data
Clone() method of DataSet?
+
Clone() copies the structure of a DataSet including tables, schemas, and
constraints. It does not copy data. It is used when the same schema is
needed for
new datasets.
Command object in ADO.NET?
+
Command object represents an SQL statement or stored procedure to execute
against a
data source.
Commands used with DataAdapter
+
DataAdapter uses SelectCommand, InsertCommand, UpdateCommand, and
DeleteCommand for
CRUD operations. These commands define how data is fetched and updated
between
DataSet and database.
Components of ADO.NET Data Provider
+
ADO.NET Data Provider consists of four main objects: Connection, Command,
DataReader, and DataAdapter. The Connection connects to the database,
Command
executes SQL, DataReader retrieves forward-only data, and DataAdapter fills
DataSets
and updates changes.
Concurrency in EF?
+
Manages simultaneous access to data using Optimistic or Pessimistic
concurrency.
Connection object in ADO.NET?
+
Connection object represents a connection to a data source and is used to
open and
close connections.
Connection object properties and members?
+
Common properties include ConnectionString, State, Database, ServerVersion,
and
DataSource. Methods include Open(), Close(), CreateCommand(), and
BeginTransaction().
Connection Object?
+
The connection object establishes communication between application and
database. It
includes connection strings and manages session initiation and termination.
Connection pooling in ADO.NET?
+
Connection pooling reuses active connections to improve performance instead
of
opening a new connection every time.
Connection Pooling in ADO.NET?
+
Connection pooling reuses existing database connections instead of creating
new ones
repeatedly. It improves performance and reduces overhead by efficiently
managing
active and idle connections.
Connection Pooling?
+
Reuses previously opened DB connections to reduce overhead and improve
scalability.
Connection pooling?
+
Reuses open database connections to improve performance and scalability.
Connection timeout in ADO.NET?
+
Connection timeout specifies the time to wait while establishing a
connection before
throwing an exception.
ConnectionString?
+
Defines DB server, database name, credentials, and options for establishing
connection.
Copy() method of DataSet?
+
Copy() creates a duplicate DataSet including structure and data. It is
useful when
preserving a dataset snapshot.
Create and Manage Connections in ADO.NET?
+
Use classes like SqlConnection with a valid connection string. Methods such
as
Open() and Close() handle connection lifecycle, often used inside using(){}
blocks.
Create SqlConnection?
+
SqlConnection con = new SqlConnection("connectionString");, con.Open();
DAO?
+
DAO (Data Access Object) is a design pattern used to abstract and
encapsulate
database access logic. It helps separate persistence logic from business
logic.
Data Providers in ADO.NET
+
Examples include SqlClient, OleDb, OracleClient, Odbc, and EntityClient.
DataAdapter and its Property?
+
DataAdapter is used to transfer data between database and DataSet.
Properties
include SelectCommand, InsertCommand, UpdateCommand, and DeleteCommand.
DataAdapter in ADO.NET?
+
DataAdapter acts as a bridge between a DataSet and a data source for
retrieving and
saving data.
DataAdapter in ADO.NET?
+
DataAdapter acts as a bridge between the database and DataSet. It uses
select,
insert, update, and delete commands to sync data between memory and the
database.
DataAdapter?
+
Acts as a bridge between DataSet and database for retrieving and updating
data.
DataAdapter?
+
Acts as a bridge between DataSet and DB, provides methods for Fill() and
Update().
DataColumn, DataRow, DataTable relationship?
+
DataTable holds rows and columns; DataRow is a record; DataColumn defines
schema.
DataReader in ADO.NET?
+
DataReader is a forward-only, read-only stream of data from a data source,
optimized
for performance.
DataReader Object?
+
A fast, forward-only, read-only way to retrieve data from a database. Works
in
connected mode.
DataReader?
+
A DataReader provides fast, forward-only reading of results from a query. It
keeps
the connection open while reading data, making it ideal for large datasets.
DataReader?
+
Forward-only, read-only, fast access to database records.
DataRelation Class?
+
It establishes parent-child relational mapping between DataTables inside a
DataSet,
similar to foreign keys in a database.
DataSet in ADO.NET?
+
DataSet is an in-memory, disconnected collection of data tables,
relationships, and
constraints.
Dataset Object?
+
A disconnected, in-memory collection of DataTables supporting relationships
and XML.
DataSet replaces ADO Recordset?
+
Dataset provides disconnected, XML-based storage, supporting multiple
tables,
relationships, and offline editing. Unlike Recordset, it does not require a
live
database connection.
DataSet?
+
An in-memory representation of tables, relationships, and constraints,
supports
disconnected data.
DataTable in ADO.NET?
+
DataTable is a single in-memory table of data in a DataSet.
DataTable in ADO.NET?
+
A DataTable stores rows and columns similar to a database table. It exists
in memory
and can be part of a DataSet, supporting constraints, relations, and
indexing.
DataView in ADO.NET?
+
DataView provides a customizable view of a DataTable, allowing sorting,
filtering,
and searching.
DataView?
+
A DataView provides a sorted, filtered view of a DataTable without modifying
the
actual data. It supports searching and custom ordering.
DataView?
+
DataView provides filtered and sorted views of a DataTable without modifying
original data.
Default CommandTimeout value
+
The default value of CommandTimeout is 30 seconds.
Define DataSet structure?
+
A DataSet stores relational data in memory as tables, relations, and
constraints. It
can contain multiple DataTables and supports XML schema definitions using
ReadXmlSchema() and WriteXmlSchema().
DifBet AcceptChanges() and RejectChanges() in DataSet?
+
AcceptChanges() commits changes to DataSet; RejectChanges() rolls back
changes.
DifBet AcceptChanges() and RejectChanges()?
+
AcceptChanges commits changes; RejectChanges reverts changes to original
state.
DifBet ADO and ADO.NET?
+
ADO is COM-based and works with connected architecture; ADO.NET is
.NET-based and
supports both connected and disconnected architecture.
DifBet BeginTransaction() and EnlistTransaction()?
+
BeginTransaction starts a local transaction; EnlistTransaction enrolls the
connection in a distributed transaction.
DifBet Close() and Dispose() on SqlConnection?
+
Close() closes the connection; Dispose() releases all resources used by the
connection object.
DifBet CommandBehavior.CloseConnection and default
behavior?
+
CloseConnection automatically closes connection when DataReader is closed;
default
keeps connection open.
DifBet CommandType.Text and
CommandType.StoredProcedure?
+
CommandType.Text executes raw SQL queries; CommandType.StoredProcedure
executes
stored procedures.
DifBet connected and disconnected architecture in
ADO.NET?
+
Connected architecture uses active database connection (DataReader);
disconnected
architecture uses in-memory objects (DataSet).
DifBet connected and disconnected DataSet updates?
+
Connected updates immediately affect the database; disconnected updates
require
calling DataAdapter.Update().
DifBet connection string and connection object?
+
Connection string contains parameters to connect to database; connection
object uses
connection string to establish connection.
DifBet DataAdapter.Fill(DataSet) and Fill(DataTable)?
+
Fill(DataSet) can load multiple tables; Fill(DataTable) loads single table.
DifBet DataAdapter.MissingSchemaAction.AddWithKey and
Add?
+
AddWithKey loads primary key info; Add loads only columns without keys.
DifBet DataAdapter.Update() and
SqlCommand.ExecuteNonQuery()?
+
Update() propagates DataSet changes; ExecuteNonQuery executes a single SQL
command.
DifBet DataColumn.Expression and DataTable.Compute()?
+
DataColumn.Expression defines calculated column in DataTable; Compute
evaluates
expression on-demand.
DifBet DataReader and DataAdapter?
+
DataReader is forward-only, read-only, connected; DataAdapter works with
DataSet in
disconnected mode.
DifBet DataReader and DataSet?
+
DataReader is connected, fast, and read-only; DataSet is disconnected, can
hold
multiple tables, and supports updates.
DifBet DataRowState.Added, Modified, Deleted, and
Unchanged?
+
Added: new row; Modified: updated row; Deleted: marked for deletion;
Unchanged: no
changes.
DifBet DataSet and DataTable?
+
DataSet can hold multiple tables and relationships; DataTable represents a
single
table.
DifBet DataSet.EnforceConstraints = true and false?
+
True enforces constraints (keys, relationships); false disables constraint
checking
temporarily.
DifBet DataSet.GetChanges() and
DataSet.AcceptChanges()?
+
GetChanges() returns a copy of changes made; AcceptChanges() commits changes
to
DataSet.
DifBet DataSet.Merge() and ImportRow()?
+
Merge combines two DataSets while preserving changes; ImportRow copies a
single
DataRow into another DataTable.
DifBet DataSet.ReadXml() and DataSet.WriteXml()?
+
ReadXml loads data from XML; WriteXml saves data to XML.
DifBet DataSet.ReadXmlSchema() and
DataSet.WriteXmlSchema()?
+
ReadXmlSchema reads only schema; WriteXmlSchema writes only schema to XML.
DifBet DataSet.Relations.Add() and
DataTable.ChildRelations?
+
Relations.Add() creates relationship between tables; ChildRelations shows
existing
child relations.
DifBet DataSet.Tables and DataSet.Tables[TableName"]?"
+
Tables returns collection of all tables; Tables[TableName"] returns specific
table."
DifBet DataTable.Compute() and DataView.RowFilter?
+
Compute evaluates expressions like SUM, COUNT; RowFilter filters rows
dynamically.
DifBet DataTable.NewRow() and DataTable.Rows.Add()?
+
NewRow() creates a new DataRow; Rows.Add() adds DataRow to DataTable.
DifBet DataTable.Select() and DataView.RowFilter?
+
DataTable.Select() returns an array of DataRows; DataView.RowFilter filters
rows
dynamically in a DataView.
DifBet disconnected DataSet and connected DataReader?
+
DataSet is disconnected and can store multiple tables; DataReader is
connected,
forward-only, and read-only.
DifBet disconnected DataSet and XML in ADO.NET?
+
DataSet stores relational data in memory; XML stores hierarchical data in a
text
format.
DifBet ExecuteReader, ExecuteScalar, and
ExecuteNonQuery?
+
ExecuteReader returns a DataReader; ExecuteScalar returns a single value;
ExecuteNonQuery executes commands like INSERT, UPDATE, DELETE.
DifBet ExecuteScalar() and ExecuteNonQuery()?
+
ExecuteScalar returns a single value; ExecuteNonQuery returns number of rows
affected.
DifBet ExecuteXmlReader() and ExecuteReader()?
+
ExecuteXmlReader() returns XML data as XmlReader; ExecuteReader() returns
relational
data as DataReader.
DifBet Fill() and Update() methods in DataAdapter?
+
Fill() populates a DataSet with data from a data source; Update() saves
changes from
a DataSet back to the data source.
DifBet FillSchema() and Fill() in DataAdapter?
+
FillSchema() loads structure (columns, constraints); Fill() loads data into
DataSet.
DifBet GetSchema() and DataTable.Columns?
+
GetSchema() retrieves database metadata; DataTable.Columns retrieves column
info of
DataTable.
DifBet Load() and Fill() in DataAdapter?
+
Load() loads data into DataTable directly; Fill() loads data into DataSet.
DifBet multiple ResultSets and DataSet.Tables?
+
Multiple ResultSets are multiple queries from database; DataSet.Tables
stores
multiple tables in memory.
DifBet optimistic concurrency using Timestamp and
original values?
+
Timestamp compares version number for updates; original values compare
previous data
values.
DifBet ReadOnly and ReadWrite DataSet?
+
ReadOnly DataSet cannot update the source; ReadWrite DataSet allows changes
to be
persisted back.
DifBet schema-only and key information loading?
+
Schema-only loads column structure; key information includes primary,
foreign keys,
and constraints.
DifBet SqlBulkCopy and DataAdapter.Update()?
+
SqlBulkCopy is fast bulk insert; DataAdapter.Update() updates based on
DataRow
changes.
DifBet SqlCommand and OleDbCommand?
+
SqlCommand is SQL Server-specific; OleDbCommand works with OLE DB providers
for
multiple databases.
DifBet SqlCommand.ExecuteReader(CommandBehavior)
options?
+
Options like SingleRow, SingleResult, CloseConnection modify behavior of
DataReader.
DifBet SqlCommand.Parameters.Add() and AddWithValue()?
+
Add() allows specifying type and size; AddWithValue() infers type from
value.
DifBet SqlCommandBuilder and manually writing SQL
commands?
+
CommandBuilder automatically generates INSERT, UPDATE, DELETE commands;
manual SQL
provides more control.
DifBet SqlConnection and OleDbConnection?
+
SqlConnection is specific to SQL Server; OleDbConnection is generic and can
connect
to multiple databases via OLE DB provider.
DifBet SqlDataAdapter and OleDbDataAdapter?
+
SqlDataAdapter is SQL Server-specific; OleDbDataAdapter works with OLE DB
providers
for multiple databases.
DifBet SqlDataAdapter and SqlDataReader?
+
DataAdapter works with disconnected DataSet; DataReader is connected and
forward-only.
DifBet SqlDataAdapter.Fill() and
SqlDataAdapter.FillSchema()?
+
Fill() loads data; FillSchema() loads table structure including constraints.
DifBet SqlDataReader and SqlDataAdapter?
+
SqlDataReader is connected, fast, and read-only; SqlDataAdapter works in
disconnected mode with DataSet.
DifBet synchronous and asynchronous ADO.NET
operations?
+
Synchronous operations block until complete; asynchronous operations run in
background without blocking.
DifBet TableMapping and ColumnMapping?
+
TableMapping maps source table names to DataSet tables; ColumnMapping maps
source
columns to DataSet columns.
DifBet typed and untyped DataSet?
+
Typed DataSet has a predefined schema with compile-time checks; untyped is
generic
and dynamic.
DiffBet ADO and ADO.NET.
+
ADO is connected and recordset-based, whereas ADO.NET supports disconnected
architecture using DataSet. ADO.NET is XML-based and works well with
distributed
applications.
DiffBet ADO and ADO.NET?
+
ADO uses connected model and Recordsets. ADO.NET supports disconnected
model, XML,
and multiple tables.
DiffBet Command and CommandBuilder
+
Command executes SQL statements, while CommandBuilder automatically
generates SQL
(Insert, Update, Delete) commands for DataAdapters.
DiffBet connected and disconnected model?
+
Connected: DataReader, requires live DB connection., Disconnected: DataSet,
DataAdapter, works offline.
DiffBet DataReader and DataAdapter?
+
DataReader is forward-only, read-only; DataAdapter fills DataSet and
supports
disconnected operations.
DiffBet DataReader and DataSet.
+
· DataReader: forward-only, read-only, connected model, high performance., ·
DataSet: in-memory collection, disconnected model, supports navigation and
editing.
DiffBet DataReader and Dataset?
+
DataReader is fast, connected, read-only; Dataset is disconnected, editable,
and
supports multiple tables.
DiffBet DataSet and DataReader.
+
(Already answered in Q5, summarized above.)
DiffBet DataSet and Recordset?
+
DataSet is disconnected, supports multiple tables and relationships.,
Recordset is
connected and read-only or updatable depending on type.
DiffBet Dataset.Clone and Dataset.Copy
+
Clone() copies only the schema of the DataSet without data. Copy()
duplicates both
the schema and data, creating a full dataset replica.
DiffBet ExecuteScalar, ExecuteReader, ExecuteNonQuery?
+
Scalar: single value, Reader: forward-only rows, NonQuery:
update/delete/insert.
DiffBet Fill() and Update()?
+
Fill() loads data from DB to DataSet; Update() writes changes back to DB.
DiffBet IQueryable and IEnumerable?
+
IQueryable: server-side execution, LINQ to SQL/Entities, IEnumerable:
client-side,
in-memory
DiffBet OLEDB and SQLClient Providers
+
OLEDB provider works with multiple data sources like Access, Oracle, and
Excel,
while SQLClient is optimized specifically for SQL Server. SQLClient offers
better
speed, security, and support for SQL Server features like stored procedures
and
transactions.
Difference: Response.Expires vs
Response.ExpiresAbsolute
+
Expires specifies duration in minutes. ExpiresAbsolute sets exact expiration
date/time.
Different Execute Methods in ADO.NET
+
Key execution methods include ExecuteReader() for row data, ExecuteScalar()
for a
single value, ExecuteNonQuery() for insert/update/delete operations, and
ExecuteXmlReader() for XML data.
Disconnected data?
+
Disconnected data allows retrieving, modifying, and working with data
without
continuous DB connection. DataSet and DataTable support this model.
Dispose() in ADO.NET?
+
Releases unmanaged resources like DB connections, commonly used with using
block.
Do we use stored procedures in ADO.NET?
+
Yes, stored procedures can be executed using the Command object by setting
CommandType.StoredProcedure.
EF Migration?
+
Updates DB schema as models evolve without losing data.
Execute raw SQL in EF?
+
Use context.Database.SqlQuery() or ExecuteSqlCommand().
ExecuteNonQuery()?
+
This method executes commands that do not return results (Insert, Update,
Delete).
It returns the number of affected rows.
ExecuteNonQuery()?
+
Executes insert, update, or delete commands and returns affected row count.
ExecuteReader()?
+
Executes a query and returns a DataReader for reading rows forward-only.
ExecuteScalar()?
+
ExecuteScalar() returns a single value from a query, typically used for
count, sum,
or identity queries. It is faster than returning full data structures.
ExecuteScalar()?
+
Executes a query that returns a single value (first column of first row).
Explain DataTable, DataRow & DataColumn relationship.
+
DataTable stores rows and columns of data. DataRow represents a single
record, while
DataColumn defines the schema (fields). Together they form structured
tabular data.
Explain ExecuteReader().
+
ExecuteReader returns a DataReader object to read result sets row-by-row in
forward-only mode, ideal for performance in large data retrieval.
Explain ExecuteXmlReader?
+
ExecuteXmlReader is used with SQL Server to read XML data returned by a
command. It
returns an XmlReader object that allows forward-only streaming of XML. It is
useful
when retrieving XML documents from queries or stored procedures.
Explain OleDbDataAdapter Command Properties with
Example?
+
OleDbDataAdapter has properties like SelectCommand, InsertCommand,
UpdateCommand,
and DeleteCommand. These commands define SQL operations for reading and
updating
data. Example:, adapter.SelectCommand = new OleDbCommand("SELECT * FROM
Students",
connection);
Explain the Clear() method of DataSet?
+
Clear() removes all rows from all DataTables within the DataSet. The
structure
remains intact, but data is deleted. It is useful when reloading fresh data.
Explain the ExecuteScalar method in ADO.NET?
+
ExecuteScalar executes a SQL command and returns a single scalar value. It
is
commonly used for aggregate queries like COUNT(), MAX(), MIN(), or
retrieving a
single field. It improves performance as it does not return rows or a
dataset. It
returns the first column of the first row.
Features of ADO.NET?
+
Disconnected model, XML support, DataReader, DataSet, DataAdapter, object
pooling.
Filtering in LINQ?
+
Using Where() to filter elements by a condition.
GetChanges() in DataSet?
+
Returns modified rows (Added, Deleted, Modified) from DataSet for update
operations.
GetChanges()?
+
GetChanges() returns a copy of DataSet with only changed rows (Added,
Deleted,
Modified). Useful for updating only modified records.
Grouping in LINQ?
+
Organizes elements into groups based on a key using GroupBy().
HasChanges() in DataSet?
+
Checks if DataSet has any changes since last load or accept changes.
HasChanges() method of DataSet?
+
HasChanges() checks if the DataSet contains modified, deleted, or new rows.
It
returns true if changes exist, helping detect update needs.
IDisposable?
+
Interface for releasing unmanaged resources manually via Dispose().
Immediate Execution in LINQ?
+
Using methods like ToList(), Count() forces query execution immediately.
Important Classes in ADO.NET.
+
Key classes include SqlConnection, SqlCommand, SqlDataReader,
SqlDataAdapter,
DataSet, DataTable, and SqlParameter.
Is it possible to edit data in Repeater control?
+
No, Repeater does not provide built-in editing support like GridView.
Joining in LINQ?
+
Combines collections/tables based on key with Join() or GroupJoin().
Keyword to accept variable parameters
+
The keyword params is used to accept a variable number of arguments in C#.
Layers of ADO.NET
+
The two layers are Connected Layer (Connection, Command, DataReader) and
Disconnected Layer (DataSet, DataTable, DataAdapter).
Lazy vs eager loading in EF?
+
Lazy: loads related entities on demand, Eager: loads with query using
Include()
LINQ deferred execution?
+
Query runs only when enumerated (foreach, ToList()).
LINQ?
+
LINQ (Language Integrated Query) allows querying data using C# syntax across
objects, SQL, XML, and Entity Framework.
LINQ?
+
LINQ (Language Integrated Query) allows querying objects, collections,
databases,
and XML using C# language syntax.
Main components of ADO.NET?
+
Connection, Command, DataReader, DataSet, DataAdapter, DataTable, and
DataView.
Method in OleDbAdapter to populate dataset
+
The method is Fill(), used to load records into DataSet/DataTable.
Method in OleDbDataAdapter populates a dataset with
records?
+
The Fill() method of OleDbDataAdapter populates a DataSet or DataTable with
data. It
executes the SELECT command and loads the returned rows into the dataset for
disconnected use.
Method to execute SQL returning single value
+
The method is ExecuteScalar(), which returns the first column of the first
row.
Method used to read XML daily
+
The Read() or Load() methods using XmlReader or XDocument are used to
process XML
files.
Method used to sort data
+
Sorting can be done using DataView.Sort property.
Methods of DataSet.
+
Common methods include AcceptChanges(), RejectChanges(), ReadXml(),
WriteXml(), and
GetChanges() for data manipulation and synchronization.
Methods of XML DataSet Object
+
Common methods include ReadXml(), WriteXml(), ReadXmlSchema(), and
WriteXmlSchema(),
which allow reading and writing XML data and schema.
Methods under SqlCommand
+
Common methods include ExecuteReader(), ExecuteScalar(), ExecuteNonQuery(),
ExecuteXmlReader(), Cancel(), Prepare() and ExecuteAsync() for asynchronous
calls.
Namespaces for Data Access.
+
Common namespaces:, · System.Data, · System.Data.SqlClient, ·
System.Data.OleDb
Namespaces used in ADO.NET?
+
Common namespaces:, · System.Data, · System.Data.SqlClient, ·
System.Data.OleDb
Navigation property in EF?
+
Represents relationships and allows traversing related entities easily.
Object Pooling?
+
A technique to reuse created objects instead of recreating new ones,
improving
performance.
object pooling?
+
Reusing instantiated objects to reduce overhead and improve performance.
Object used to add relationship
+
DataRelation object is used to create relationships between DataTables.
Optimistic concurrency in ADO.NET?
+
Optimistic concurrency allows multiple users to access data and checks for
conflicts
only when updating.
OrderBy/ThenBy in LINQ?
+
Sorts collection first by OrderBy, then further sorting with ThenBy.
Parameterized query in ADO.NET?
+
A parameterized query uses parameters to prevent SQL injection and pass
values
safely.
Parameterized query?
+
Prevents SQL injection and allows passing parameters safely in SqlCommand.
Parameters in ADO.NET?
+
Parameters are used in parameterized queries or stored procedures to prevent
SQL
injection and pass values securely.
Pessimistic concurrency in ADO.NET?
+
Pessimistic concurrency locks data while a user is editing to prevent
conflicts.
Preferred method for executing SQL with parameters?
+
Use Parameterized queries with SqlCommand and Parameters collection. This
prevents
SQL injection and handles data safely.
Projection in LINQ?
+
Selecting specific columns or transforming data with Select().
Properties and Methods of Command Object.
+
Properties: CommandText, Connection, CommandType., Methods: ExecuteReader(),
ExecuteScalar(), ExecuteNonQuery().
Provider used for MS Access, Oracle, etc.
+
The OleDb provider is used to connect to multiple heterogeneous databases
like MS
Access, Excel, and Oracle.
RowVersion in ADO.NET?
+
RowVersion represents the state of a DataRow (Original, Current, Proposed)
for
concurrency control.
SqlCommand Object?
+
The SqlCommand object executes SQL queries and stored procedures against a
SQL
Server database. It supports methods like ExecuteReader(), ExecuteScalar(),
and
ExecuteNonQuery().
SqlCommand?
+
Executes SQL queries, commands, and stored procedures on a database.
SqlCommandBuilder?
+
SqlCommandBuilder auto-generates Insert, Update, and Delete commands for a
DataAdapter based on a select query. It reduces manual SQL writing.
SqlTransaction in ADO.NET?
+
SqlTransaction allows executing multiple commands as a single transaction
with
commit or rollback.
SqlTransaction?
+
SqlTransaction ensures multiple operations execute as a single unit. If any
operation fails, the entire transaction can be rolled back.
Stop a running thread?
+
Threads can be stopped using Thread.Abort(), CancellationToken, or
cooperative
flag-based termination (recommended).
Strongly typed DataSet?
+
Strongly typed DataSet has a predefined schema and provides compile-time
checking of
tables and columns.
System.Data Namespace Class.
+
System.Data namespace provides classes for working with relational data. It
includes
DataTable, DataSet, DataRelation, DataColumn, and connection-related
classes.
TableMapping in ADO.NET?
+
TableMapping maps source table names from a DataAdapter to destination
DataSet table
names.
Transaction in ADO.NET?
+
A transaction is a set of operations executed as a single unit, ensuring
ACID
properties.
Transactions and Concurrency in ADO.NET?
+
Transactions ensure multiple database operations execute as a unit
(commit/rollback). Concurrency manages simultaneous access using locking or
optimistic/pessimistic control.
Transactions in ADO.NET?
+
Ensures a set of operations execute as a unit; rollback occurs on failure.
Two Fundamental Objects in ADO.NET.
+
· Connection Object, · Command Object
Two important ADO.NET objects?
+
DataReader for connected model and DataSet for disconnected model.
Typed vs. Untyped Dataset
+
Typed DataSet has predefined schema with IntelliSense support. Untyped
DataSet does
not have fixed schema and works with dynamic tables.
Use of connection object?
+
Creates a link to the database and opens/closes transactions and commands.
Use of DataSet Object.
+
A DataSet stores multiple tables in memory, supports XML formatting,
relational
mapping, and offline work. Changes can later be synchronized with the
database via
DataAdapter.
Use of DataView
+
DataView provides a filtered, sorted view of a DataTable without modifying
actual
data. It supports searching, sorting, and binding to UI controls.
Use of SqlCommand object?
+
Executes SQL statements: SELECT, INSERT, UPDATE, DELETE, stored procedures.
Uses of Stored Procedure
+
Stored procedures enhance performance, security, reusability, and reduce
traffic by
executing on the server.
Which object needs to be closed?
+
Objects like Connection, DataReader, and XmlReader must be closed to release
resources.
XML support in ADO.NET?
+
ADO.NET can read, write, and manipulate XML using DataSet, DataTable, and
XML
methods like ReadXml and WriteXml.
JKM Agile methodology
12 principles of agile?
+
Principles include customer satisfaction welcoming change frequent delivery
collaboration motivated individuals working software as measure of progress
sustainable development technical excellence simplicity self-organizing
teams
reflection and continuous improvement.
Acceptance criteria?
+
Acceptance criteria define the conditions a user story must meet to be
considered
complete.
Acceptance testing?
+
Acceptance testing verifies that software meets business requirements and
user
expectations.
Adaptive planning?
+
Adaptive planning adjusts plans based on changing requirements and feedback.
Advantages & disadvantages of agile
+
Agile enables faster delivery, better customer collaboration, flexibility to
change,
and improved product quality. However, it may lack predictability, require
experienced teams, and may struggle with large distributed teams or
fixed-budget
environments.
Agile adoption challenges?
+
Challenges include resistance to change lack of management support poor
collaboration and unclear roles.
Agile backlog refinement best practices?
+
Review backlog regularly prioritize items clarify requirements and break
down large
stories.
Agile backlog refinement frequency?
+
Typically done once per sprint to keep backlog up-to-date and prioritized.
Agile ceremonies?
+
Agile ceremonies include sprint planning daily stand-up sprint review and
sprint
retrospective.
Agile change management?
+
Agile change management handles requirement and process changes iteratively
and
collaboratively.
Agile coach?
+
An Agile coach helps teams and organizations adopt and improve Agile
practices.
Agile continuous delivery?
+
Continuous delivery ensures software can be reliably released to production
at any
time.
Agile continuous feedback?
+
Continuous feedback ensures product and process improvements throughout
development.
Agile continuous improvement?
+
Continuous improvement involves inspecting and adapting processes tools and
practices regularly.
Agile cross-functional team benefit?
+
Cross-functional teams reduce handoffs improve collaboration and deliver
faster.
Agile customer collaboration?
+
Customer collaboration involves stakeholders throughout the development
process for
feedback and alignment.
Agile customer value?
+
Customer value refers to delivering features and functionality that meet
user needs
and expectations.
Agile documentation?
+
Agile documentation is concise just enough to support development and
collaboration.
Agile epic decomposition?
+
Breaking epics into smaller actionable user stories for implementation.
Agile estimation techniques?
+
Techniques include story points planning poker T-shirt sizing and affinity
estimation.
Agile estimation?
+
Agile estimation is the process of predicting the effort or complexity of
user
stories or tasks.
Agile frameworks?
+
They are structured methods like Scrum, Kanban, SAFe, and XP that implement
Agile
principles in development.
Agile impediment?
+
Impediment is anything blocking the team from achieving its sprint goal.
Agile kanban vs scrum?
+
Scrum uses sprints and roles; Kanban is continuous and focuses on
visualizing
workflow and limiting WIP.
Agile key success factors?
+
Key factors include collaboration clear vision empowered teams adaptive
planning and
iterative delivery.
Agile manifesto?
+
Agile manifesto is a set of values and principles guiding Agile development.
Agile maturity model?
+
Agile maturity model assesses how effectively an organization applies Agile
practices.
Agile methodology?
+
Agile is an iterative software development approach focusing on flexibility,
customer collaboration, and incremental delivery through continuous
feedback.
Agile metrics?
+
Agile metrics track team performance progress quality and predictability.
Agile mindset?
+
Agile mindset values collaboration flexibility continuous improvement and
delivering
customer value.
Agile mvp vs prototype?
+
MVP delivers minimal usable product; prototype is a preliminary model for
validation
and experimentation.
Agile pair programming?
+
Pair programming involves two developers working together at one workstation
to
improve code quality.
Agile portfolio management?
+
Portfolio management applies Agile principles to manage multiple projects
and
initiatives.
Agile process?
+
Agile process involves planning, developing in small increments, testing,
review,
and adapting based on feedback.
Agile product vision?
+
Product vision defines the long-term goal and direction of the product.
Agile project management?
+
Agile project management applies Agile principles to plan execute and
deliver
projects iteratively.
Agile quality assurance?
+
QA integrates testing early and continuously in the Agile development cycle.
Agile release planning horizon?
+
Defines a planning period for delivering features or increments usually
several
sprints.
Agile release planning?
+
Agile release planning defines a roadmap and schedule for delivering product
increments over multiple sprints.
Agile release train?
+
Release train coordinates multiple teams to deliver value in a predictable
schedule.
Agile retrospection action items?
+
Action items are improvements identified during retrospectives to implement
in
future sprints.
Agile retrospectives?
+
Retrospectives are meetings to reflect on the process discuss improvements
and take
action.
Agile risk management?
+
Agile risk management identifies assesses and mitigates risks iteratively
during
development.
Agile risk mitigation?
+
Risk mitigation involves identifying monitoring and addressing risks
iteratively.
Agile roles and responsibilities?
+
Roles include Product Owner Scrum Master Development Team and Stakeholders.
Agile scaling challenges?
+
Challenges include coordination between teams consistent processes and
maintaining
Agile culture.
Agile servant leadership role?
+
Servant leader supports team autonomy removes impediments and fosters
continuous
improvement.
Agile sprint goal?
+
Sprint goal is a clear objective that guides the team's work during a
sprint.
Agile stakeholder engagement?
+
Engaging stakeholders throughout development for feedback validation and
alignment.
Agile team collaboration?
+
Team collaboration emphasizes communication transparency and shared
responsibility.
Agile testing
+
Agile testing is a continuous testing approach aligned with Agile
development. It
focuses on early defect detection, customer feedback, and testing alongside
development rather than after coding completes.
Agile testing?
+
Agile testing involves continuous testing throughout the development
lifecycle.
Agile timeboxing benefit?
+
Timeboxing improves focus predictability and encourages timely delivery.
Agile?
+
Agile is a methodology for software development that emphasizes iterative
development collaboration and flexibility to change.
Application binary interface
+
ABI defines how software components interact at the binary level. It
standardizes
function calls, data types, and machine interfaces.
Backlog grooming or refinement?
+
The process of reviewing, prioritizing, and estimating backlog items to
ensure
readiness for future sprints.
Backlog grooming/refinement?
+
Backlog grooming is the process of reviewing and prioritizing the product
backlog.
Backlog prioritization?
+
Backlog prioritization determines the order of user stories based on value
risk and
dependencies.
Backlog refinement?
+
Ongoing process of reviewing, clarifying, and estimating backlog items to
prepare
them for future sprints.
Behavior-driven development (bdd)?
+
BDD involves writing tests in natural language to align development with
business
behavior.
Best time to use agile
+
Agile is ideal when requirements are evolving, the project needs frequent
updates,
and user feedback is essential. It suits dynamic environments and
product-based
development.
Build breaker mean?
+
A build breaker is an issue introduced into the codebase that causes the CI
pipeline
or build process to fail. It prevents deployment and needs immediate fixing
before
new features continue.
Burn-down chart?
+
A burn-down chart shows remaining work in a sprint or project over time.
Burn-up & burn-down charts
+
Burn-down charts show remaining work; burn-up charts track completed
progress. Both
help monitor sprint or project progress.
Burn-up chart?
+
A burn-up chart shows work completed versus total work in a project or
release.
Can cross-functional teams work with external
dependencies?
+
Yes, but dependencies should be managed with clear communication, planning,
and
incremental delivery.
Challenges in agile development
+
Unclear requirements, integration issues, team dependencies, cultural
resistance,
and estimation challenges are common.
Common agile metrics
+
Velocity, cycle time, burndown rate, lead time, defect density, and customer
satisfaction are common metrics.
Common agile metrics?
+
Common metrics include velocity burn-down/burn-up charts cycle time lead
time and
cumulative flow.
Confluence page template?
+
Predefined layouts to standardize documentation like architecture diagrams,
meeting
notes, or requirements.
Confluence?
+
Confluence is a collaboration wiki platform for documenting requirements,
architecture, and project knowledge.
Continuous delivery (cd)?
+
CD is the practice of automatically deploying code to production or staging
after
CI.
Continuous integration (ci)?
+
CI is the practice of frequently merging code changes to detect errors
early.
Cross-functional team?
+
A cross-functional team has members with all skills needed to deliver a
product
increment.
Cross-functional team?
+
A team where members have different skills to complete a project from end to
end,
including development, testing, and design.
Cross-functional teams handle knowledge sharing?
+
Through pair programming, documentation, workshops, demos, and
retrospectives.
Cross-functional teams important in agile?
+
They reduce handoffs, improve collaboration, accelerate delivery, and
promote shared
responsibility.
Cross-functional teams improve quality?
+
Integrated expertise reduces errors, promotes early testing, and ensures
design and
code quality throughout the sprint.
Cumulative flow diagram?
+
Visualizes work in different states over time, helping identify bottlenecks
in
workflow.
Cycle time?
+
Time taken from when work starts on a task until it is completed. Helps
measure
efficiency.
Daily stand-up meeting
+
A short 10–15 minute meeting where team members discuss what they completed,
what
they will do next, and any blockers. It improves transparency and
collaboration.
Daily stand-up?
+
Daily stand-up is a short meeting where team members share progress plans
and
blockers.
Definition of done (dod)?
+
DoD is a shared agreement of what constitutes a completed user story or
task.
Definition of done (dod)?
+
Criteria that a backlog item must meet to be considered complete, including
code
quality, testing, and documentation.
Definition of ready (dor)?
+
DoR defines conditions a user story must meet to be eligible for a sprint.
Definition of ready (dor)?
+
Criteria that a backlog item must meet before being pulled into a sprint.
Ensures
clarity and reduces blockers.
Diffbet a bug and a story in the backlog?
+
A bug represents a defect or error; a story is a new feature or enhancement.
Both
are tracked but may differ in priority.
Diffbet agile and devops?
+
Agile focuses on development process; DevOps focuses on development
deployment and
operations collaboration.
Diffbet agile and lean?
+
Agile focuses on iterative development; Lean focuses on waste reduction and
process
optimization.
Diffbet agile and waterfall?
+
Agile is iterative and flexible; Waterfall is sequential and rigid.
Diffbet burnup and burndown charts?
+
Burndown shows remaining work over time; burnup shows work completed and
total scope
over time.
Diffbet cross-functional and functional teams?
+
Cross-functional teams have multiple skill sets in one team; functional
teams are
organized by specialized roles.
Diffbet epic, feature, and user story?
+
Epic is a large goal, Feature is a smaller functionality, User Story is a
detailed,
implementable piece of work.
Diffbet jira and confluence?
+
Jira is for task and project tracking; Confluence is for documentation and
knowledge
management. Both integrate for traceability.
Diffbet product backlog and sprint backlog?
+
Product backlog is the full list of features, bugs, and enhancements. Sprint
backlog
is a subset selected for the sprint.
Diffbet scrum and kanban?
+
Scrum uses fixed sprints and roles; Kanban is continuous and focuses on
workflow
visualization.
Diffbet story points and hours?
+
Story points measure relative effort; hours estimate actual time to complete
a task.
Diffbet waterfall and agile.
+
Waterfall is linear and sequential, while Agile is iterative and flexible.
Agile
adapts to change, whereas Waterfall requires full requirements upfront.
Difference agile vs scrum
+
Agile is a broader methodology mindset, while Scrum is a specific framework
under
Agile. Scrum uses roles, ceremonies, and sprints; Agile provides principles
and
values.
Epic in agile?
+
An Epic is a large user story that can be broken into smaller stories.
Epic, user stories & tasks
+
An epic is a large feature broken into user stories. A user story describes
a
requirement from the user's perspective, and tasks break stories into
development
activities.
Exploratory testing in agile?
+
Exploratory testing is an informal testing approach where testers learn and
test
simultaneously.
Four values of agile manifesto?
+
Values: individuals & interactions > processes & tools working software >
documentation customer collaboration > contract negotiation responding to
change >
following a plan.
Impediment
+
A problem or blocker preventing a team from progressing. Scrum Master helps
resolve
it.
Importance of sprint retrospective?
+
To reflect on the sprint, identify improvements, and strengthen team
collaboration
and processes.
Importance of sprint review?
+
To demonstrate completed work, gather feedback, and validate alignment with
business
goals.
Important parts of agile process.
+
Backlog refinement, sprint cycles, continuous testing, customer involvement,
retrospectives, and deployment.
Increment
+
An increment is the sum of completed product work at the end of a sprint,
delivering
potentially shippable functionality.
Incremental delivery?
+
Delivering working software in small, usable increments rather than waiting
for a
full release.
Incremental vs iterative delivery?
+
Incremental delivers small usable pieces, iterative improves them over
cycles based
on feedback.
Is velocity used in sprint planning?
+
Velocity is the average amount of work completed in previous sprints. It
helps
estimate how much the team can commit to in the current sprint.
Iteration in agile?
+
Iteration is a time-boxed cycle of development also known as a sprint.
Iterative & incremental development
+
Iterative development improves the system through repeated cycles, while
incremental
development delivers the system in small functional parts. Agile combines
both to
deliver working software early and refine it based on feedback.
Jira issue types?
+
Common types: Epic, Story, Task, Bug, Sub-task. Each represents a different
level of
work.
Jira workflow?
+
A sequence of statuses and transitions representing the lifecycle of an
issue.
Supports automation and approvals.
Jira?
+
Jira is a project management tool used for issue tracking, Agile boards,
sprints,
and backlog management.
Kanban
+
Kanban focuses on visual workflow management using a board and continuous
delivery.
Work-in-progress limits help efficiency.
Kanban board?
+
Kanban board visualizes work items workflow stages and progress.
Kanban wip limit?
+
WIP limit restricts the number of work items in progress to improve flow and
reduce
bottlenecks.
Key outputs of sprint planning?
+
Sprint backlog, sprint goal, task estimates, and commitment of the team to
complete
selected items.
Key principles of agile?
+
Key principles include customer collaboration responding to change working
software
and individuals and interactions over processes.
Lead time?
+
Time from backlog item creation to delivery. Useful for overall process
efficiency.
Less?
+
LeSS (Large-Scale Scrum) extends Scrum principles to multiple teams working
on the
same product.
Long should sprint planning take?
+
Typically 2–4 hours for a 2-week sprint. Longer sprints may require more
time
proportionally.
Main roles in scrum
+
Scrum has three key roles: Product Owner, who manages backlog and
priorities; Scrum
Master, who ensures process compliance and removes blockers; and the
Development
Team, responsible for delivering increments every sprint.
Major agile components.
+
User stories, sprint planning, backlog, iterations, stand-up meetings,
sprint
reviews, and retrospectives.
Minimum viable product (mvp)?
+
MVP is the simplest version of a product that delivers value and can gather
feedback.
Moscow prioritization?
+
MoSCoW prioritization categorizes backlog items as Must have Should have
Could have
and Won't have.
Nexus?
+
Nexus is a framework to scale Scrum across multiple teams with integrated
work.
Obstacles to agile
+
Challenges include resistance to change, unclear requirements, lack of
training,
poor communication, distributed teams, and legacy constraints.
Often should backlog be refined?
+
Ongoing, but typically once per sprint, about 5–10% of the sprint time is
used for
grooming.
Other agile frameworks
+
Kanban, XP (Extreme Programming), SAFe, Crystal, and Lean are major
frameworks
besides Scrum.
Pair programming
+
Two developers work together on one workstation. It improves code quality,
knowledge
sharing, and reduces errors., QA collaborates from the start, writes
acceptance
criteria, tests continuously, and ensures quality through automation and
feedback.
Participates in sprint planning?
+
The Scrum Master, Product Owner, and Development Team participate. PO
clarifies
backlog items, Dev Team estimates effort, and Scrum Master facilitates.
Planning poker
+
A collaborative estimation technique where teams assign story points using
cards.
Helps achieve shared understanding and consensus.
Planning poker?
+
Planning Poker is a consensus-based estimation technique using cards with
story
points.
Popular agile tools
+
Common Agile tools include Jira, Trello, Azure DevOps, Asana, Rally,
Monday.com, and
VersionOne. They help manage backlogs, tasks, sprints, and reporting.
Principles of agile testing
+
Principles include customer-focused testing, continuous feedback, early
testing,
frequent delivery, collaboration, and embracing change. Testing is seen as a
shared
responsibility, not a separate stage.
Product backlog?
+
The product backlog is a prioritized list of features enhancements and fixes
for the
product.
Product backlog?
+
An ordered list of features, bugs, and technical work maintained by the
Product
Owner. It evolves continuously as requirements change.
Product increment?
+
Product increment is the sum of all completed work in a sprint that meets
the
definition of done.
Product owner?
+
Product Owner represents stakeholders manages the backlog and ensures value
delivery.
Product roadmap
+
A strategic plan outlining vision, milestones, timelines, and prioritized
features
for product development.
Purpose of sprint planning
+
Sprint planning determines sprint goals, selects backlog items, and defines
how the
work will be completed.
Qualities of a scrum master
+
A Scrum Master should have communication and facilitation skills,
problem-solving
ability, servant leadership mindset, patience, and knowledge of Agile
principles to
guide the team effectively.
Qualities of an agile tester
+
An Agile tester should be collaborative, adaptable, and proactive. They must
understand business requirements, communicate well, and focus on continuous
improvement and quick feedback cycles.
Refactoring
+
Refactoring improves existing code without changing its external behavior.
It
enhances readability, performance, and maintainability while reducing
technical
debt.
Release candidate
+
A nearly completed product version ready for final testing and approval
before
release.
Responsible for backlog management?
+
The Product Owner is primarily responsible, with input from stakeholders and
the
development team.
Retrospectives improve delivery?
+
They help identify process improvements, bottlenecks, and team collaboration
issues
to improve future sprints.
Role of scrum master in sprint planning?
+
Facilitates discussion, ensures clarity, prevents scope creep, and promotes
team
collaboration.
Role of the scrum master in cross-functional teams?
+
Facilitates collaboration, removes impediments, and promotes
self-organization among
team members.
Safe?
+
SAFe (Scaled Agile Framework) is a framework to scale Agile practices across
large
enterprises.
Scaling agile?
+
Scaling Agile applies Agile practices across multiple teams or large
projects.
scrum & kanban used?
+
Scrum is used where work is iterative with evolving requirements, such as
software
development and product improvement. Kanban is used in support, maintenance,
DevOps,
and continuous delivery environments where work is flow-based rather than
sprint-based.
Scrum cycle length
+
A scrum cycle, or sprint, usually lasts 1–4 weeks. The duration remains
consistent
throughout the project.
Scrum master?
+
Scrum Master facilitates Scrum processes removes impediments and supports
the team.
Scrum of scrums
+
A technique used when multiple scrum teams work together. Representatives
meet to
coordinate dependencies and align progress.
Scrum?
+
Scrum is an Agile framework that uses roles events and artifacts to manage
complex
projects.
Servant leadership?
+
Servant leadership focuses on supporting and enabling the team rather than
directing
it.
Spike & zero sprint
+
A spike is research activity to resolve uncertainty or technical issues.
Zero sprint
(Sprint 0) involves initial setup activities like architecture, environment,
and
backlog preparation before development.
Spike?
+
A spike is a time-boxed research activity to explore a solution or reduce
uncertainty.
Spotify model?
+
Spotify model organizes Agile teams as squads tribes chapters and guilds to
foster
autonomy and alignment.
Sprint backlog vs product backlog
+
The product backlog contains all requirements prioritized by the product
owner,
while the sprint backlog contains the selected items for the current sprint.
Sprint
backlog is short-term; product backlog is long-term.
Sprint backlog?
+
The sprint backlog is a subset of the product backlog selected for
implementation in
a sprint.
Sprint delivery?
+
Sprint delivery is the completion and demonstration of committed backlog
items to
stakeholders at the end of a sprint.
Sprint goal?
+
A short description of what the sprint aims to achieve. It guides the team
and
aligns stakeholders.
Sprint planning, review & retrospective
+
Sprint planning defines sprint goals and backlog. Sprint review demonstrates
work to
stakeholders. Retrospective reflects on improvements.
Sprint planning?
+
Sprint planning is a meeting where the team decides what work will be done
in the
upcoming sprint.
Sprint planning?
+
Sprint Planning is a Scrum ceremony where the team decides which backlog
items to
work on in the upcoming sprint. It defines the sprint goal and estimated
tasks.
Sprint retrospective?
+
Sprint retrospective is a meeting to reflect on the sprint and identify
improvements.
Sprint review?
+
Sprint review is a meeting to demonstrate completed work to stakeholders and
gather
feedback.
Sprint?
+
A sprint is a time-boxed iteration usually 1-4 weeks where a set of work is
completed.
Story points
+
A unit for estimating effort or complexity in Scrum, not tied to time. Helps
predict
workload and sprint capacity.
Story points?
+
Story points are relative measures of effort complexity or risk for user
stories.
Team velocity tracking?
+
Tracking velocity helps predict how much work a team can complete in future
sprints.
Technical debt?
+
Technical debt is the cost of shortcuts or suboptimal solutions that need
refactoring later.
Test-driven development (tdd)
+
TDD involves writing tests before writing code. It ensures better design,
reduces
bugs, and supports regression testing.
Test-driven development (tdd)?
+
TDD is a practice where tests are written before the code to ensure
functionality
meets requirements.
Theme in agile?
+
A theme is a collection of related user stories or epics around a common
objective.
Time-boxing?
+
Time-boxing is allocating a fixed duration to activities to improve focus
and
productivity.
To balance stakeholder requests in backlog?
+
Evaluate based on business value, urgency, dependencies, and capacity.
Communicate
trade-offs transparently.
To control permissions in confluence?
+
Set space-level or page-level permissions for viewing, editing, or
commenting based
on user roles or groups.
To create a kanban board in jira?
+
Create a board from project → select Kanban → configure columns → add issues
for
workflow tracking.
To handle unplanned work during a sprint?
+
Minimize interruptions. If unavoidable, negotiate scope adjustments with PO
and
team. Track and learn for future planning.
To link jira issues in confluence?
+
Use Jira macro to embed issues, sprints, or reports directly into Confluence
pages.
To track progress in jira?
+
Use dashboards, reports, burndown charts, and cumulative flow diagrams.
Tracer bullet
+
A technique delivering a thin working slice of the system early to validate
architecture and direction.
Types of agile methodology.
+
Scrum, Kanban, XP (Extreme Programming), Lean, SAFe, and Crystal are popular
Agile
variants.
Types of burn-down charts
+
Types include sprint burndown, release burndown, and product burndown
charts. Each
offers different timelines and scope levels.
Use agile
+
Avoid Agile in fixed-scope, fixed-budget projects, strict compliance
domains, or
when customer feedback is unavailable.
Use waterfall instead of scrum
+
Use Waterfall when requirements are fixed, documentation-heavy, regulated,
and no
major changes are expected. It fits infrastructure or hardware projects
better.
User story?
+
A user story is a short simple description of a feature from the perspective
of an
end user.
Velocity in agile
+
Velocity measures the amount of work a team completes in a sprint, typically
in
story points. It helps estimate future sprint capacity and planning.
Velocity in agile?
+
Velocity measures the amount of work a team completes in a sprint.
Velocity?
+
Velocity measures the amount of work a team completes in a sprint, often in
story
points. Helps with forecasting.
You balance speed and quality in delivery?
+
Prioritize well-defined backlog items, maintain testing standards, and avoid
overcommitment.
You communicate delivery status to stakeholders?
+
Use sprint reviews, dashboards, Jira reports, and release notes for
transparency.
You ensure effective communication in cross-functional
teams?
+
Daily stand-ups, retrospectives, sprint reviews, shared documentation, and
collaboration tools help maintain transparency.
You ensure quality in delivery?
+
Unit tests, code reviews, automated testing, CI/CD pipelines, and adherence
to
Definition of Done.
You ensure team accountability?
+
Transparent commitments, daily stand-ups, peer reviews, and clear Definition
of
Done.
You ensure timely delivery?
+
Clear sprint goals, proper estimation, daily tracking, and removing blockers
proactively help ensure on-time delivery.
You estimate tasks in sprint planning?
+
Using story points, ideal hours, or T-shirt sizing. Estimation considers
complexity,
effort, and risk.
You handle blocked tasks?
+
Identify blockers early, escalate if needed, and collaborate to remove
impediments
quickly.
You handle changing priorities mid-sprint?
+
Limit mid-sprint changes; negotiate with PO, document impact, and adjust
future
sprint planning.
You handle conflicts in cross-functional teams?
+
Encourage open communication, identify root causes, facilitate discussions,
and
align on shared goals.
You handle incomplete stories at sprint end?
+
Move them back to backlog, review root cause, and include in future sprints
after
re-estimation.
You handle skill gaps in cross-functional teams?
+
Encourage knowledge sharing, mentoring, pair programming, and cross-training
to
build team capability.
You handle technical debt in backlog?
+
Track and prioritize technical debt items along with functional stories to
ensure
system maintainability.
You handle urgent production issues during a sprint?
+
Address them immediately if critical, or plan within sprint buffer. Document
impact
on sprint goals.
You improve team collaboration?
+
Facilitate open communication, collaborative tools, clear goals, and regular
retrospectives.
You manage dependencies across teams?
+
Identify dependencies early, communicate timelines, and coordinate during
planning
and stand-ups.
You manage scope creep during a sprint?
+
Freeze the sprint backlog, handle new requests in the next sprint, and
communicate
priorities clearly.
You measure productivity in cross-functional teams?
+
Use velocity, cycle time, burndown charts, quality metrics, and stakeholder
feedback.
You measure successful delivery?
+
Completion of sprint backlog, meeting Definition of Done, stakeholder
satisfaction,
and business value delivered.
You measure team performance?
+
Velocity, quality metrics, stakeholder satisfaction, sprint predictability,
and
adherence to Definition of Done.
You prioritize backlog items?
+
Using MoSCoW (Must, Should, Could, Won’t), business value, risk,
dependencies, and
ROI.
You track multiple sprints simultaneously?
+
Use program boards, Jira portfolios, or scaled Agile tools like SAFe to
visualize
cross-team progress.
You track sprint progress?
+
Use burndown charts, task boards, and daily stand-ups to monitor completed
versus
remaining work.
12 principles of agile?
+
Principles include customer satisfaction welcoming change frequent delivery
collaboration motivated individuals working software as measure of progress
sustainable development technical excellence simplicity self-organizing
teams
reflection and continuous improvement.
Acceptance criteria?
+
Acceptance criteria define the conditions a user story must meet to be
considered
complete.
Acceptance testing?
+
Acceptance testing verifies that software meets business requirements and
user
expectations.
Adaptive planning?
+
Adaptive planning adjusts plans based on changing requirements and feedback.
Advantages & disadvantages of agile
+
Agile enables faster delivery, better customer collaboration, flexibility to
change,
and improved product quality. However, it may lack predictability, require
experienced teams, and may struggle with large distributed teams or
fixed-budget
environments.
Agile adoption challenges?
+
Challenges include resistance to change lack of management support poor
collaboration and unclear roles.
Agile backlog refinement best practices?
+
Review backlog regularly prioritize items clarify requirements and break
down large
stories.
Agile backlog refinement frequency?
+
Typically done once per sprint to keep backlog up-to-date and prioritized.
Agile ceremonies?
+
Agile ceremonies include sprint planning daily stand-up sprint review and
sprint
retrospective.
Agile change management?
+
Agile change management handles requirement and process changes iteratively
and
collaboratively.
Agile coach?
+
An Agile coach helps teams and organizations adopt and improve Agile
practices.
Agile continuous delivery?
+
Continuous delivery ensures software can be reliably released to production
at any
time.
Agile continuous feedback?
+
Continuous feedback ensures product and process improvements throughout
development.
Agile continuous improvement?
+
Continuous improvement involves inspecting and adapting processes tools and
practices regularly.
Agile cross-functional team benefit?
+
Cross-functional teams reduce handoffs improve collaboration and deliver
faster.
Agile customer collaboration?
+
Customer collaboration involves stakeholders throughout the development
process for
feedback and alignment.
Agile customer value?
+
Customer value refers to delivering features and functionality that meet
user needs
and expectations.
Agile documentation?
+
Agile documentation is concise just enough to support development and
collaboration.
Agile epic decomposition?
+
Breaking epics into smaller actionable user stories for implementation.
Agile estimation techniques?
+
Techniques include story points planning poker T-shirt sizing and affinity
estimation.
Agile estimation?
+
Agile estimation is the process of predicting the effort or complexity of
user
stories or tasks.
Agile frameworks?
+
They are structured methods like Scrum, Kanban, SAFe, and XP that implement
Agile
principles in development.
Agile impediment?
+
Impediment is anything blocking the team from achieving its sprint goal.
Agile kanban vs scrum?
+
Scrum uses sprints and roles; Kanban is continuous and focuses on
visualizing
workflow and limiting WIP.
Agile key success factors?
+
Key factors include collaboration clear vision empowered teams adaptive
planning and
iterative delivery.
Agile manifesto?
+
Agile manifesto is a set of values and principles guiding Agile development.
Agile maturity model?
+
Agile maturity model assesses how effectively an organization applies Agile
practices.
Agile methodology?
+
Agile is an iterative software development approach focusing on flexibility,
customer collaboration, and incremental delivery through continuous
feedback.
Agile metrics?
+
Agile metrics track team performance progress quality and predictability.
Agile mindset?
+
Agile mindset values collaboration flexibility continuous improvement and
delivering
customer value.
Agile mvp vs prototype?
+
MVP delivers minimal usable product; prototype is a preliminary model for
validation
and experimentation.
Agile pair programming?
+
Pair programming involves two developers working together at one workstation
to
improve code quality.
Agile portfolio management?
+
Portfolio management applies Agile principles to manage multiple projects
and
initiatives.
Agile process?
+
Agile process involves planning, developing in small increments, testing,
review,
and adapting based on feedback.
Agile product vision?
+
Product vision defines the long-term goal and direction of the product.
Agile project management?
+
Agile project management applies Agile principles to plan execute and
deliver
projects iteratively.
Agile quality assurance?
+
QA integrates testing early and continuously in the Agile development cycle.
Agile release planning horizon?
+
Defines a planning period for delivering features or increments usually
several
sprints.
Agile release planning?
+
Agile release planning defines a roadmap and schedule for delivering product
increments over multiple sprints.
Agile release train?
+
Release train coordinates multiple teams to deliver value in a predictable
schedule.
Agile retrospection action items?
+
Action items are improvements identified during retrospectives to implement
in
future sprints.
Agile retrospectives?
+
Retrospectives are meetings to reflect on the process discuss improvements
and take
action.
Agile risk management?
+
Agile risk management identifies assesses and mitigates risks iteratively
during
development.
Agile risk mitigation?
+
Risk mitigation involves identifying monitoring and addressing risks
iteratively.
Agile roles and responsibilities?
+
Roles include Product Owner Scrum Master Development Team and Stakeholders.
Agile scaling challenges?
+
Challenges include coordination between teams consistent processes and
maintaining
Agile culture.
Agile servant leadership role?
+
Servant leader supports team autonomy removes impediments and fosters
continuous
improvement.
Agile sprint goal?
+
Sprint goal is a clear objective that guides the team's work during a
sprint.
Agile stakeholder engagement?
+
Engaging stakeholders throughout development for feedback validation and
alignment.
Agile team collaboration?
+
Team collaboration emphasizes communication transparency and shared
responsibility.
Agile testing
+
Agile testing is a continuous testing approach aligned with Agile
development. It
focuses on early defect detection, customer feedback, and testing alongside
development rather than after coding completes.
Agile testing?
+
Agile testing involves continuous testing throughout the development
lifecycle.
Agile timeboxing benefit?
+
Timeboxing improves focus predictability and encourages timely delivery.
Agile?
+
Agile is a methodology for software development that emphasizes iterative
development collaboration and flexibility to change.
Application binary interface
+
ABI defines how software components interact at the binary level. It
standardizes
function calls, data types, and machine interfaces.
Backlog grooming or refinement?
+
The process of reviewing, prioritizing, and estimating backlog items to
ensure
readiness for future sprints.
Backlog grooming/refinement?
+
Backlog grooming is the process of reviewing and prioritizing the product
backlog.
Backlog prioritization?
+
Backlog prioritization determines the order of user stories based on value
risk and
dependencies.
Backlog refinement?
+
Ongoing process of reviewing, clarifying, and estimating backlog items to
prepare
them for future sprints.
Behavior-driven development (bdd)?
+
BDD involves writing tests in natural language to align development with
business
behavior.
Best time to use agile
+
Agile is ideal when requirements are evolving, the project needs frequent
updates,
and user feedback is essential. It suits dynamic environments and
product-based
development.
Build breaker mean?
+
A build breaker is an issue introduced into the codebase that causes the CI
pipeline
or build process to fail. It prevents deployment and needs immediate fixing
before
new features continue.
Burn-down chart?
+
A burn-down chart shows remaining work in a sprint or project over time.
Burn-up & burn-down charts
+
Burn-down charts show remaining work; burn-up charts track completed
progress. Both
help monitor sprint or project progress.
Burn-up chart?
+
A burn-up chart shows work completed versus total work in a project or
release.
Can cross-functional teams work with external
dependencies?
+
Yes, but dependencies should be managed with clear communication, planning,
and
incremental delivery.
Challenges in agile development
+
Unclear requirements, integration issues, team dependencies, cultural
resistance,
and estimation challenges are common.
Common agile metrics
+
Velocity, cycle time, burndown rate, lead time, defect density, and customer
satisfaction are common metrics.
Common agile metrics?
+
Common metrics include velocity burn-down/burn-up charts cycle time lead
time and
cumulative flow.
Confluence page template?
+
Predefined layouts to standardize documentation like architecture diagrams,
meeting
notes, or requirements.
Confluence?
+
Confluence is a collaboration wiki platform for documenting requirements,
architecture, and project knowledge.
Continuous delivery (cd)?
+
CD is the practice of automatically deploying code to production or staging
after
CI.
Continuous integration (ci)?
+
CI is the practice of frequently merging code changes to detect errors
early.
Cross-functional team?
+
A cross-functional team has members with all skills needed to deliver a
product
increment.
Cross-functional team?
+
A team where members have different skills to complete a project from end to
end,
including development, testing, and design.
Cross-functional teams handle knowledge sharing?
+
Through pair programming, documentation, workshops, demos, and
retrospectives.
Cross-functional teams important in agile?
+
They reduce handoffs, improve collaboration, accelerate delivery, and
promote shared
responsibility.
Cross-functional teams improve quality?
+
Integrated expertise reduces errors, promotes early testing, and ensures
design and
code quality throughout the sprint.
Cumulative flow diagram?
+
Visualizes work in different states over time, helping identify bottlenecks
in
workflow.
Cycle time?
+
Time taken from when work starts on a task until it is completed. Helps
measure
efficiency.
Daily stand-up meeting
+
A short 10–15 minute meeting where team members discuss what they completed,
what
they will do next, and any blockers. It improves transparency and
collaboration.
Daily stand-up?
+
Daily stand-up is a short meeting where team members share progress plans
and
blockers.
Definition of done (dod)?
+
DoD is a shared agreement of what constitutes a completed user story or
task.
Definition of done (dod)?
+
Criteria that a backlog item must meet to be considered complete, including
code
quality, testing, and documentation.
Definition of ready (dor)?
+
DoR defines conditions a user story must meet to be eligible for a sprint.
Definition of ready (dor)?
+
Criteria that a backlog item must meet before being pulled into a sprint.
Ensures
clarity and reduces blockers.
Diffbet a bug and a story in the backlog?
+
A bug represents a defect or error; a story is a new feature or enhancement.
Both
are tracked but may differ in priority.
Diffbet agile and devops?
+
Agile focuses on development process; DevOps focuses on development
deployment and
operations collaboration.
Diffbet agile and lean?
+
Agile focuses on iterative development; Lean focuses on waste reduction and
process
optimization.
Diffbet agile and waterfall?
+
Agile is iterative and flexible; Waterfall is sequential and rigid.
Diffbet burnup and burndown charts?
+
Burndown shows remaining work over time; burnup shows work completed and
total scope
over time.
Diffbet cross-functional and functional teams?
+
Cross-functional teams have multiple skill sets in one team; functional
teams are
organized by specialized roles.
Diffbet epic, feature, and user story?
+
Epic is a large goal, Feature is a smaller functionality, User Story is a
detailed,
implementable piece of work.
Diffbet jira and confluence?
+
Jira is for task and project tracking; Confluence is for documentation and
knowledge
management. Both integrate for traceability.
Diffbet product backlog and sprint backlog?
+
Product backlog is the full list of features, bugs, and enhancements. Sprint
backlog
is a subset selected for the sprint.
Diffbet scrum and kanban?
+
Scrum uses fixed sprints and roles; Kanban is continuous and focuses on
workflow
visualization.
Diffbet story points and hours?
+
Story points measure relative effort; hours estimate actual time to complete
a task.
Diffbet waterfall and agile.
+
Waterfall is linear and sequential, while Agile is iterative and flexible.
Agile
adapts to change, whereas Waterfall requires full requirements upfront.
Difference agile vs scrum
+
Agile is a broader methodology mindset, while Scrum is a specific framework
under
Agile. Scrum uses roles, ceremonies, and sprints; Agile provides principles
and
values.
Epic in agile?
+
An Epic is a large user story that can be broken into smaller stories.
Epic, user stories & tasks
+
An epic is a large feature broken into user stories. A user story describes
a
requirement from the user's perspective, and tasks break stories into
development
activities.
Exploratory testing in agile?
+
Exploratory testing is an informal testing approach where testers learn and
test
simultaneously.
Four values of agile manifesto?
+
Values: individuals & interactions > processes & tools working software >
documentation customer collaboration > contract negotiation responding to
change >
following a plan.
Impediment
+
A problem or blocker preventing a team from progressing. Scrum Master helps
resolve
it.
Importance of sprint retrospective?
+
To reflect on the sprint, identify improvements, and strengthen team
collaboration
and processes.
Importance of sprint review?
+
To demonstrate completed work, gather feedback, and validate alignment with
business
goals.
Important parts of agile process.
+
Backlog refinement, sprint cycles, continuous testing, customer involvement,
retrospectives, and deployment.
Increment
+
An increment is the sum of completed product work at the end of a sprint,
delivering
potentially shippable functionality.
Incremental delivery?
+
Delivering working software in small, usable increments rather than waiting
for a
full release.
Incremental vs iterative delivery?
+
Incremental delivers small usable pieces, iterative improves them over
cycles based
on feedback.
Is velocity used in sprint planning?
+
Velocity is the average amount of work completed in previous sprints. It
helps
estimate how much the team can commit to in the current sprint.
Iteration in agile?
+
Iteration is a time-boxed cycle of development also known as a sprint.
Iterative & incremental development
+
Iterative development improves the system through repeated cycles, while
incremental
development delivers the system in small functional parts. Agile combines
both to
deliver working software early and refine it based on feedback.
Jira issue types?
+
Common types: Epic, Story, Task, Bug, Sub-task. Each represents a different
level of
work.
Jira workflow?
+
A sequence of statuses and transitions representing the lifecycle of an
issue.
Supports automation and approvals.
Jira?
+
Jira is a project management tool used for issue tracking, Agile boards,
sprints,
and backlog management.
Kanban
+
Kanban focuses on visual workflow management using a board and continuous
delivery.
Work-in-progress limits help efficiency.
Kanban board?
+
Kanban board visualizes work items workflow stages and progress.
Kanban wip limit?
+
WIP limit restricts the number of work items in progress to improve flow and
reduce
bottlenecks.
Key outputs of sprint planning?
+
Sprint backlog, sprint goal, task estimates, and commitment of the team to
complete
selected items.
Key principles of agile?
+
Key principles include customer collaboration responding to change working
software
and individuals and interactions over processes.
Lead time?
+
Time from backlog item creation to delivery. Useful for overall process
efficiency.
Less?
+
LeSS (Large-Scale Scrum) extends Scrum principles to multiple teams working
on the
same product.
Long should sprint planning take?
+
Typically 2–4 hours for a 2-week sprint. Longer sprints may require more
time
proportionally.
Main roles in scrum
+
Scrum has three key roles: Product Owner, who manages backlog and
priorities; Scrum
Master, who ensures process compliance and removes blockers; and the
Development
Team, responsible for delivering increments every sprint.
Major agile components.
+
User stories, sprint planning, backlog, iterations, stand-up meetings,
sprint
reviews, and retrospectives.
Minimum viable product (mvp)?
+
MVP is the simplest version of a product that delivers value and can gather
feedback.
Moscow prioritization?
+
MoSCoW prioritization categorizes backlog items as Must have Should have
Could have
and Won't have.
Nexus?
+
Nexus is a framework to scale Scrum across multiple teams with integrated
work.
Obstacles to agile
+
Challenges include resistance to change, unclear requirements, lack of
training,
poor communication, distributed teams, and legacy constraints.
Often should backlog be refined?
+
Ongoing, but typically once per sprint, about 5–10% of the sprint time is
used for
grooming.
Other agile frameworks
+
Kanban, XP (Extreme Programming), SAFe, Crystal, and Lean are major
frameworks
besides Scrum.
Pair programming
+
Two developers work together on one workstation. It improves code quality,
knowledge
sharing, and reduces errors., QA collaborates from the start, writes
acceptance
criteria, tests continuously, and ensures quality through automation and
feedback.
Participates in sprint planning?
+
The Scrum Master, Product Owner, and Development Team participate. PO
clarifies
backlog items, Dev Team estimates effort, and Scrum Master facilitates.
Planning poker
+
A collaborative estimation technique where teams assign story points using
cards.
Helps achieve shared understanding and consensus.
Planning poker?
+
Planning Poker is a consensus-based estimation technique using cards with
story
points.
Popular agile tools
+
Common Agile tools include Jira, Trello, Azure DevOps, Asana, Rally,
Monday.com, and
VersionOne. They help manage backlogs, tasks, sprints, and reporting.
Principles of agile testing
+
Principles include customer-focused testing, continuous feedback, early
testing,
frequent delivery, collaboration, and embracing change. Testing is seen as a
shared
responsibility, not a separate stage.
Product backlog?
+
The product backlog is a prioritized list of features enhancements and fixes
for the
product.
Product backlog?
+
An ordered list of features, bugs, and technical work maintained by the
Product
Owner. It evolves continuously as requirements change.
Product increment?
+
Product increment is the sum of all completed work in a sprint that meets
the
definition of done.
Product owner?
+
Product Owner represents stakeholders manages the backlog and ensures value
delivery.
Product roadmap
+
A strategic plan outlining vision, milestones, timelines, and prioritized
features
for product development.
Purpose of sprint planning
+
Sprint planning determines sprint goals, selects backlog items, and defines
how the
work will be completed.
Qualities of a scrum master
+
A Scrum Master should have communication and facilitation skills,
problem-solving
ability, servant leadership mindset, patience, and knowledge of Agile
principles to
guide the team effectively.
Qualities of an agile tester
+
An Agile tester should be collaborative, adaptable, and proactive. They must
understand business requirements, communicate well, and focus on continuous
improvement and quick feedback cycles.
Refactoring
+
Refactoring improves existing code without changing its external behavior.
It
enhances readability, performance, and maintainability while reducing
technical
debt.
Release candidate
+
A nearly completed product version ready for final testing and approval
before
release.
Responsible for backlog management?
+
The Product Owner is primarily responsible, with input from stakeholders and
the
development team.
Retrospectives improve delivery?
+
They help identify process improvements, bottlenecks, and team collaboration
issues
to improve future sprints.
Role of scrum master in sprint planning?
+
Facilitates discussion, ensures clarity, prevents scope creep, and promotes
team
collaboration.
Role of the scrum master in cross-functional teams?
+
Facilitates collaboration, removes impediments, and promotes
self-organization among
team members.
Safe?
+
SAFe (Scaled Agile Framework) is a framework to scale Agile practices across
large
enterprises.
Scaling agile?
+
Scaling Agile applies Agile practices across multiple teams or large
projects.
scrum & kanban used?
+
Scrum is used where work is iterative with evolving requirements, such as
software
development and product improvement. Kanban is used in support, maintenance,
DevOps,
and continuous delivery environments where work is flow-based rather than
sprint-based.
Scrum cycle length
+
A scrum cycle, or sprint, usually lasts 1–4 weeks. The duration remains
consistent
throughout the project.
Scrum master?
+
Scrum Master facilitates Scrum processes removes impediments and supports
the team.
Scrum of scrums
+
A technique used when multiple scrum teams work together. Representatives
meet to
coordinate dependencies and align progress.
Scrum?
+
Scrum is an Agile framework that uses roles events and artifacts to manage
complex
projects.
Servant leadership?
+
Servant leadership focuses on supporting and enabling the team rather than
directing
it.
Spike & zero sprint
+
A spike is research activity to resolve uncertainty or technical issues.
Zero sprint
(Sprint 0) involves initial setup activities like architecture, environment,
and
backlog preparation before development.
Spike?
+
A spike is a time-boxed research activity to explore a solution or reduce
uncertainty.
Spotify model?
+
Spotify model organizes Agile teams as squads tribes chapters and guilds to
foster
autonomy and alignment.
Sprint backlog vs product backlog
+
The product backlog contains all requirements prioritized by the product
owner,
while the sprint backlog contains the selected items for the current sprint.
Sprint
backlog is short-term; product backlog is long-term.
Sprint backlog?
+
The sprint backlog is a subset of the product backlog selected for
implementation in
a sprint.
Sprint delivery?
+
Sprint delivery is the completion and demonstration of committed backlog
items to
stakeholders at the end of a sprint.
Sprint goal?
+
A short description of what the sprint aims to achieve. It guides the team
and
aligns stakeholders.
Sprint planning, review & retrospective
+
Sprint planning defines sprint goals and backlog. Sprint review demonstrates
work to
stakeholders. Retrospective reflects on improvements.
Sprint planning?
+
Sprint planning is a meeting where the team decides what work will be done
in the
upcoming sprint.
Sprint planning?
+
Sprint Planning is a Scrum ceremony where the team decides which backlog
items to
work on in the upcoming sprint. It defines the sprint goal and estimated
tasks.
Sprint retrospective?
+
Sprint retrospective is a meeting to reflect on the sprint and identify
improvements.
Sprint review?
+
Sprint review is a meeting to demonstrate completed work to stakeholders and
gather
feedback.
Sprint?
+
A sprint is a time-boxed iteration usually 1-4 weeks where a set of work is
completed.
Story points
+
A unit for estimating effort or complexity in Scrum, not tied to time. Helps
predict
workload and sprint capacity.
Story points?
+
Story points are relative measures of effort complexity or risk for user
stories.
Team velocity tracking?
+
Tracking velocity helps predict how much work a team can complete in future
sprints.
Technical debt?
+
Technical debt is the cost of shortcuts or suboptimal solutions that need
refactoring later.
Test-driven development (tdd)
+
TDD involves writing tests before writing code. It ensures better design,
reduces
bugs, and supports regression testing.
Test-driven development (tdd)?
+
TDD is a practice where tests are written before the code to ensure
functionality
meets requirements.
Theme in agile?
+
A theme is a collection of related user stories or epics around a common
objective.
Time-boxing?
+
Time-boxing is allocating a fixed duration to activities to improve focus
and
productivity.
To balance stakeholder requests in backlog?
+
Evaluate based on business value, urgency, dependencies, and capacity.
Communicate
trade-offs transparently.
To control permissions in confluence?
+
Set space-level or page-level permissions for viewing, editing, or
commenting based
on user roles or groups.
To create a kanban board in jira?
+
Create a board from project → select Kanban → configure columns → add issues
for
workflow tracking.
To handle unplanned work during a sprint?
+
Minimize interruptions. If unavoidable, negotiate scope adjustments with PO
and
team. Track and learn for future planning.
To link jira issues in confluence?
+
Use Jira macro to embed issues, sprints, or reports directly into Confluence
pages.
To track progress in jira?
+
Use dashboards, reports, burndown charts, and cumulative flow diagrams.
Tracer bullet
+
A technique delivering a thin working slice of the system early to validate
architecture and direction.
Types of agile methodology.
+
Scrum, Kanban, XP (Extreme Programming), Lean, SAFe, and Crystal are popular
Agile
variants.
Types of burn-down charts
+
Types include sprint burndown, release burndown, and product burndown
charts. Each
offers different timelines and scope levels.
Use agile
+
Avoid Agile in fixed-scope, fixed-budget projects, strict compliance
domains, or
when customer feedback is unavailable.
Use waterfall instead of scrum
+
Use Waterfall when requirements are fixed, documentation-heavy, regulated,
and no
major changes are expected. It fits infrastructure or hardware projects
better.
User story?
+
A user story is a short simple description of a feature from the perspective
of an
end user.
Velocity in agile
+
Velocity measures the amount of work a team completes in a sprint, typically
in
story points. It helps estimate future sprint capacity and planning.
Velocity in agile?
+
Velocity measures the amount of work a team completes in a sprint.
Velocity?
+
Velocity measures the amount of work a team completes in a sprint, often in
story
points. Helps with forecasting.
You balance speed and quality in delivery?
+
Prioritize well-defined backlog items, maintain testing standards, and avoid
overcommitment.
You communicate delivery status to stakeholders?
+
Use sprint reviews, dashboards, Jira reports, and release notes for
transparency.
You ensure effective communication in cross-functional
teams?
+
Daily stand-ups, retrospectives, sprint reviews, shared documentation, and
collaboration tools help maintain transparency.
You ensure quality in delivery?
+
Unit tests, code reviews, automated testing, CI/CD pipelines, and adherence
to
Definition of Done.
You ensure team accountability?
+
Transparent commitments, daily stand-ups, peer reviews, and clear Definition
of
Done.
You ensure timely delivery?
+
Clear sprint goals, proper estimation, daily tracking, and removing blockers
proactively help ensure on-time delivery.
You estimate tasks in sprint planning?
+
Using story points, ideal hours, or T-shirt sizing. Estimation considers
complexity,
effort, and risk.
You handle blocked tasks?
+
Identify blockers early, escalate if needed, and collaborate to remove
impediments
quickly.
You handle changing priorities mid-sprint?
+
Limit mid-sprint changes; negotiate with PO, document impact, and adjust
future
sprint planning.
You handle conflicts in cross-functional teams?
+
Encourage open communication, identify root causes, facilitate discussions,
and
align on shared goals.
You handle incomplete stories at sprint end?
+
Move them back to backlog, review root cause, and include in future sprints
after
re-estimation.
You handle skill gaps in cross-functional teams?
+
Encourage knowledge sharing, mentoring, pair programming, and cross-training
to
build team capability.
You handle technical debt in backlog?
+
Track and prioritize technical debt items along with functional stories to
ensure
system maintainability.
You handle urgent production issues during a sprint?
+
Address them immediately if critical, or plan within sprint buffer. Document
impact
on sprint goals.
You improve team collaboration?
+
Facilitate open communication, collaborative tools, clear goals, and regular
retrospectives.
You manage dependencies across teams?
+
Identify dependencies early, communicate timelines, and coordinate during
planning
and stand-ups.
You manage scope creep during a sprint?
+
Freeze the sprint backlog, handle new requests in the next sprint, and
communicate
priorities clearly.
You measure productivity in cross-functional teams?
+
Use velocity, cycle time, burndown charts, quality metrics, and stakeholder
feedback.
You measure successful delivery?
+
Completion of sprint backlog, meeting Definition of Done, stakeholder
satisfaction,
and business value delivered.
You measure team performance?
+
Velocity, quality metrics, stakeholder satisfaction, sprint predictability,
and
adherence to Definition of Done.
You prioritize backlog items?
+
Using MoSCoW (Must, Should, Could, Won’t), business value, risk,
dependencies, and
ROI.
You track multiple sprints simultaneously?
+
Use program boards, Jira portfolios, or scaled Agile tools like SAFe to
visualize
cross-team progress.
You track sprint progress?
+
Use burndown charts, task boards, and daily stand-ups to monitor completed
versus
remaining work.
12 principles of agile?
+
Principles include customer satisfaction welcoming change frequent delivery
collaboration motivated individuals working software as measure of progress
sustainable development technical excellence simplicity self-organizing
teams
reflection and continuous improvement.
Acceptance criteria?
+
Acceptance criteria define the conditions a user story must meet to be
considered
complete.
Acceptance testing?
+
Acceptance testing verifies that software meets business requirements and
user
expectations.
Adaptive planning?
+
Adaptive planning adjusts plans based on changing requirements and feedback.
Advantages & disadvantages of agile
+
Agile enables faster delivery, better customer collaboration, flexibility to
change,
and improved product quality. However, it may lack predictability, require
experienced teams, and may struggle with large distributed teams or
fixed-budget
environments.
Agile adoption challenges?
+
Challenges include resistance to change lack of management support poor
collaboration and unclear roles.
Agile backlog refinement best practices?
+
Review backlog regularly prioritize items clarify requirements and break
down large
stories.
Agile backlog refinement frequency?
+
Typically done once per sprint to keep backlog up-to-date and prioritized.
Agile ceremonies?
+
Agile ceremonies include sprint planning daily stand-up sprint review and
sprint
retrospective.
Agile change management?
+
Agile change management handles requirement and process changes iteratively
and
collaboratively.
Agile coach?
+
An Agile coach helps teams and organizations adopt and improve Agile
practices.
Agile continuous delivery?
+
Continuous delivery ensures software can be reliably released to production
at any
time.
Agile continuous feedback?
+
Continuous feedback ensures product and process improvements throughout
development.
Agile continuous improvement?
+
Continuous improvement involves inspecting and adapting processes tools and
practices regularly.
Agile cross-functional team benefit?
+
Cross-functional teams reduce handoffs improve collaboration and deliver
faster.
Agile customer collaboration?
+
Customer collaboration involves stakeholders throughout the development
process for
feedback and alignment.
Agile customer value?
+
Customer value refers to delivering features and functionality that meet
user needs
and expectations.
Agile documentation?
+
Agile documentation is concise just enough to support development and
collaboration.
Agile epic decomposition?
+
Breaking epics into smaller actionable user stories for implementation.
Agile estimation techniques?
+
Techniques include story points planning poker T-shirt sizing and affinity
estimation.
Agile estimation?
+
Agile estimation is the process of predicting the effort or complexity of
user
stories or tasks.
Agile frameworks?
+
They are structured methods like Scrum, Kanban, SAFe, and XP that implement
Agile
principles in development.
Agile impediment?
+
Impediment is anything blocking the team from achieving its sprint goal.
Agile kanban vs scrum?
+
Scrum uses sprints and roles; Kanban is continuous and focuses on
visualizing
workflow and limiting WIP.
Agile key success factors?
+
Key factors include collaboration clear vision empowered teams adaptive
planning and
iterative delivery.
Agile manifesto?
+
Agile manifesto is a set of values and principles guiding Agile development.
Agile maturity model?
+
Agile maturity model assesses how effectively an organization applies Agile
practices.
Agile methodology?
+
Agile is an iterative software development approach focusing on flexibility,
customer collaboration, and incremental delivery through continuous
feedback.
Agile metrics?
+
Agile metrics track team performance progress quality and predictability.
Agile mindset?
+
Agile mindset values collaboration flexibility continuous improvement and
delivering
customer value.
Agile mvp vs prototype?
+
MVP delivers minimal usable product; prototype is a preliminary model for
validation
and experimentation.
Agile pair programming?
+
Pair programming involves two developers working together at one workstation
to
improve code quality.
Agile portfolio management?
+
Portfolio management applies Agile principles to manage multiple projects
and
initiatives.
Agile process?
+
Agile process involves planning, developing in small increments, testing,
review,
and adapting based on feedback.
Agile product vision?
+
Product vision defines the long-term goal and direction of the product.
Agile project management?
+
Agile project management applies Agile principles to plan execute and
deliver
projects iteratively.
Agile quality assurance?
+
QA integrates testing early and continuously in the Agile development cycle.
Agile release planning horizon?
+
Defines a planning period for delivering features or increments usually
several
sprints.
Agile release planning?
+
Agile release planning defines a roadmap and schedule for delivering product
increments over multiple sprints.
Agile release train?
+
Release train coordinates multiple teams to deliver value in a predictable
schedule.
Agile retrospection action items?
+
Action items are improvements identified during retrospectives to implement
in
future sprints.
Agile retrospectives?
+
Retrospectives are meetings to reflect on the process discuss improvements
and take
action.
Agile risk management?
+
Agile risk management identifies assesses and mitigates risks iteratively
during
development.
Agile risk mitigation?
+
Risk mitigation involves identifying monitoring and addressing risks
iteratively.
Agile roles and responsibilities?
+
Roles include Product Owner Scrum Master Development Team and Stakeholders.
Agile scaling challenges?
+
Challenges include coordination between teams consistent processes and
maintaining
Agile culture.
Agile servant leadership role?
+
Servant leader supports team autonomy removes impediments and fosters
continuous
improvement.
Agile sprint goal?
+
Sprint goal is a clear objective that guides the team's work during a
sprint.
Agile stakeholder engagement?
+
Engaging stakeholders throughout development for feedback validation and
alignment.
Agile team collaboration?
+
Team collaboration emphasizes communication transparency and shared
responsibility.
Agile testing
+
Agile testing is a continuous testing approach aligned with Agile
development. It
focuses on early defect detection, customer feedback, and testing alongside
development rather than after coding completes.
Agile testing?
+
Agile testing involves continuous testing throughout the development
lifecycle.
Agile timeboxing benefit?
+
Timeboxing improves focus predictability and encourages timely delivery.
Agile?
+
Agile is a methodology for software development that emphasizes iterative
development collaboration and flexibility to change.
Application binary interface
+
ABI defines how software components interact at the binary level. It
standardizes
function calls, data types, and machine interfaces.
Backlog grooming or refinement?
+
The process of reviewing, prioritizing, and estimating backlog items to
ensure
readiness for future sprints.
Backlog grooming/refinement?
+
Backlog grooming is the process of reviewing and prioritizing the product
backlog.
Backlog prioritization?
+
Backlog prioritization determines the order of user stories based on value
risk and
dependencies.
Backlog refinement?
+
Ongoing process of reviewing, clarifying, and estimating backlog items to
prepare
them for future sprints.
Behavior-driven development (bdd)?
+
BDD involves writing tests in natural language to align development with
business
behavior.
Best time to use agile
+
Agile is ideal when requirements are evolving, the project needs frequent
updates,
and user feedback is essential. It suits dynamic environments and
product-based
development.
Build breaker mean?
+
A build breaker is an issue introduced into the codebase that causes the CI
pipeline
or build process to fail. It prevents deployment and needs immediate fixing
before
new features continue.
Burn-down chart?
+
A burn-down chart shows remaining work in a sprint or project over time.
Burn-up & burn-down charts
+
Burn-down charts show remaining work; burn-up charts track completed
progress. Both
help monitor sprint or project progress.
Burn-up chart?
+
A burn-up chart shows work completed versus total work in a project or
release.
Can cross-functional teams work with external
dependencies?
+
Yes, but dependencies should be managed with clear communication, planning,
and
incremental delivery.
Challenges in agile development
+
Unclear requirements, integration issues, team dependencies, cultural
resistance,
and estimation challenges are common.
Common agile metrics
+
Velocity, cycle time, burndown rate, lead time, defect density, and customer
satisfaction are common metrics.
Common agile metrics?
+
Common metrics include velocity burn-down/burn-up charts cycle time lead
time and
cumulative flow.
Confluence page template?
+
Predefined layouts to standardize documentation like architecture diagrams,
meeting
notes, or requirements.
Confluence?
+
Confluence is a collaboration wiki platform for documenting requirements,
architecture, and project knowledge.
Continuous delivery (cd)?
+
CD is the practice of automatically deploying code to production or staging
after
CI.
Continuous integration (ci)?
+
CI is the practice of frequently merging code changes to detect errors
early.
Cross-functional team?
+
A cross-functional team has members with all skills needed to deliver a
product
increment.
Cross-functional team?
+
A team where members have different skills to complete a project from end to
end,
including development, testing, and design.
Cross-functional teams handle knowledge sharing?
+
Through pair programming, documentation, workshops, demos, and
retrospectives.
Cross-functional teams important in agile?
+
They reduce handoffs, improve collaboration, accelerate delivery, and
promote shared
responsibility.
Cross-functional teams improve quality?
+
Integrated expertise reduces errors, promotes early testing, and ensures
design and
code quality throughout the sprint.
Cumulative flow diagram?
+
Visualizes work in different states over time, helping identify bottlenecks
in
workflow.
Cycle time?
+
Time taken from when work starts on a task until it is completed. Helps
measure
efficiency.
Daily stand-up meeting
+
A short 10–15 minute meeting where team members discuss what they completed,
what
they will do next, and any blockers. It improves transparency and
collaboration.
Daily stand-up?
+
Daily stand-up is a short meeting where team members share progress plans
and
blockers.
Definition of done (dod)?
+
DoD is a shared agreement of what constitutes a completed user story or
task.
Definition of done (dod)?
+
Criteria that a backlog item must meet to be considered complete, including
code
quality, testing, and documentation.
Definition of ready (dor)?
+
DoR defines conditions a user story must meet to be eligible for a sprint.
Definition of ready (dor)?
+
Criteria that a backlog item must meet before being pulled into a sprint.
Ensures
clarity and reduces blockers.
Diffbet a bug and a story in the backlog?
+
A bug represents a defect or error; a story is a new feature or enhancement.
Both
are tracked but may differ in priority.
Diffbet agile and devops?
+
Agile focuses on development process; DevOps focuses on development
deployment and
operations collaboration.
Diffbet agile and lean?
+
Agile focuses on iterative development; Lean focuses on waste reduction and
process
optimization.
Diffbet agile and waterfall?
+
Agile is iterative and flexible; Waterfall is sequential and rigid.
Diffbet burnup and burndown charts?
+
Burndown shows remaining work over time; burnup shows work completed and
total scope
over time.
Diffbet cross-functional and functional teams?
+
Cross-functional teams have multiple skill sets in one team; functional
teams are
organized by specialized roles.
Diffbet epic, feature, and user story?
+
Epic is a large goal, Feature is a smaller functionality, User Story is a
detailed,
implementable piece of work.
Diffbet jira and confluence?
+
Jira is for task and project tracking; Confluence is for documentation and
knowledge
management. Both integrate for traceability.
Diffbet product backlog and sprint backlog?
+
Product backlog is the full list of features, bugs, and enhancements. Sprint
backlog
is a subset selected for the sprint.
Diffbet scrum and kanban?
+
Scrum uses fixed sprints and roles; Kanban is continuous and focuses on
workflow
visualization.
Diffbet story points and hours?
+
Story points measure relative effort; hours estimate actual time to complete
a task.
Diffbet waterfall and agile.
+
Waterfall is linear and sequential, while Agile is iterative and flexible.
Agile
adapts to change, whereas Waterfall requires full requirements upfront.
Difference agile vs scrum
+
Agile is a broader methodology mindset, while Scrum is a specific framework
under
Agile. Scrum uses roles, ceremonies, and sprints; Agile provides principles
and
values.
Epic in agile?
+
An Epic is a large user story that can be broken into smaller stories.
Epic, user stories & tasks
+
An epic is a large feature broken into user stories. A user story describes
a
requirement from the user's perspective, and tasks break stories into
development
activities.
Exploratory testing in agile?
+
Exploratory testing is an informal testing approach where testers learn and
test
simultaneously.
Four values of agile manifesto?
+
Values: individuals & interactions > processes & tools working software >
documentation customer collaboration > contract negotiation responding to
change >
following a plan.
Impediment
+
A problem or blocker preventing a team from progressing. Scrum Master helps
resolve
it.
Importance of sprint retrospective?
+
To reflect on the sprint, identify improvements, and strengthen team
collaboration
and processes.
Importance of sprint review?
+
To demonstrate completed work, gather feedback, and validate alignment with
business
goals.
Important parts of agile process.
+
Backlog refinement, sprint cycles, continuous testing, customer involvement,
retrospectives, and deployment.
Increment
+
An increment is the sum of completed product work at the end of a sprint,
delivering
potentially shippable functionality.
Incremental delivery?
+
Delivering working software in small, usable increments rather than waiting
for a
full release.
Incremental vs iterative delivery?
+
Incremental delivers small usable pieces, iterative improves them over
cycles based
on feedback.
Is velocity used in sprint planning?
+
Velocity is the average amount of work completed in previous sprints. It
helps
estimate how much the team can commit to in the current sprint.
Iteration in agile?
+
Iteration is a time-boxed cycle of development also known as a sprint.
Iterative & incremental development
+
Iterative development improves the system through repeated cycles, while
incremental
development delivers the system in small functional parts. Agile combines
both to
deliver working software early and refine it based on feedback.
Jira issue types?
+
Common types: Epic, Story, Task, Bug, Sub-task. Each represents a different
level of
work.
Jira workflow?
+
A sequence of statuses and transitions representing the lifecycle of an
issue.
Supports automation and approvals.
Jira?
+
Jira is a project management tool used for issue tracking, Agile boards,
sprints,
and backlog management.
Kanban
+
Kanban focuses on visual workflow management using a board and continuous
delivery.
Work-in-progress limits help efficiency.
Kanban board?
+
Kanban board visualizes work items workflow stages and progress.
Kanban wip limit?
+
WIP limit restricts the number of work items in progress to improve flow and
reduce
bottlenecks.
Key outputs of sprint planning?
+
Sprint backlog, sprint goal, task estimates, and commitment of the team to
complete
selected items.
Key principles of agile?
+
Key principles include customer collaboration responding to change working
software
and individuals and interactions over processes.
Lead time?
+
Time from backlog item creation to delivery. Useful for overall process
efficiency.
Less?
+
LeSS (Large-Scale Scrum) extends Scrum principles to multiple teams working
on the
same product.
Long should sprint planning take?
+
Typically 2–4 hours for a 2-week sprint. Longer sprints may require more
time
proportionally.
Main roles in scrum
+
Scrum has three key roles: Product Owner, who manages backlog and
priorities; Scrum
Master, who ensures process compliance and removes blockers; and the
Development
Team, responsible for delivering increments every sprint.
Major agile components.
+
User stories, sprint planning, backlog, iterations, stand-up meetings,
sprint
reviews, and retrospectives.
Minimum viable product (mvp)?
+
MVP is the simplest version of a product that delivers value and can gather
feedback.
Moscow prioritization?
+
MoSCoW prioritization categorizes backlog items as Must have Should have
Could have
and Won't have.
Nexus?
+
Nexus is a framework to scale Scrum across multiple teams with integrated
work.
Obstacles to agile
+
Challenges include resistance to change, unclear requirements, lack of
training,
poor communication, distributed teams, and legacy constraints.
Often should backlog be refined?
+
Ongoing, but typically once per sprint, about 5–10% of the sprint time is
used for
grooming.
Other agile frameworks
+
Kanban, XP (Extreme Programming), SAFe, Crystal, and Lean are major
frameworks
besides Scrum.
Pair programming
+
Two developers work together on one workstation. It improves code quality,
knowledge
sharing, and reduces errors., QA collaborates from the start, writes
acceptance
criteria, tests continuously, and ensures quality through automation and
feedback.
Participates in sprint planning?
+
The Scrum Master, Product Owner, and Development Team participate. PO
clarifies
backlog items, Dev Team estimates effort, and Scrum Master facilitates.
Planning poker
+
A collaborative estimation technique where teams assign story points using
cards.
Helps achieve shared understanding and consensus.
Planning poker?
+
Planning Poker is a consensus-based estimation technique using cards with
story
points.
Popular agile tools
+
Common Agile tools include Jira, Trello, Azure DevOps, Asana, Rally,
Monday.com, and
VersionOne. They help manage backlogs, tasks, sprints, and reporting.
Principles of agile testing
+
Principles include customer-focused testing, continuous feedback, early
testing,
frequent delivery, collaboration, and embracing change. Testing is seen as a
shared
responsibility, not a separate stage.
Product backlog?
+
The product backlog is a prioritized list of features enhancements and fixes
for the
product.
Product backlog?
+
An ordered list of features, bugs, and technical work maintained by the
Product
Owner. It evolves continuously as requirements change.
Product increment?
+
Product increment is the sum of all completed work in a sprint that meets
the
definition of done.
Product owner?
+
Product Owner represents stakeholders manages the backlog and ensures value
delivery.
Product roadmap
+
A strategic plan outlining vision, milestones, timelines, and prioritized
features
for product development.
Purpose of sprint planning
+
Sprint planning determines sprint goals, selects backlog items, and defines
how the
work will be completed.
Qualities of a scrum master
+
A Scrum Master should have communication and facilitation skills,
problem-solving
ability, servant leadership mindset, patience, and knowledge of Agile
principles to
guide the team effectively.
Qualities of an agile tester
+
An Agile tester should be collaborative, adaptable, and proactive. They must
understand business requirements, communicate well, and focus on continuous
improvement and quick feedback cycles.
Refactoring
+
Refactoring improves existing code without changing its external behavior.
It
enhances readability, performance, and maintainability while reducing
technical
debt.
Release candidate
+
A nearly completed product version ready for final testing and approval
before
release.
Responsible for backlog management?
+
The Product Owner is primarily responsible, with input from stakeholders and
the
development team.
Retrospectives improve delivery?
+
They help identify process improvements, bottlenecks, and team collaboration
issues
to improve future sprints.
Role of scrum master in sprint planning?
+
Facilitates discussion, ensures clarity, prevents scope creep, and promotes
team
collaboration.
Role of the scrum master in cross-functional teams?
+
Facilitates collaboration, removes impediments, and promotes
self-organization among
team members.
Safe?
+
SAFe (Scaled Agile Framework) is a framework to scale Agile practices across
large
enterprises.
Scaling agile?
+
Scaling Agile applies Agile practices across multiple teams or large
projects.
scrum & kanban used?
+
Scrum is used where work is iterative with evolving requirements, such as
software
development and product improvement. Kanban is used in support, maintenance,
DevOps,
and continuous delivery environments where work is flow-based rather than
sprint-based.
Scrum cycle length
+
A scrum cycle, or sprint, usually lasts 1–4 weeks. The duration remains
consistent
throughout the project.
Scrum master?
+
Scrum Master facilitates Scrum processes removes impediments and supports
the team.
Scrum of scrums
+
A technique used when multiple scrum teams work together. Representatives
meet to
coordinate dependencies and align progress.
Scrum?
+
Scrum is an Agile framework that uses roles events and artifacts to manage
complex
projects.
Servant leadership?
+
Servant leadership focuses on supporting and enabling the team rather than
directing
it.
Spike & zero sprint
+
A spike is research activity to resolve uncertainty or technical issues.
Zero sprint
(Sprint 0) involves initial setup activities like architecture, environment,
and
backlog preparation before development.
Spike?
+
A spike is a time-boxed research activity to explore a solution or reduce
uncertainty.
Spotify model?
+
Spotify model organizes Agile teams as squads tribes chapters and guilds to
foster
autonomy and alignment.
Sprint backlog vs product backlog
+
The product backlog contains all requirements prioritized by the product
owner,
while the sprint backlog contains the selected items for the current sprint.
Sprint
backlog is short-term; product backlog is long-term.
Sprint backlog?
+
The sprint backlog is a subset of the product backlog selected for
implementation in
a sprint.
Sprint delivery?
+
Sprint delivery is the completion and demonstration of committed backlog
items to
stakeholders at the end of a sprint.
Sprint goal?
+
A short description of what the sprint aims to achieve. It guides the team
and
aligns stakeholders.
Sprint planning, review & retrospective
+
Sprint planning defines sprint goals and backlog. Sprint review demonstrates
work to
stakeholders. Retrospective reflects on improvements.
Sprint planning?
+
Sprint planning is a meeting where the team decides what work will be done
in the
upcoming sprint.
Sprint planning?
+
Sprint Planning is a Scrum ceremony where the team decides which backlog
items to
work on in the upcoming sprint. It defines the sprint goal and estimated
tasks.
Sprint retrospective?
+
Sprint retrospective is a meeting to reflect on the sprint and identify
improvements.
Sprint review?
+
Sprint review is a meeting to demonstrate completed work to stakeholders and
gather
feedback.
Sprint?
+
A sprint is a time-boxed iteration usually 1-4 weeks where a set of work is
completed.
Story points
+
A unit for estimating effort or complexity in Scrum, not tied to time. Helps
predict
workload and sprint capacity.
Story points?
+
Story points are relative measures of effort complexity or risk for user
stories.
Team velocity tracking?
+
Tracking velocity helps predict how much work a team can complete in future
sprints.
Technical debt?
+
Technical debt is the cost of shortcuts or suboptimal solutions that need
refactoring later.
Test-driven development (tdd)
+
TDD involves writing tests before writing code. It ensures better design,
reduces
bugs, and supports regression testing.
Test-driven development (tdd)?
+
TDD is a practice where tests are written before the code to ensure
functionality
meets requirements.
Theme in agile?
+
A theme is a collection of related user stories or epics around a common
objective.
Time-boxing?
+
Time-boxing is allocating a fixed duration to activities to improve focus
and
productivity.
To balance stakeholder requests in backlog?
+
Evaluate based on business value, urgency, dependencies, and capacity.
Communicate
trade-offs transparently.
To control permissions in confluence?
+
Set space-level or page-level permissions for viewing, editing, or
commenting based
on user roles or groups.
To create a kanban board in jira?
+
Create a board from project → select Kanban → configure columns → add issues
for
workflow tracking.
To handle unplanned work during a sprint?
+
Minimize interruptions. If unavoidable, negotiate scope adjustments with PO
and
team. Track and learn for future planning.
To link jira issues in confluence?
+
Use Jira macro to embed issues, sprints, or reports directly into Confluence
pages.
To track progress in jira?
+
Use dashboards, reports, burndown charts, and cumulative flow diagrams.
Tracer bullet
+
A technique delivering a thin working slice of the system early to validate
architecture and direction.
Types of agile methodology.
+
Scrum, Kanban, XP (Extreme Programming), Lean, SAFe, and Crystal are popular
Agile
variants.
Types of burn-down charts
+
Types include sprint burndown, release burndown, and product burndown
charts. Each
offers different timelines and scope levels.
Use agile
+
Avoid Agile in fixed-scope, fixed-budget projects, strict compliance
domains, or
when customer feedback is unavailable.
Use waterfall instead of scrum
+
Use Waterfall when requirements are fixed, documentation-heavy, regulated,
and no
major changes are expected. It fits infrastructure or hardware projects
better.
User story?
+
A user story is a short simple description of a feature from the perspective
of an
end user.
Velocity in agile
+
Velocity measures the amount of work a team completes in a sprint, typically
in
story points. It helps estimate future sprint capacity and planning.
Velocity in agile?
+
Velocity measures the amount of work a team completes in a sprint.
Velocity?
+
Velocity measures the amount of work a team completes in a sprint, often in
story
points. Helps with forecasting.
You balance speed and quality in delivery?
+
Prioritize well-defined backlog items, maintain testing standards, and avoid
overcommitment.
You communicate delivery status to stakeholders?
+
Use sprint reviews, dashboards, Jira reports, and release notes for
transparency.
You ensure effective communication in cross-functional
teams?
+
Daily stand-ups, retrospectives, sprint reviews, shared documentation, and
collaboration tools help maintain transparency.
You ensure quality in delivery?
+
Unit tests, code reviews, automated testing, CI/CD pipelines, and adherence
to
Definition of Done.
You ensure team accountability?
+
Transparent commitments, daily stand-ups, peer reviews, and clear Definition
of
Done.
You ensure timely delivery?
+
Clear sprint goals, proper estimation, daily tracking, and removing blockers
proactively help ensure on-time delivery.
You estimate tasks in sprint planning?
+
Using story points, ideal hours, or T-shirt sizing. Estimation considers
complexity,
effort, and risk.
You handle blocked tasks?
+
Identify blockers early, escalate if needed, and collaborate to remove
impediments
quickly.
You handle changing priorities mid-sprint?
+
Limit mid-sprint changes; negotiate with PO, document impact, and adjust
future
sprint planning.
You handle conflicts in cross-functional teams?
+
Encourage open communication, identify root causes, facilitate discussions,
and
align on shared goals.
You handle incomplete stories at sprint end?
+
Move them back to backlog, review root cause, and include in future sprints
after
re-estimation.
You handle skill gaps in cross-functional teams?
+
Encourage knowledge sharing, mentoring, pair programming, and cross-training
to
build team capability.
You handle technical debt in backlog?
+
Track and prioritize technical debt items along with functional stories to
ensure
system maintainability.
You handle urgent production issues during a sprint?
+
Address them immediately if critical, or plan within sprint buffer. Document
impact
on sprint goals.
You improve team collaboration?
+
Facilitate open communication, collaborative tools, clear goals, and regular
retrospectives.
You manage dependencies across teams?
+
Identify dependencies early, communicate timelines, and coordinate during
planning
and stand-ups.
You manage scope creep during a sprint?
+
Freeze the sprint backlog, handle new requests in the next sprint, and
communicate
priorities clearly.
You measure productivity in cross-functional teams?
+
Use velocity, cycle time, burndown charts, quality metrics, and stakeholder
feedback.
You measure successful delivery?
+
Completion of sprint backlog, meeting Definition of Done, stakeholder
satisfaction,
and business value delivered.
You measure team performance?
+
Velocity, quality metrics, stakeholder satisfaction, sprint predictability,
and
adherence to Definition of Done.
You prioritize backlog items?
+
Using MoSCoW (Must, Should, Could, Won’t), business value, risk,
dependencies, and
ROI.
You track multiple sprints simultaneously?
+
Use program boards, Jira portfolios, or scaled Agile tools like SAFe to
visualize
cross-team progress.
You track sprint progress?
+
Use burndown charts, task boards, and daily stand-ups to monitor completed
versus
remaining work.
12 principles of agile?
+
Principles include customer satisfaction welcoming change frequent delivery
collaboration motivated individuals working software as measure of progress
sustainable development technical excellence simplicity self-organizing
teams
reflection and continuous improvement.
Acceptance criteria?
+
Acceptance criteria define the conditions a user story must meet to be
considered
complete.
Acceptance testing?
+
Acceptance testing verifies that software meets business requirements and
user
expectations.
Adaptive planning?
+
Adaptive planning adjusts plans based on changing requirements and feedback.
Advantages & disadvantages of agile
+
Agile enables faster delivery, better customer collaboration, flexibility to
change,
and improved product quality. However, it may lack predictability, require
experienced teams, and may struggle with large distributed teams or
fixed-budget
environments.
Agile adoption challenges?
+
Challenges include resistance to change lack of management support poor
collaboration and unclear roles.
Agile backlog refinement best practices?
+
Review backlog regularly prioritize items clarify requirements and break
down large
stories.
Agile backlog refinement frequency?
+
Typically done once per sprint to keep backlog up-to-date and prioritized.
Agile ceremonies?
+
Agile ceremonies include sprint planning daily stand-up sprint review and
sprint
retrospective.
Agile change management?
+
Agile change management handles requirement and process changes iteratively
and
collaboratively.
Agile coach?
+
An Agile coach helps teams and organizations adopt and improve Agile
practices.
Agile continuous delivery?
+
Continuous delivery ensures software can be reliably released to production
at any
time.
Agile continuous feedback?
+
Continuous feedback ensures product and process improvements throughout
development.
Agile continuous improvement?
+
Continuous improvement involves inspecting and adapting processes tools and
practices regularly.
Agile cross-functional team benefit?
+
Cross-functional teams reduce handoffs improve collaboration and deliver
faster.
Agile customer collaboration?
+
Customer collaboration involves stakeholders throughout the development
process for
feedback and alignment.
Agile customer value?
+
Customer value refers to delivering features and functionality that meet
user needs
and expectations.
Agile documentation?
+
Agile documentation is concise just enough to support development and
collaboration.
Agile epic decomposition?
+
Breaking epics into smaller actionable user stories for implementation.
Agile estimation techniques?
+
Techniques include story points planning poker T-shirt sizing and affinity
estimation.
Agile estimation?
+
Agile estimation is the process of predicting the effort or complexity of
user
stories or tasks.
Agile frameworks?
+
They are structured methods like Scrum, Kanban, SAFe, and XP that implement
Agile
principles in development.
Agile impediment?
+
Impediment is anything blocking the team from achieving its sprint goal.
Agile kanban vs scrum?
+
Scrum uses sprints and roles; Kanban is continuous and focuses on
visualizing
workflow and limiting WIP.
Agile key success factors?
+
Key factors include collaboration clear vision empowered teams adaptive
planning and
iterative delivery.
Agile manifesto?
+
Agile manifesto is a set of values and principles guiding Agile development.
Agile maturity model?
+
Agile maturity model assesses how effectively an organization applies Agile
practices.
Agile methodology?
+
Agile is an iterative software development approach focusing on flexibility,
customer collaboration, and incremental delivery through continuous
feedback.
Agile metrics?
+
Agile metrics track team performance progress quality and predictability.
Agile mindset?
+
Agile mindset values collaboration flexibility continuous improvement and
delivering
customer value.
Agile mvp vs prototype?
+
MVP delivers minimal usable product; prototype is a preliminary model for
validation
and experimentation.
Agile pair programming?
+
Pair programming involves two developers working together at one workstation
to
improve code quality.
Agile portfolio management?
+
Portfolio management applies Agile principles to manage multiple projects
and
initiatives.
Agile process?
+
Agile process involves planning, developing in small increments, testing,
review,
and adapting based on feedback.
Agile product vision?
+
Product vision defines the long-term goal and direction of the product.
Agile project management?
+
Agile project management applies Agile principles to plan execute and
deliver
projects iteratively.
Agile quality assurance?
+
QA integrates testing early and continuously in the Agile development cycle.
Agile release planning horizon?
+
Defines a planning period for delivering features or increments usually
several
sprints.
Agile release planning?
+
Agile release planning defines a roadmap and schedule for delivering product
increments over multiple sprints.
Agile release train?
+
Release train coordinates multiple teams to deliver value in a predictable
schedule.
Agile retrospection action items?
+
Action items are improvements identified during retrospectives to implement
in
future sprints.
Agile retrospectives?
+
Retrospectives are meetings to reflect on the process discuss improvements
and take
action.
Agile risk management?
+
Agile risk management identifies assesses and mitigates risks iteratively
during
development.
Agile risk mitigation?
+
Risk mitigation involves identifying monitoring and addressing risks
iteratively.
Agile roles and responsibilities?
+
Roles include Product Owner Scrum Master Development Team and Stakeholders.
Agile scaling challenges?
+
Challenges include coordination between teams consistent processes and
maintaining
Agile culture.
Agile servant leadership role?
+
Servant leader supports team autonomy removes impediments and fosters
continuous
improvement.
Agile sprint goal?
+
Sprint goal is a clear objective that guides the team's work during a
sprint.
Agile stakeholder engagement?
+
Engaging stakeholders throughout development for feedback validation and
alignment.
Agile team collaboration?
+
Team collaboration emphasizes communication transparency and shared
responsibility.
Agile testing
+
Agile testing is a continuous testing approach aligned with Agile
development. It
focuses on early defect detection, customer feedback, and testing alongside
development rather than after coding completes.
Agile testing?
+
Agile testing involves continuous testing throughout the development
lifecycle.
Agile timeboxing benefit?
+
Timeboxing improves focus predictability and encourages timely delivery.
Agile?
+
Agile is a methodology for software development that emphasizes iterative
development collaboration and flexibility to change.
Application binary interface
+
ABI defines how software components interact at the binary level. It
standardizes
function calls, data types, and machine interfaces.
Backlog grooming or refinement?
+
The process of reviewing, prioritizing, and estimating backlog items to
ensure
readiness for future sprints.
Backlog grooming/refinement?
+
Backlog grooming is the process of reviewing and prioritizing the product
backlog.
Backlog prioritization?
+
Backlog prioritization determines the order of user stories based on value
risk and
dependencies.
Backlog refinement?
+
Ongoing process of reviewing, clarifying, and estimating backlog items to
prepare
them for future sprints.
Behavior-driven development (bdd)?
+
BDD involves writing tests in natural language to align development with
business
behavior.
Best time to use agile
+
Agile is ideal when requirements are evolving, the project needs frequent
updates,
and user feedback is essential. It suits dynamic environments and
product-based
development.
Build breaker mean?
+
A build breaker is an issue introduced into the codebase that causes the CI
pipeline
or build process to fail. It prevents deployment and needs immediate fixing
before
new features continue.
Burn-down chart?
+
A burn-down chart shows remaining work in a sprint or project over time.
Burn-up & burn-down charts
+
Burn-down charts show remaining work; burn-up charts track completed
progress. Both
help monitor sprint or project progress.
Burn-up chart?
+
A burn-up chart shows work completed versus total work in a project or
release.
Can cross-functional teams work with external
dependencies?
+
Yes, but dependencies should be managed with clear communication, planning,
and
incremental delivery.
Challenges in agile development
+
Unclear requirements, integration issues, team dependencies, cultural
resistance,
and estimation challenges are common.
Common agile metrics
+
Velocity, cycle time, burndown rate, lead time, defect density, and customer
satisfaction are common metrics.
Common agile metrics?
+
Common metrics include velocity burn-down/burn-up charts cycle time lead
time and
cumulative flow.
Confluence page template?
+
Predefined layouts to standardize documentation like architecture diagrams,
meeting
notes, or requirements.
Confluence?
+
Confluence is a collaboration wiki platform for documenting requirements,
architecture, and project knowledge.
Continuous delivery (cd)?
+
CD is the practice of automatically deploying code to production or staging
after
CI.
Continuous integration (ci)?
+
CI is the practice of frequently merging code changes to detect errors
early.
Cross-functional team?
+
A cross-functional team has members with all skills needed to deliver a
product
increment.
Cross-functional team?
+
A team where members have different skills to complete a project from end to
end,
including development, testing, and design.
Cross-functional teams handle knowledge sharing?
+
Through pair programming, documentation, workshops, demos, and
retrospectives.
Cross-functional teams important in agile?
+
They reduce handoffs, improve collaboration, accelerate delivery, and
promote shared
responsibility.
Cross-functional teams improve quality?
+
Integrated expertise reduces errors, promotes early testing, and ensures
design and
code quality throughout the sprint.
Cumulative flow diagram?
+
Visualizes work in different states over time, helping identify bottlenecks
in
workflow.
Cycle time?
+
Time taken from when work starts on a task until it is completed. Helps
measure
efficiency.
Daily stand-up meeting
+
A short 10–15 minute meeting where team members discuss what they completed,
what
they will do next, and any blockers. It improves transparency and
collaboration.
Daily stand-up?
+
Daily stand-up is a short meeting where team members share progress plans
and
blockers.
Definition of done (dod)?
+
DoD is a shared agreement of what constitutes a completed user story or
task.
Definition of done (dod)?
+
Criteria that a backlog item must meet to be considered complete, including
code
quality, testing, and documentation.
Definition of ready (dor)?
+
DoR defines conditions a user story must meet to be eligible for a sprint.
Definition of ready (dor)?
+
Criteria that a backlog item must meet before being pulled into a sprint.
Ensures
clarity and reduces blockers.
Diffbet a bug and a story in the backlog?
+
A bug represents a defect or error; a story is a new feature or enhancement.
Both
are tracked but may differ in priority.
Diffbet agile and devops?
+
Agile focuses on development process; DevOps focuses on development
deployment and
operations collaboration.
Diffbet agile and lean?
+
Agile focuses on iterative development; Lean focuses on waste reduction and
process
optimization.
Diffbet agile and waterfall?
+
Agile is iterative and flexible; Waterfall is sequential and rigid.
Diffbet burnup and burndown charts?
+
Burndown shows remaining work over time; burnup shows work completed and
total scope
over time.
Diffbet cross-functional and functional teams?
+
Cross-functional teams have multiple skill sets in one team; functional
teams are
organized by specialized roles.
Diffbet epic, feature, and user story?
+
Epic is a large goal, Feature is a smaller functionality, User Story is a
detailed,
implementable piece of work.
Diffbet jira and confluence?
+
Jira is for task and project tracking; Confluence is for documentation and
knowledge
management. Both integrate for traceability.
Diffbet product backlog and sprint backlog?
+
Product backlog is the full list of features, bugs, and enhancements. Sprint
backlog
is a subset selected for the sprint.
Diffbet scrum and kanban?
+
Scrum uses fixed sprints and roles; Kanban is continuous and focuses on
workflow
visualization.
Diffbet story points and hours?
+
Story points measure relative effort; hours estimate actual time to complete
a task.
Diffbet waterfall and agile.
+
Waterfall is linear and sequential, while Agile is iterative and flexible.
Agile
adapts to change, whereas Waterfall requires full requirements upfront.
Difference agile vs scrum
+
Agile is a broader methodology mindset, while Scrum is a specific framework
under
Agile. Scrum uses roles, ceremonies, and sprints; Agile provides principles
and
values.
Epic in agile?
+
An Epic is a large user story that can be broken into smaller stories.
Epic, user stories & tasks
+
An epic is a large feature broken into user stories. A user story describes
a
requirement from the user's perspective, and tasks break stories into
development
activities.
Exploratory testing in agile?
+
Exploratory testing is an informal testing approach where testers learn and
test
simultaneously.
Four values of agile manifesto?
+
Values: individuals & interactions > processes & tools working software >
documentation customer collaboration > contract negotiation responding to
change >
following a plan.
Impediment
+
A problem or blocker preventing a team from progressing. Scrum Master helps
resolve
it.
Importance of sprint retrospective?
+
To reflect on the sprint, identify improvements, and strengthen team
collaboration
and processes.
Importance of sprint review?
+
To demonstrate completed work, gather feedback, and validate alignment with
business
goals.
Important parts of agile process.
+
Backlog refinement, sprint cycles, continuous testing, customer involvement,
retrospectives, and deployment.
Increment
+
An increment is the sum of completed product work at the end of a sprint,
delivering
potentially shippable functionality.
Incremental delivery?
+
Delivering working software in small, usable increments rather than waiting
for a
full release.
Incremental vs iterative delivery?
+
Incremental delivers small usable pieces, iterative improves them over
cycles based
on feedback.
Is velocity used in sprint planning?
+
Velocity is the average amount of work completed in previous sprints. It
helps
estimate how much the team can commit to in the current sprint.
Iteration in agile?
+
Iteration is a time-boxed cycle of development also known as a sprint.
Iterative & incremental development
+
Iterative development improves the system through repeated cycles, while
incremental
development delivers the system in small functional parts. Agile combines
both to
deliver working software early and refine it based on feedback.
Jira issue types?
+
Common types: Epic, Story, Task, Bug, Sub-task. Each represents a different
level of
work.
Jira workflow?
+
A sequence of statuses and transitions representing the lifecycle of an
issue.
Supports automation and approvals.
Jira?
+
Jira is a project management tool used for issue tracking, Agile boards,
sprints,
and backlog management.
Kanban
+
Kanban focuses on visual workflow management using a board and continuous
delivery.
Work-in-progress limits help efficiency.
Kanban board?
+
Kanban board visualizes work items workflow stages and progress.
Kanban wip limit?
+
WIP limit restricts the number of work items in progress to improve flow and
reduce
bottlenecks.
Key outputs of sprint planning?
+
Sprint backlog, sprint goal, task estimates, and commitment of the team to
complete
selected items.
Key principles of agile?
+
Key principles include customer collaboration responding to change working
software
and individuals and interactions over processes.
Lead time?
+
Time from backlog item creation to delivery. Useful for overall process
efficiency.
Less?
+
LeSS (Large-Scale Scrum) extends Scrum principles to multiple teams working
on the
same product.
Long should sprint planning take?
+
Typically 2–4 hours for a 2-week sprint. Longer sprints may require more
time
proportionally.
Main roles in scrum
+
Scrum has three key roles: Product Owner, who manages backlog and
priorities; Scrum
Master, who ensures process compliance and removes blockers; and the
Development
Team, responsible for delivering increments every sprint.
Major agile components.
+
User stories, sprint planning, backlog, iterations, stand-up meetings,
sprint
reviews, and retrospectives.
Minimum viable product (mvp)?
+
MVP is the simplest version of a product that delivers value and can gather
feedback.
Moscow prioritization?
+
MoSCoW prioritization categorizes backlog items as Must have Should have
Could have
and Won't have.
Nexus?
+
Nexus is a framework to scale Scrum across multiple teams with integrated
work.
Obstacles to agile
+
Challenges include resistance to change, unclear requirements, lack of
training,
poor communication, distributed teams, and legacy constraints.
Often should backlog be refined?
+
Ongoing, but typically once per sprint, about 5–10% of the sprint time is
used for
grooming.
Other agile frameworks
+
Kanban, XP (Extreme Programming), SAFe, Crystal, and Lean are major
frameworks
besides Scrum.
Pair programming
+
Two developers work together on one workstation. It improves code quality,
knowledge
sharing, and reduces errors., QA collaborates from the start, writes
acceptance
criteria, tests continuously, and ensures quality through automation and
feedback.
Participates in sprint planning?
+
The Scrum Master, Product Owner, and Development Team participate. PO
clarifies
backlog items, Dev Team estimates effort, and Scrum Master facilitates.
Planning poker
+
A collaborative estimation technique where teams assign story points using
cards.
Helps achieve shared understanding and consensus.
Planning poker?
+
Planning Poker is a consensus-based estimation technique using cards with
story
points.
Popular agile tools
+
Common Agile tools include Jira, Trello, Azure DevOps, Asana, Rally,
Monday.com, and
VersionOne. They help manage backlogs, tasks, sprints, and reporting.
Principles of agile testing
+
Principles include customer-focused testing, continuous feedback, early
testing,
frequent delivery, collaboration, and embracing change. Testing is seen as a
shared
responsibility, not a separate stage.
Product backlog?
+
The product backlog is a prioritized list of features enhancements and fixes
for the
product.
Product backlog?
+
An ordered list of features, bugs, and technical work maintained by the
Product
Owner. It evolves continuously as requirements change.
Product increment?
+
Product increment is the sum of all completed work in a sprint that meets
the
definition of done.
Product owner?
+
Product Owner represents stakeholders manages the backlog and ensures value
delivery.
Product roadmap
+
A strategic plan outlining vision, milestones, timelines, and prioritized
features
for product development.
Purpose of sprint planning
+
Sprint planning determines sprint goals, selects backlog items, and defines
how the
work will be completed.
Qualities of a scrum master
+
A Scrum Master should have communication and facilitation skills,
problem-solving
ability, servant leadership mindset, patience, and knowledge of Agile
principles to
guide the team effectively.
Qualities of an agile tester
+
An Agile tester should be collaborative, adaptable, and proactive. They must
understand business requirements, communicate well, and focus on continuous
improvement and quick feedback cycles.
Refactoring
+
Refactoring improves existing code without changing its external behavior.
It
enhances readability, performance, and maintainability while reducing
technical
debt.
Release candidate
+
A nearly completed product version ready for final testing and approval
before
release.
Responsible for backlog management?
+
The Product Owner is primarily responsible, with input from stakeholders and
the
development team.
Retrospectives improve delivery?
+
They help identify process improvements, bottlenecks, and team collaboration
issues
to improve future sprints.
Role of scrum master in sprint planning?
+
Facilitates discussion, ensures clarity, prevents scope creep, and promotes
team
collaboration.
Role of the scrum master in cross-functional teams?
+
Facilitates collaboration, removes impediments, and promotes
self-organization among
team members.
Safe?
+
SAFe (Scaled Agile Framework) is a framework to scale Agile practices across
large
enterprises.
Scaling agile?
+
Scaling Agile applies Agile practices across multiple teams or large
projects.
scrum & kanban used?
+
Scrum is used where work is iterative with evolving requirements, such as
software
development and product improvement. Kanban is used in support, maintenance,
DevOps,
and continuous delivery environments where work is flow-based rather than
sprint-based.
Scrum cycle length
+
A scrum cycle, or sprint, usually lasts 1–4 weeks. The duration remains
consistent
throughout the project.
Scrum master?
+
Scrum Master facilitates Scrum processes removes impediments and supports
the team.
Scrum of scrums
+
A technique used when multiple scrum teams work together. Representatives
meet to
coordinate dependencies and align progress.
Scrum?
+
Scrum is an Agile framework that uses roles events and artifacts to manage
complex
projects.
Servant leadership?
+
Servant leadership focuses on supporting and enabling the team rather than
directing
it.
Spike & zero sprint
+
A spike is research activity to resolve uncertainty or technical issues.
Zero sprint
(Sprint 0) involves initial setup activities like architecture, environment,
and
backlog preparation before development.
Spike?
+
A spike is a time-boxed research activity to explore a solution or reduce
uncertainty.
Spotify model?
+
Spotify model organizes Agile teams as squads tribes chapters and guilds to
foster
autonomy and alignment.
Sprint backlog vs product backlog
+
The product backlog contains all requirements prioritized by the product
owner,
while the sprint backlog contains the selected items for the current sprint.
Sprint
backlog is short-term; product backlog is long-term.
Sprint backlog?
+
The sprint backlog is a subset of the product backlog selected for
implementation in
a sprint.
Sprint delivery?
+
Sprint delivery is the completion and demonstration of committed backlog
items to
stakeholders at the end of a sprint.
Sprint goal?
+
A short description of what the sprint aims to achieve. It guides the team
and
aligns stakeholders.
Sprint planning, review & retrospective
+
Sprint planning defines sprint goals and backlog. Sprint review demonstrates
work to
stakeholders. Retrospective reflects on improvements.
Sprint planning?
+
Sprint planning is a meeting where the team decides what work will be done
in the
upcoming sprint.
Sprint planning?
+
Sprint Planning is a Scrum ceremony where the team decides which backlog
items to
work on in the upcoming sprint. It defines the sprint goal and estimated
tasks.
Sprint retrospective?
+
Sprint retrospective is a meeting to reflect on the sprint and identify
improvements.
Sprint review?
+
Sprint review is a meeting to demonstrate completed work to stakeholders and
gather
feedback.
Sprint?
+
A sprint is a time-boxed iteration usually 1-4 weeks where a set of work is
completed.
Story points
+
A unit for estimating effort or complexity in Scrum, not tied to time. Helps
predict
workload and sprint capacity.
Story points?
+
Story points are relative measures of effort complexity or risk for user
stories.
Team velocity tracking?
+
Tracking velocity helps predict how much work a team can complete in future
sprints.
Technical debt?
+
Technical debt is the cost of shortcuts or suboptimal solutions that need
refactoring later.
Test-driven development (tdd)
+
TDD involves writing tests before writing code. It ensures better design,
reduces
bugs, and supports regression testing.
Test-driven development (tdd)?
+
TDD is a practice where tests are written before the code to ensure
functionality
meets requirements.
Theme in agile?
+
A theme is a collection of related user stories or epics around a common
objective.
Time-boxing?
+
Time-boxing is allocating a fixed duration to activities to improve focus
and
productivity.
To balance stakeholder requests in backlog?
+
Evaluate based on business value, urgency, dependencies, and capacity.
Communicate
trade-offs transparently.
To control permissions in confluence?
+
Set space-level or page-level permissions for viewing, editing, or
commenting based
on user roles or groups.
To create a kanban board in jira?
+
Create a board from project → select Kanban → configure columns → add issues
for
workflow tracking.
To handle unplanned work during a sprint?
+
Minimize interruptions. If unavoidable, negotiate scope adjustments with PO
and
team. Track and learn for future planning.
To link jira issues in confluence?
+
Use Jira macro to embed issues, sprints, or reports directly into Confluence
pages.
To track progress in jira?
+
Use dashboards, reports, burndown charts, and cumulative flow diagrams.
Tracer bullet
+
A technique delivering a thin working slice of the system early to validate
architecture and direction.
Types of agile methodology.
+
Scrum, Kanban, XP (Extreme Programming), Lean, SAFe, and Crystal are popular
Agile
variants.
Types of burn-down charts
+
Types include sprint burndown, release burndown, and product burndown
charts. Each
offers different timelines and scope levels.
Use agile
+
Avoid Agile in fixed-scope, fixed-budget projects, strict compliance
domains, or
when customer feedback is unavailable.
Use waterfall instead of scrum
+
Use Waterfall when requirements are fixed, documentation-heavy, regulated,
and no
major changes are expected. It fits infrastructure or hardware projects
better.
User story?
+
A user story is a short simple description of a feature from the perspective
of an
end user.
Velocity in agile
+
Velocity measures the amount of work a team completes in a sprint, typically
in
story points. It helps estimate future sprint capacity and planning.
Velocity in agile?
+
Velocity measures the amount of work a team completes in a sprint.
Velocity?
+
Velocity measures the amount of work a team completes in a sprint, often in
story
points. Helps with forecasting.
You balance speed and quality in delivery?
+
Prioritize well-defined backlog items, maintain testing standards, and avoid
overcommitment.
You communicate delivery status to stakeholders?
+
Use sprint reviews, dashboards, Jira reports, and release notes for
transparency.
You ensure effective communication in cross-functional
teams?
+
Daily stand-ups, retrospectives, sprint reviews, shared documentation, and
collaboration tools help maintain transparency.
You ensure quality in delivery?
+
Unit tests, code reviews, automated testing, CI/CD pipelines, and adherence
to
Definition of Done.
You ensure team accountability?
+
Transparent commitments, daily stand-ups, peer reviews, and clear Definition
of
Done.
You ensure timely delivery?
+
Clear sprint goals, proper estimation, daily tracking, and removing blockers
proactively help ensure on-time delivery.
You estimate tasks in sprint planning?
+
Using story points, ideal hours, or T-shirt sizing. Estimation considers
complexity,
effort, and risk.
You handle blocked tasks?
+
Identify blockers early, escalate if needed, and collaborate to remove
impediments
quickly.
You handle changing priorities mid-sprint?
+
Limit mid-sprint changes; negotiate with PO, document impact, and adjust
future
sprint planning.
You handle conflicts in cross-functional teams?
+
Encourage open communication, identify root causes, facilitate discussions,
and
align on shared goals.
You handle incomplete stories at sprint end?
+
Move them back to backlog, review root cause, and include in future sprints
after
re-estimation.
You handle skill gaps in cross-functional teams?
+
Encourage knowledge sharing, mentoring, pair programming, and cross-training
to
build team capability.
You handle technical debt in backlog?
+
Track and prioritize technical debt items along with functional stories to
ensure
system maintainability.
You handle urgent production issues during a sprint?
+
Address them immediately if critical, or plan within sprint buffer. Document
impact
on sprint goals.
You improve team collaboration?
+
Facilitate open communication, collaborative tools, clear goals, and regular
retrospectives.
You manage dependencies across teams?
+
Identify dependencies early, communicate timelines, and coordinate during
planning
and stand-ups.
You manage scope creep during a sprint?
+
Freeze the sprint backlog, handle new requests in the next sprint, and
communicate
priorities clearly.
You measure productivity in cross-functional teams?
+
Use velocity, cycle time, burndown charts, quality metrics, and stakeholder
feedback.
You measure successful delivery?
+
Completion of sprint backlog, meeting Definition of Done, stakeholder
satisfaction,
and business value delivered.
You measure team performance?
+
Velocity, quality metrics, stakeholder satisfaction, sprint predictability,
and
adherence to Definition of Done.
You prioritize backlog items?
+
Using MoSCoW (Must, Should, Could, Won’t), business value, risk,
dependencies, and
ROI.
You track multiple sprints simultaneously?
+
Use program boards, Jira portfolios, or scaled Agile tools like SAFe to
visualize
cross-team progress.
You track sprint progress?
+
Use burndown charts, task boards, and daily stand-ups to monitor completed
versus
remaining work.
What is Agile?
+
Agile is a software development methodology that emphasizes iterative
development,
collaboration, and flexibility to change.
What is Agile methodology?
+
Agile methodology is an iterative approach focused on delivering working
software in
small increments with continuous feedback.
What is the Agile mindset?
+
Agile mindset values collaboration, adaptability, continuous improvement,
and
delivering customer value.
What is the Agile process?
+
Agile process involves planning, developing in small increments, testing,
reviewing,
and adapting based on feedback.
What are the important parts of the Agile process?
+
Backlog refinement, sprint cycles, continuous testing, customer involvement,
retrospectives, and deployment.
What is iterative development in Agile?
+
Iterative development improves the product through repeated cycles based on
feedback.
What is incremental delivery?
+
Incremental delivery provides working software in small usable portions
rather than
a single final release.
What is iterative vs incremental development?
+
Iterative improves existing functionality, while incremental delivers new
functionality in parts.
What is an Agile increment?
+
An increment is the sum of completed work at the end of a sprint that meets
the
Definition of Done.
What is incremental vs iterative delivery?
+
Incremental delivers usable features, while iterative refines those features
over
time.
What is Agile customer collaboration?
+
Customer collaboration involves engaging stakeholders continuously for
feedback and
alignment.
What is Agile customer value?
+
Customer value means delivering features that meet real user needs and
expectations.
What is Agile documentation?
+
Agile documentation is lightweight and just enough to support development
and
collaboration.
What is adaptive planning?
+
Adaptive planning adjusts plans based on evolving requirements and feedback.
What is Agile continuous feedback?
+
Continuous feedback ensures improvements in product and process throughout
development.
What is Agile continuous improvement?
+
Continuous improvement focuses on regularly inspecting and adapting
processes and
practices.
When should Agile be used?
+
Agile is best used when requirements evolve and frequent customer feedback
is
required.
When should Agile be avoided?
+
Avoid Agile in fixed-scope, fixed-budget, or highly regulated projects with
minimal
change.
What are the key success factors of Agile?
+
Collaboration, empowered teams, clear vision, adaptive planning, and
iterative
delivery.
What are the challenges in Agile development?
+
Unclear requirements, dependencies, cultural resistance, and estimation
challenges.
What are common obstacles to Agile adoption?
+
Resistance to change, lack of training, poor communication, and legacy
constraints.
What is Agile change management?
+
Agile change management handles requirement and process changes iteratively
and
collaboratively.
What is Agile maturity model?
+
Agile maturity model measures how effectively Agile practices are adopted in
an
organization.
What is the Agile Manifesto?
+
The Agile Manifesto is a set of values and principles that guide Agile
software
development.
What are the four values of the Agile Manifesto?
+
Individuals and interactions over processes and tools, working software over
comprehensive documentation, customer collaboration over contract
negotiation, and
responding to change over following a plan.
What does “individuals and interactions over processes
and tools” mean?
+
It emphasizes people and communication as more important than rigid
processes or
tools.
What does “working software over comprehensive
documentation” mean?
+
It prioritizes delivering functional software rather than excessive
documentation.
What does “customer collaboration over contract
negotiation” mean?
+
It focuses on continuous stakeholder involvement instead of strict
contractual
boundaries.
What does “responding to change over following a plan”
mean?
+
It values adaptability to change rather than strictly sticking to predefined
plans.
How many principles are defined in Agile?
+
There are 12 principles defined in Agile.
What is the first principle of Agile?
+
The highest priority is to satisfy the customer through early and continuous
delivery of valuable software.
What does welcoming change mean in Agile?
+
Agile welcomes changing requirements, even late in development, to deliver
customer
value.
What does frequent delivery mean in Agile?
+
Delivering working software frequently in short time frames.
What does collaboration in Agile principles emphasize?
+
Close, daily collaboration between business stakeholders and developers.
What are motivated individuals in Agile principles?
+
Teams should be built around motivated individuals and trusted to get the
job done.
What does working software as a measure of progress
mean?
+
Progress is measured by functional software rather than documentation or
plans.
What does sustainable development mean in Agile?
+
Teams should maintain a constant pace indefinitely without burnout.
What does technical excellence mean in Agile?
+
Continuous focus on good design and technical quality enhances agility.
What does simplicity mean in Agile principles?
+
Maximizing the amount of work not done is essential.
What are self-organizing teams in Agile?
+
Teams that decide how best to accomplish work without external direction.
What does regular reflection mean in Agile?
+
Teams regularly reflect on how to become more effective and adjust behavior.
What is continuous improvement in Agile principles?
+
Ongoing inspection and adaptation to improve processes and outcomes.
What are the key principles of Agile?
+
Customer collaboration, responding to change, working software, and
empowered teams.
What are Agile frameworks?
+
Agile frameworks are structured methods that implement Agile principles in
software
development.
What are the common types of Agile frameworks?
+
Scrum, Kanban, XP (Extreme Programming), Lean, SAFe, Crystal, LeSS, Nexus,
and
Spotify model.
What is Scrum?
+
Scrum is an Agile framework that uses defined roles, events, and artifacts
to manage
complex projects.
What is Kanban?
+
Kanban is an Agile framework focused on visualizing workflow and enabling
continuous
delivery using WIP limits.
What is SAFe?
+
SAFe (Scaled Agile Framework) is used to scale Agile practices across large
enterprises.
What is Extreme Programming (XP)?
+
XP is an Agile framework emphasizing technical practices like TDD, pair
programming,
and continuous integration.
What is Lean in Agile?
+
Lean focuses on eliminating waste, optimizing flow, and delivering value
efficiently.
What is Crystal framework?
+
Crystal is a family of Agile methodologies focused on people, interaction,
and
project size.
What is LeSS?
+
LeSS (Large-Scale Scrum) extends Scrum principles to multiple teams working
on a
single product.
What is Nexus?
+
Nexus is a framework designed to scale Scrum for multiple teams with
integrated
work.
What is the Spotify model?
+
Spotify model organizes teams into squads, tribes, chapters, and guilds to
promote
autonomy and alignment.
When should Scrum be used?
+
Scrum is best used for projects with evolving requirements and iterative
delivery
needs.
When should Kanban be used?
+
Kanban is ideal for maintenance, support, DevOps, and continuous flow-based
work.
What is Scrum vs Kanban usage difference?
+
Scrum is sprint-based, while Kanban is continuous and flow-based.
What is Agile vs Scrum?
+
Agile is a mindset and methodology, while Scrum is a specific framework
under Agile.
What is Agile vs Lean?
+
Agile focuses on iterative development, while Lean focuses on waste
reduction and
process optimization.
What is Agile vs SAFe?
+
Agile applies to individual teams, while SAFe scales Agile across large
organizations.
What is the role of frameworks in Agile?
+
Frameworks provide structure to apply Agile values and principles
effectively.
What are the main roles in Scrum?
+
Product Owner, Scrum Master, and Development Team are the three main Scrum
roles.
Who is the Product Owner?
+
The Product Owner represents stakeholders and is responsible for maximizing
product
value.
What are the responsibilities of a Product Owner?
+
Managing the product backlog, prioritizing items, defining product vision,
and
ensuring value delivery.
Who is responsible for backlog management?
+
The Product Owner is primarily responsible for managing and prioritizing the
backlog.
Who is the Scrum Master?
+
The Scrum Master facilitates Scrum practices and helps the team follow Agile
principles.
What are the responsibilities of a Scrum Master?
+
Facilitating ceremonies, removing impediments, coaching the team, and
ensuring Scrum
adherence.
What is servant leadership in Scrum?
+
Servant leadership focuses on supporting and enabling the team rather than
directing
them.
What is the role of Scrum Master as a servant leader?
+
The Scrum Master removes obstacles, empowers the team, and fosters
continuous
improvement.
Who is the Development Team?
+
The Development Team is a cross-functional group responsible for delivering
product
increments.
What are the responsibilities of the Development Team?
+
Designing, developing, testing, and delivering working software each sprint.
What is a cross-functional team?
+
A team with all skills required to deliver a product increment end to end.
Why are cross-functional teams important in Agile?
+
They reduce handoffs, improve collaboration, and accelerate delivery.
How do cross-functional teams improve quality?
+
Integrated expertise enables early testing, better design, and fewer
defects.
Can cross-functional teams work with external
dependencies?
+
Yes, with proper coordination, communication, and planning.
How do cross-functional teams handle knowledge
sharing?
+
Through pair programming, documentation, workshops, and retrospectives.
Who are stakeholders in Scrum?
+
Stakeholders are individuals or groups with interest or influence over the
product.
Who participates in sprint planning?
+
Product Owner, Scrum Master, and Development Team participate in sprint
planning.
What are the qualities of a Scrum Master?
+
Strong communication, facilitation skills, servant leadership mindset, and
Agile
knowledge.
What are the qualities of an Agile tester?
+
Collaboration, adaptability, business understanding, and focus on continuous
improvement.
What are Scrum ceremonies?
+
Scrum ceremonies are time-boxed events used to plan, inspect, and adapt work
in
Scrum.
What are the main Scrum ceremonies?
+
Sprint Planning, Daily Stand-up, Sprint Review, and Sprint Retrospective.
What is a Sprint?
+
A Sprint is a time-boxed iteration, usually 1–4 weeks, where work is
completed.
What is the Scrum cycle length?
+
The Scrum cycle or sprint typically lasts between 1 and 4 weeks.
What is Sprint Planning?
+
Sprint Planning is a meeting where the team decides what work will be done
in the
upcoming sprint.
What is the purpose of Sprint Planning?
+
To define the sprint goal, select backlog items, and plan how the work will
be
completed.
How long should Sprint Planning take?
+
Typically 2–4 hours for a two-week sprint.
What are the key outputs of Sprint Planning?
+
Sprint goal, sprint backlog, task estimates, and team commitment.
Who participates in Sprint Planning?
+
Product Owner, Scrum Master, and Development Team.
What is a Daily Stand-up?
+
A short 10–15 minute daily meeting where the team shares progress, plans,
and
blockers.
What is the purpose of Daily Stand-up?
+
To improve communication, transparency, and identify impediments early.
What is Sprint Review?
+
Sprint Review is a meeting to demonstrate completed work and gather
stakeholder
feedback.
What is the importance of Sprint Review?
+
To validate delivered work and align with business goals.
What is Sprint Retrospective?
+
Sprint Retrospective is a meeting to reflect on the sprint and identify
improvements.
What is the importance of Sprint Retrospective?
+
To improve processes, teamwork, and delivery in future sprints.
What are sprint retrospection action items?
+
Improvements identified during retrospectives to apply in upcoming sprints.
What is sprint delivery?
+
Sprint delivery is the completion and demonstration of committed backlog
items.
What is sprint goal?
+
Sprint goal is a short statement describing what the sprint aims to achieve.
What is sprint planning, review, and retrospective?
+
They are ceremonies used to plan work, review outcomes, and improve
processes.
What are Agile artifacts?
+
Agile artifacts are documents or tools that provide transparency and
opportunities
for inspection and adaptation.
What are the main Agile artifacts in Scrum?
+
Product Backlog, Sprint Backlog, and Increment.
What is the Product Backlog?
+
The Product Backlog is an ordered list of features, enhancements, bugs, and
technical work for the product.
Who maintains the Product Backlog?
+
The Product Owner is responsible for maintaining and prioritizing the
Product
Backlog.
What is Sprint Backlog?
+
The Sprint Backlog is a subset of the Product Backlog selected for
implementation in
a sprint.
What is the difference between Product Backlog and
Sprint Backlog?
+
Product Backlog is long-term and evolving, while Sprint Backlog is
short-term and
sprint-specific.
What is an Increment?
+
An Increment is the sum of all completed work in a sprint that meets the
Definition
of Done.
What is Product Increment?
+
Product Increment is the potentially shippable functionality delivered at
the end of
a sprint.
What is Definition of Done (DoD)?
+
DoD is a shared agreement defining when a backlog item is considered
complete.
What does Definition of Done include?
+
Code quality, testing, documentation, and acceptance criteria completion.
What is Definition of Ready (DoR)?
+
DoR defines conditions a backlog item must meet before being taken into a
sprint.
What does Definition of Ready include?
+
Clear description, acceptance criteria, estimation, and no major
dependencies.
Why is Definition of Done important?
+
It ensures quality, consistency, and transparency of completed work.
Why is Definition of Ready important?
+
It reduces uncertainty and prevents blockers during the sprint.
What is Sprint Backlog vs Product Backlog?
+
Sprint Backlog contains sprint-specific work, while Product Backlog contains
all
product requirements.
What is backlog management?
+
Backlog management is the process of creating, prioritizing, and maintaining
backlog
items.
What is backlog refinement?
+
Backlog refinement is the ongoing process of reviewing, clarifying, and
estimating
backlog items.
What is backlog grooming?
+
Backlog grooming is the practice of prioritizing and preparing backlog items
for
future sprints.
Is backlog grooming and backlog refinement the same?
+
Yes, both terms refer to the same backlog preparation activity.
How often should backlog refinement be done?
+
Typically once per sprint on an ongoing basis.
How much time is spent on backlog refinement?
+
Around 5–10% of the team’s sprint capacity.
What are backlog refinement best practices?
+
Regular review, clear requirements, prioritization, and breaking large
stories.
What is backlog prioritization?
+
Backlog prioritization determines the order of backlog items based on value,
risk,
and dependencies.
What techniques are used for backlog prioritization?
+
MoSCoW, business value, risk, ROI, and dependency analysis.
What is an Epic in Agile?
+
An Epic is a large requirement that can be broken into smaller user stories.
What is epic decomposition?
+
Breaking epics into smaller, manageable user stories.
What is a User Story?
+
A user story is a short description of a feature from the end-user
perspective.
What are tasks in Agile?
+
Tasks are technical activities required to complete a user story.
What is the difference between epic, user story, and
task?
+
Epic is large, user story is implementable, and task is a development
activity.
What is a Theme in Agile?
+
A theme is a group of related epics or stories aligned to a common
objective.
What is Minimum Viable Product (MVP)?
+
MVP is the simplest product version that delivers value and collects
feedback.
What is MVP vs prototype?
+
MVP is usable and delivers value, while a prototype is used for
experimentation.
How do you balance stakeholder requests in the
backlog?
+
By evaluating business value, urgency, dependencies, and team capacity.
What is Agile estimation?
+
Agile estimation is the process of predicting effort or complexity of
backlog items.
What are Agile estimation techniques?
+
Story points, planning poker, T-shirt sizing, and affinity estimation.
What are story points?
+
Story points are relative measures of effort, complexity, or risk for a user
story.
Why are story points used instead of hours?
+
They avoid false precision and focus on relative complexity rather than
time.
What is planning poker?
+
Planning poker is a collaborative estimation technique using cards to reach
consensus.
What is T-shirt sizing?
+
T-shirt sizing estimates work using sizes like XS, S, M, L, and XL.
What is affinity estimation?
+
Affinity estimation groups similar-sized stories to estimate large backlogs
quickly.
What is velocity in Agile?
+
Velocity measures the amount of work completed by a team in a sprint.
Is velocity used in sprint planning?
+
Yes, velocity helps determine how much work the team can commit to in a
sprint.
What is team velocity tracking?
+
Tracking velocity helps forecast future sprint capacity.
What is sprint planning?
+
Sprint planning is the event where the team selects backlog items for the
sprint.
What is the purpose of sprint planning?
+
To define sprint goals and plan the work required to achieve them.
How do you estimate tasks in sprint planning?
+
Using story points, ideal hours, or T-shirt sizing.
What is release planning?
+
Release planning defines a roadmap for delivering features over multiple
sprints.
What is release planning horizon?
+
It defines the time period covered by a release plan.
What is time-boxing?
+
Time-boxing assigns a fixed duration to activities to improve focus and
predictability.
What are Agile metrics?
+
Agile metrics measure team performance, progress, quality, and
predictability.
What are common Agile metrics?
+
Velocity, cycle time, lead time, burndown, burnup, and cumulative flow.
What is a burndown chart?
+
A burndown chart shows remaining work over time in a sprint or project.
What are types of burndown charts?
+
Sprint burndown, release burndown, and product burndown charts.
What is a burnup chart?
+
A burnup chart shows completed work versus total scope over time.
What is the difference between burnup and burndown
charts?
+
Burndown tracks remaining work, while burnup tracks completed work and scope
changes.
What is a cumulative flow diagram (CFD)?
+
CFD visualizes work in different states over time to identify bottlenecks.
What is velocity?
+
Velocity is the amount of work completed by a team in a sprint.
What is cycle time?
+
Cycle time is the time taken from starting work on a task until completion.
What is lead time?
+
Lead time is the time from backlog item creation to delivery.
How do you track sprint progress?
+
Using burndown charts, task boards, and daily stand-ups.
How do you measure productivity in Agile teams?
+
Using velocity, cycle time, quality metrics, and stakeholder feedback.
How do you measure team performance?
+
By tracking velocity, quality, predictability, and customer satisfaction.
How do you measure successful delivery?
+
By meeting sprint goals, Definition of Done, and delivering business value.
How do you track multiple sprints or teams?
+
Using dashboards, program boards, and scaled Agile tools.
What is Agile testing?
+
Agile testing is a continuous testing approach aligned with Agile
development.
Why is testing continuous in Agile?
+
Because testing starts early and runs throughout the development lifecycle.
What are the principles of Agile testing?
+
Early testing, continuous feedback, collaboration, and customer focus.
What is Test-Driven Development (TDD)?
+
TDD is a practice where tests are written before writing code.
Why is TDD used?
+
To improve design, reduce defects, and support regression testing.
What is Behavior-Driven Development (BDD)?
+
BDD is a testing approach using natural language to describe system
behavior.
What is exploratory testing in Agile?
+
Exploratory testing involves simultaneous learning, test design, and
execution.
What is Definition of Done (DoD) in testing?
+
DoD ensures testing criteria are met before work is considered complete.
What is acceptance criteria?
+
Acceptance criteria define conditions a user story must meet to be accepted.
What is acceptance testing?
+
Acceptance testing verifies that software meets business requirements.
What is refactoring?
+
Refactoring improves internal code structure without changing behavior.
Why is refactoring important?
+
It improves readability, maintainability, and reduces technical debt.
What is technical debt?
+
Technical debt is the cost of quick or suboptimal solutions requiring future
fixes.
How do you ensure quality in Agile delivery?
+
Through automated testing, code reviews, CI/CD, and adherence to DoD.
What is the role of QA in Agile?
+
QA collaborates early, defines acceptance criteria, and ensures continuous
quality.
What is DevOps?
+
DevOps is a culture and practice that improves collaboration between
development and
operations teams.
What is the difference between Agile and DevOps?
+
Agile focuses on development practices, while DevOps focuses on delivery and
operations collaboration.
What is Continuous Integration (CI)?
+
CI is the practice of frequently merging code changes to detect issues
early.
What is Continuous Delivery (CD)?
+
CD ensures software can be released to production reliably at any time.
What is the benefit of CI/CD in Agile?
+
It enables faster feedback, early defect detection, and frequent releases.
What is a build breaker?
+
A build breaker is an issue that causes the CI build or pipeline to fail.
What should be done when a build is broken?
+
It should be fixed immediately before continuing new development.
What is a release candidate?
+
A release candidate is a near-final product version ready for final testing.
What is incremental delivery?
+
Incremental delivery releases working software in small usable parts.
What is sprint delivery?
+
Sprint delivery is the completion and demonstration of committed sprint
work.
What is tracer bullet technique?
+
Tracer bullet delivers a thin working slice early to validate architecture.
How do you ensure timely delivery in Agile?
+
By clear sprint goals, proper estimation, daily tracking, and removing
blockers.
How do you balance speed and quality in delivery?
+
By prioritizing quality standards, testing automation, and avoiding
overcommitment.
What is Scaling Agile?
+
Scaling Agile applies Agile practices across multiple teams or large
projects.
Why is Scaling Agile needed?
+
To coordinate multiple teams, manage dependencies, and deliver value at
scale.
What is SAFe?
+
SAFe is a framework used to scale Agile across large enterprises.
What is an Agile Release Train?
+
An Agile Release Train is a long-lived team of teams delivering value on a
fixed
schedule.
What is Scrum of Scrums?
+
Scrum of Scrums is a coordination technique where multiple Scrum teams
synchronize
work.
Who participates in Scrum of Scrums?
+
Representatives from each Scrum team participate to coordinate dependencies.
What is Agile portfolio management?
+
Portfolio management applies Agile principles to manage multiple initiatives
and
investments.
What are scaling challenges in Agile?
+
Coordination, maintaining consistency, dependency management, and cultural
alignment.
What is LeSS in scaling Agile?
+
LeSS scales Scrum principles across multiple teams working on one product.
What is Nexus framework?
+
Nexus provides integration-focused scaling of Scrum for multiple teams.
What is the Spotify model?
+
Spotify model structures teams into squads, tribes, chapters, and guilds.
What are the benefits of scaling Agile?
+
Faster delivery, better alignment, improved transparency, and shared
ownership.
What are Agile tools?
+
Agile tools help teams plan, track, collaborate, and report Agile work.
What is Jira?
+
Jira is a project management tool used for issue tracking, sprints, and
backlog
management.
What are Jira issue types?
+
Epic, Story, Task, Bug, and Sub-task are common Jira issue types.
What is a Jira workflow?
+
A Jira workflow defines the statuses and transitions of an issue lifecycle.
How do you track progress in Jira?
+
Using dashboards, reports, burndown charts, and cumulative flow diagrams.
How do you create a Kanban board in Jira?
+
Create a board, select Kanban, configure columns, and add issues.
What is Confluence?
+
Confluence is a collaboration wiki used for documentation and knowledge
sharing.
What is a Confluence page template?
+
A predefined layout for standardizing documentation like meeting notes or
designs.
How do you control permissions in Confluence?
+
By setting space-level or page-level permissions.
How do you link Jira issues in Confluence?
+
Using Jira macros to embed issues or reports.
What is backlog tracking in Agile tools?
+
Managing and prioritizing backlog items using boards and reports.
What are popular Agile tools?
+
Jira, Trello, Azure DevOps, Asana, Rally, Monday.com, and VersionOne.
What is the difference between Agile and Waterfall?
+
Agile is iterative and flexible, while Waterfall is linear and sequential.
What is the difference between Waterfall and Agile?
+
Waterfall requires fixed requirements upfront, while Agile adapts to change.
What is the difference between Agile and Scrum?
+
Agile is a mindset and methodology, while Scrum is a framework under Agile.
What is the difference between Scrum and Kanban?
+
Scrum uses fixed sprints and roles, while Kanban focuses on continuous flow
and WIP
limits.
What is the difference between Agile and DevOps?
+
Agile focuses on development practices, while DevOps focuses on deployment
and
operations.
What is the difference between Agile and Lean?
+
Agile emphasizes iterative delivery, while Lean focuses on waste reduction.
What is the difference between Scrum and Waterfall?
+
Scrum is adaptive and iterative, while Waterfall follows a fixed sequential
flow.
What is the difference between Epic, Feature, and User
Story?
+
Epic is large, Feature is mid-level, and User Story is implementable work.
What is the difference between Epic, User Story, and
Task?
+
Epic is broken into stories, and stories are broken into tasks.
What is the difference between Product Backlog and
Sprint Backlog?
+
Product Backlog contains all requirements, while Sprint Backlog contains
sprint-selected items.
What is the difference between Sprint Backlog and
Product Backlog?
+
Sprint Backlog is short-term and sprint-specific, while Product Backlog is
long-term.
What is the difference between Story Points and Hours?
+
Story points measure relative effort, while hours measure actual time.
What is the difference between Burnup and Burndown
charts?
+
Burndown shows remaining work, while burnup shows completed work and scope.
What is the difference between Cross-functional and
Functional teams?
+
Cross-functional teams have multiple skills, while functional teams are
role-based.
What is the difference between Incremental and
Iterative
delivery?
+
Incremental delivers new features, while iterative improves existing ones.
What is the difference between MVP and Prototype?
+
MVP is usable and delivers value, while prototype is for experimentation.
What is the difference between Agile and Lean
thinking?
+
Agile focuses on adaptability, while Lean focuses on efficiency.
What is the difference between Bug and Story in
backlog?
+
Bug fixes defects, while story delivers new functionality.
What is the difference between Jira and Confluence?
+
Jira is for tracking work, while Confluence is for documentation.
What is the difference between DoD and DoR?
+
DoD defines completion, while DoR defines readiness.
How do you ensure effective communication in
cross-functional teams?
+
By using daily stand-ups, sprint reviews, shared documentation, and
collaboration
tools.
How do you improve team collaboration?
+
By fostering open communication, clear goals, and regular retrospectives.
How do you ensure team accountability?
+
Through transparent commitments, daily tracking, and a clear Definition of
Done.
How do you ensure timely delivery?
+
By setting clear sprint goals, estimating properly, and removing blockers
early.
How do you handle blocked tasks?
+
By identifying blockers early and escalating or resolving them
collaboratively.
How do you handle changing priorities mid-sprint?
+
By minimizing changes and negotiating scope adjustments with the Product
Owner.
How do you manage scope creep during a sprint?
+
By freezing the sprint backlog and deferring new requests to future sprints.
How do you handle unplanned work during a sprint?
+
By evaluating urgency and negotiating trade-offs with the Product Owner.
How do you handle incomplete stories at sprint end?
+
By returning them to the backlog for re-estimation and reprioritization.
How do you handle urgent production issues during a
sprint?
+
By addressing critical issues immediately and documenting sprint impact.
How do you manage dependencies across teams?
+
By identifying dependencies early and coordinating during planning and
stand-ups.
How do you track sprint progress?
+
By using burndown charts, task boards, and daily stand-ups.
How do you communicate delivery status to
stakeholders?
+
Through sprint reviews, dashboards, and release notes.
How do you measure team performance?
+
Using velocity, quality metrics, predictability, and stakeholder feedback.
How do you measure productivity in Agile teams?
+
By tracking velocity, cycle time, and delivery consistency.
How do you measure successful delivery?
+
By meeting sprint goals, Definition of Done, and delivering business value.
How do you manage conflicts in cross-functional teams?
+
By encouraging open discussion and aligning on shared goals.
How do you handle skill gaps in cross-functional
teams?
+
By enabling mentoring, pair programming, and cross-training.
How do you handle technical debt in the backlog?
+
By tracking and prioritizing technical debt alongside feature work.
How do you balance speed and quality in delivery?
+
By maintaining testing standards and avoiding overcommitment.
12 principles of agile?
+
Principles include customer satisfaction welcoming change frequent delivery
collaboration motivated individuals working software as measure of progress
sustainable development technical excellence simplicity self-organizing
teams
reflection and continuous improvement.
Acceptance criteria?
+
Acceptance criteria define the conditions a user story must meet to be
considered
complete.
Acceptance testing?
+
Acceptance testing verifies that software meets business requirements and
user
expectations.
Adaptive planning?
+
Adaptive planning adjusts plans based on changing requirements and feedback.
Advantages & disadvantages of agile
+
Agile enables faster delivery, better customer collaboration, flexibility to
change,
and improved product quality. However, it may lack predictability, require
experienced teams, and may struggle with large distributed teams or
fixed-budget
environments.
Agile adoption challenges?
+
Challenges include resistance to change lack of management support poor
collaboration and unclear roles.
Agile backlog refinement best practices?
+
Review backlog regularly prioritize items clarify requirements and break
down large
stories.
Agile backlog refinement frequency?
+
Typically done once per sprint to keep backlog up-to-date and prioritized.
Agile ceremonies?
+
Agile ceremonies include sprint planning daily stand-up sprint review and
sprint
retrospective.
Agile change management?
+
Agile change management handles requirement and process changes iteratively
and
collaboratively.
Agile coach?
+
An Agile coach helps teams and organizations adopt and improve Agile
practices.
Agile continuous delivery?
+
Continuous delivery ensures software can be reliably released to production
at any
time.
Agile continuous feedback?
+
Continuous feedback ensures product and process improvements throughout
development.
Agile continuous improvement?
+
Continuous improvement involves inspecting and adapting processes tools and
practices regularly.
Agile cross-functional team benefit?
+
Cross-functional teams reduce handoffs improve collaboration and deliver
faster.
Agile customer collaboration?
+
Customer collaboration involves stakeholders throughout the development
process for
feedback and alignment.
Agile customer value?
+
Customer value refers to delivering features and functionality that meet
user needs
and expectations.
Agile documentation?
+
Agile documentation is concise just enough to support development and
collaboration.
Agile epic decomposition?
+
Breaking epics into smaller actionable user stories for implementation.
Agile estimation techniques?
+
Techniques include story points planning poker T-shirt sizing and affinity
estimation.
Agile estimation?
+
Agile estimation is the process of predicting the effort or complexity of
user
stories or tasks.
Agile frameworks?
+
They are structured methods like Scrum, Kanban, SAFe, and XP that implement
Agile
principles in development.
Agile impediment?
+
Impediment is anything blocking the team from achieving its sprint goal.
Agile kanban vs scrum?
+
Scrum uses sprints and roles; Kanban is continuous and focuses on
visualizing
workflow and limiting WIP.
Agile key success factors?
+
Key factors include collaboration clear vision empowered teams adaptive
planning and
iterative delivery.
Agile manifesto?
+
Agile manifesto is a set of values and principles guiding Agile development.
Agile maturity model?
+
Agile maturity model assesses how effectively an organization applies Agile
practices.
Agile methodology?
+
Agile is an iterative software development approach focusing on flexibility,
customer collaboration, and incremental delivery through continuous
feedback.
Agile metrics?
+
Agile metrics track team performance progress quality and predictability.
Agile mindset?
+
Agile mindset values collaboration flexibility continuous improvement and
delivering
customer value.
Agile mvp vs prototype?
+
MVP delivers minimal usable product; prototype is a preliminary model for
validation
and experimentation.
Agile pair programming?
+
Pair programming involves two developers working together at one workstation
to
improve code quality.
Agile portfolio management?
+
Portfolio management applies Agile principles to manage multiple projects
and
initiatives.
Agile process?
+
Agile process involves planning, developing in small increments, testing,
review,
and adapting based on feedback.
Agile product vision?
+
Product vision defines the long-term goal and direction of the product.
Agile project management?
+
Agile project management applies Agile principles to plan execute and
deliver
projects iteratively.
Agile quality assurance?
+
QA integrates testing early and continuously in the Agile development cycle.
Agile release planning horizon?
+
Defines a planning period for delivering features or increments usually
several
sprints.
Agile release planning?
+
Agile release planning defines a roadmap and schedule for delivering product
increments over multiple sprints.
Agile release train?
+
Release train coordinates multiple teams to deliver value in a predictable
schedule.
Agile retrospection action items?
+
Action items are improvements identified during retrospectives to implement
in
future sprints.
Agile retrospectives?
+
Retrospectives are meetings to reflect on the process discuss improvements
and take
action.
Agile risk management?
+
Agile risk management identifies assesses and mitigates risks iteratively
during
development.
Agile risk mitigation?
+
Risk mitigation involves identifying monitoring and addressing risks
iteratively.
Agile roles and responsibilities?
+
Roles include Product Owner Scrum Master Development Team and Stakeholders.
Agile scaling challenges?
+
Challenges include coordination between teams consistent processes and
maintaining
Agile culture.
Agile servant leadership role?
+
Servant leader supports team autonomy removes impediments and fosters
continuous
improvement.
Agile sprint goal?
+
Sprint goal is a clear objective that guides the team's work during a
sprint.
Agile stakeholder engagement?
+
Engaging stakeholders throughout development for feedback validation and
alignment.
Agile team collaboration?
+
Team collaboration emphasizes communication transparency and shared
responsibility.
Agile testing
+
Agile testing is a continuous testing approach aligned with Agile
development. It
focuses on early defect detection, customer feedback, and testing alongside
development rather than after coding completes.
Agile testing?
+
Agile testing involves continuous testing throughout the development
lifecycle.
Agile timeboxing benefit?
+
Timeboxing improves focus predictability and encourages timely delivery.
Agile?
+
Agile is a methodology for software development that emphasizes iterative
development collaboration and flexibility to change.
Application binary interface
+
ABI defines how software components interact at the binary level. It
standardizes
function calls, data types, and machine interfaces.
Backlog grooming or refinement?
+
The process of reviewing, prioritizing, and estimating backlog items to
ensure
readiness for future sprints.
Backlog grooming/refinement?
+
Backlog grooming is the process of reviewing and prioritizing the product
backlog.
Backlog prioritization?
+
Backlog prioritization determines the order of user stories based on value
risk and
dependencies.
Backlog refinement?
+
Ongoing process of reviewing, clarifying, and estimating backlog items to
prepare
them for future sprints.
Behavior-driven development (bdd)?
+
BDD involves writing tests in natural language to align development with
business
behavior.
Best time to use agile
+
Agile is ideal when requirements are evolving, the project needs frequent
updates,
and user feedback is essential. It suits dynamic environments and
product-based
development.
Build breaker mean?
+
A build breaker is an issue introduced into the codebase that causes the CI
pipeline
or build process to fail. It prevents deployment and needs immediate fixing
before
new features continue.
Burn-down chart?
+
A burn-down chart shows remaining work in a sprint or project over time.
Burn-up & burn-down charts
+
Burn-down charts show remaining work; burn-up charts track completed
progress. Both
help monitor sprint or project progress.
Burn-up chart?
+
A burn-up chart shows work completed versus total work in a project or
release.
Can cross-functional teams work with external
dependencies?
+
Yes, but dependencies should be managed with clear communication, planning,
and
incremental delivery.
Challenges in agile development
+
Unclear requirements, integration issues, team dependencies, cultural
resistance,
and estimation challenges are common.
Common agile metrics
+
Velocity, cycle time, burndown rate, lead time, defect density, and customer
satisfaction are common metrics.
Common agile metrics?
+
Common metrics include velocity burn-down/burn-up charts cycle time lead
time and
cumulative flow.
Confluence page template?
+
Predefined layouts to standardize documentation like architecture diagrams,
meeting
notes, or requirements.
Confluence?
+
Confluence is a collaboration wiki platform for documenting requirements,
architecture, and project knowledge.
Continuous delivery (cd)?
+
CD is the practice of automatically deploying code to production or staging
after
CI.
Continuous integration (ci)?
+
CI is the practice of frequently merging code changes to detect errors
early.
Cross-functional team?
+
A cross-functional team has members with all skills needed to deliver a
product
increment.
Cross-functional team?
+
A team where members have different skills to complete a project from end to
end,
including development, testing, and design.
Cross-functional teams handle knowledge sharing?
+
Through pair programming, documentation, workshops, demos, and
retrospectives.
Cross-functional teams important in agile?
+
They reduce handoffs, improve collaboration, accelerate delivery, and
promote shared
responsibility.
Cross-functional teams improve quality?
+
Integrated expertise reduces errors, promotes early testing, and ensures
design and
code quality throughout the sprint.
Cumulative flow diagram?
+
Visualizes work in different states over time, helping identify bottlenecks
in
workflow.
Cycle time?
+
Time taken from when work starts on a task until it is completed. Helps
measure
efficiency.
Daily stand-up meeting
+
A short 10–15 minute meeting where team members discuss what they completed,
what
they will do next, and any blockers. It improves transparency and
collaboration.
Daily stand-up?
+
Daily stand-up is a short meeting where team members share progress plans
and
blockers.
Definition of done (dod)?
+
DoD is a shared agreement of what constitutes a completed user story or
task.
Definition of done (dod)?
+
Criteria that a backlog item must meet to be considered complete, including
code
quality, testing, and documentation.
Definition of ready (dor)?
+
DoR defines conditions a user story must meet to be eligible for a sprint.
Definition of ready (dor)?
+
Criteria that a backlog item must meet before being pulled into a sprint.
Ensures
clarity and reduces blockers.
Diffbet a bug and a story in the backlog?
+
A bug represents a defect or error; a story is a new feature or enhancement.
Both
are tracked but may differ in priority.
Diffbet agile and devops?
+
Agile focuses on development process; DevOps focuses on development
deployment and
operations collaboration.
Diffbet agile and lean?
+
Agile focuses on iterative development; Lean focuses on waste reduction and
process
optimization.
Diffbet agile and waterfall?
+
Agile is iterative and flexible; Waterfall is sequential and rigid.
Diffbet burnup and burndown charts?
+
Burndown shows remaining work over time; burnup shows work completed and
total scope
over time.
Diffbet cross-functional and functional teams?
+
Cross-functional teams have multiple skill sets in one team; functional
teams are
organized by specialized roles.
Diffbet epic, feature, and user story?
+
Epic is a large goal, Feature is a smaller functionality, User Story is a
detailed,
implementable piece of work.
Diffbet jira and confluence?
+
Jira is for task and project tracking; Confluence is for documentation and
knowledge
management. Both integrate for traceability.
Diffbet product backlog and sprint backlog?
+
Product backlog is the full list of features, bugs, and enhancements. Sprint
backlog
is a subset selected for the sprint.
Diffbet scrum and kanban?
+
Scrum uses fixed sprints and roles; Kanban is continuous and focuses on
workflow
visualization.
Diffbet story points and hours?
+
Story points measure relative effort; hours estimate actual time to complete
a task.
Diffbet waterfall and agile.
+
Waterfall is linear and sequential, while Agile is iterative and flexible.
Agile
adapts to change, whereas Waterfall requires full requirements upfront.
Difference agile vs scrum
+
Agile is a broader methodology mindset, while Scrum is a specific framework
under
Agile. Scrum uses roles, ceremonies, and sprints; Agile provides principles
and
values.
Epic in agile?
+
An Epic is a large user story that can be broken into smaller stories.
Epic, user stories & tasks
+
An epic is a large feature broken into user stories. A user story describes
a
requirement from the user's perspective, and tasks break stories into
development
activities.
Exploratory testing in agile?
+
Exploratory testing is an informal testing approach where testers learn and
test
simultaneously.
Four values of agile manifesto?
+
Values: individuals & interactions > processes & tools working software >
documentation customer collaboration > contract negotiation responding to
change >
following a plan.
Impediment
+
A problem or blocker preventing a team from progressing. Scrum Master helps
resolve
it.
Importance of sprint retrospective?
+
To reflect on the sprint, identify improvements, and strengthen team
collaboration
and processes.
Importance of sprint review?
+
To demonstrate completed work, gather feedback, and validate alignment with
business
goals.
Important parts of agile process.
+
Backlog refinement, sprint cycles, continuous testing, customer involvement,
retrospectives, and deployment.
Increment
+
An increment is the sum of completed product work at the end of a sprint,
delivering
potentially shippable functionality.
Incremental delivery?
+
Delivering working software in small, usable increments rather than waiting
for a
full release.
Incremental vs iterative delivery?
+
Incremental delivers small usable pieces, iterative improves them over
cycles based
on feedback.
Is velocity used in sprint planning?
+
Velocity is the average amount of work completed in previous sprints. It
helps
estimate how much the team can commit to in the current sprint.
Iteration in agile?
+
Iteration is a time-boxed cycle of development also known as a sprint.
Iterative & incremental development
+
Iterative development improves the system through repeated cycles, while
incremental
development delivers the system in small functional parts. Agile combines
both to
deliver working software early and refine it based on feedback.
Jira issue types?
+
Common types: Epic, Story, Task, Bug, Sub-task. Each represents a different
level of
work.
Jira workflow?
+
A sequence of statuses and transitions representing the lifecycle of an
issue.
Supports automation and approvals.
Jira?
+
Jira is a project management tool used for issue tracking, Agile boards,
sprints,
and backlog management.
Kanban
+
Kanban focuses on visual workflow management using a board and continuous
delivery.
Work-in-progress limits help efficiency.
Kanban board?
+
Kanban board visualizes work items workflow stages and progress.
Kanban wip limit?
+
WIP limit restricts the number of work items in progress to improve flow and
reduce
bottlenecks.
Key outputs of sprint planning?
+
Sprint backlog, sprint goal, task estimates, and commitment of the team to
complete
selected items.
Key principles of agile?
+
Key principles include customer collaboration responding to change working
software
and individuals and interactions over processes.
Lead time?
+
Time from backlog item creation to delivery. Useful for overall process
efficiency.
Less?
+
LeSS (Large-Scale Scrum) extends Scrum principles to multiple teams working
on the
same product.
Long should sprint planning take?
+
Typically 2–4 hours for a 2-week sprint. Longer sprints may require more
time
proportionally.
Main roles in scrum
+
Scrum has three key roles: Product Owner, who manages backlog and
priorities; Scrum
Master, who ensures process compliance and removes blockers; and the
Development
Team, responsible for delivering increments every sprint.
Major agile components.
+
User stories, sprint planning, backlog, iterations, stand-up meetings,
sprint
reviews, and retrospectives.
Minimum viable product (mvp)?
+
MVP is the simplest version of a product that delivers value and can gather
feedback.
Moscow prioritization?
+
MoSCoW prioritization categorizes backlog items as Must have Should have
Could have
and Won't have.
Nexus?
+
Nexus is a framework to scale Scrum across multiple teams with integrated
work.
Obstacles to agile
+
Challenges include resistance to change, unclear requirements, lack of
training,
poor communication, distributed teams, and legacy constraints.
Often should backlog be refined?
+
Ongoing, but typically once per sprint, about 5–10% of the sprint time is
used for
grooming.
Other agile frameworks
+
Kanban, XP (Extreme Programming), SAFe, Crystal, and Lean are major
frameworks
besides Scrum.
Pair programming
+
Two developers work together on one workstation. It improves code quality,
knowledge
sharing, and reduces errors., QA collaborates from the start, writes
acceptance
criteria, tests continuously, and ensures quality through automation and
feedback.
Participates in sprint planning?
+
The Scrum Master, Product Owner, and Development Team participate. PO
clarifies
backlog items, Dev Team estimates effort, and Scrum Master facilitates.
Planning poker
+
A collaborative estimation technique where teams assign story points using
cards.
Helps achieve shared understanding and consensus.
Planning poker?
+
Planning Poker is a consensus-based estimation technique using cards with
story
points.
Popular agile tools
+
Common Agile tools include Jira, Trello, Azure DevOps, Asana, Rally,
Monday.com, and
VersionOne. They help manage backlogs, tasks, sprints, and reporting.
Principles of agile testing
+
Principles include customer-focused testing, continuous feedback, early
testing,
frequent delivery, collaboration, and embracing change. Testing is seen as a
shared
responsibility, not a separate stage.
Product backlog?
+
The product backlog is a prioritized list of features enhancements and fixes
for the
product.
Product backlog?
+
An ordered list of features, bugs, and technical work maintained by the
Product
Owner. It evolves continuously as requirements change.
Product increment?
+
Product increment is the sum of all completed work in a sprint that meets
the
definition of done.
Product owner?
+
Product Owner represents stakeholders manages the backlog and ensures value
delivery.
Product roadmap
+
A strategic plan outlining vision, milestones, timelines, and prioritized
features
for product development.
Purpose of sprint planning
+
Sprint planning determines sprint goals, selects backlog items, and defines
how the
work will be completed.
Qualities of a scrum master
+
A Scrum Master should have communication and facilitation skills,
problem-solving
ability, servant leadership mindset, patience, and knowledge of Agile
principles to
guide the team effectively.
Qualities of an agile tester
+
An Agile tester should be collaborative, adaptable, and proactive. They must
understand business requirements, communicate well, and focus on continuous
improvement and quick feedback cycles.
Refactoring
+
Refactoring improves existing code without changing its external behavior.
It
enhances readability, performance, and maintainability while reducing
technical
debt.
Release candidate
+
A nearly completed product version ready for final testing and approval
before
release.
Responsible for backlog management?
+
The Product Owner is primarily responsible, with input from stakeholders and
the
development team.
Retrospectives improve delivery?
+
They help identify process improvements, bottlenecks, and team collaboration
issues
to improve future sprints.
Role of scrum master in sprint planning?
+
Facilitates discussion, ensures clarity, prevents scope creep, and promotes
team
collaboration.
Role of the scrum master in cross-functional teams?
+
Facilitates collaboration, removes impediments, and promotes
self-organization among
team members.
Safe?
+
SAFe (Scaled Agile Framework) is a framework to scale Agile practices across
large
enterprises.
Scaling agile?
+
Scaling Agile applies Agile practices across multiple teams or large
projects.
scrum & kanban used?
+
Scrum is used where work is iterative with evolving requirements, such as
software
development and product improvement. Kanban is used in support, maintenance,
DevOps,
and continuous delivery environments where work is flow-based rather than
sprint-based.
Scrum cycle length
+
A scrum cycle, or sprint, usually lasts 1–4 weeks. The duration remains
consistent
throughout the project.
Scrum master?
+
Scrum Master facilitates Scrum processes removes impediments and supports
the team.
Scrum of scrums
+
A technique used when multiple scrum teams work together. Representatives
meet to
coordinate dependencies and align progress.
Scrum?
+
Scrum is an Agile framework that uses roles events and artifacts to manage
complex
projects.
Servant leadership?
+
Servant leadership focuses on supporting and enabling the team rather than
directing
it.
Spike & zero sprint
+
A spike is research activity to resolve uncertainty or technical issues.
Zero sprint
(Sprint 0) involves initial setup activities like architecture, environment,
and
backlog preparation before development.
Spike?
+
A spike is a time-boxed research activity to explore a solution or reduce
uncertainty.
Spotify model?
+
Spotify model organizes Agile teams as squads tribes chapters and guilds to
foster
autonomy and alignment.
Sprint backlog vs product backlog
+
The product backlog contains all requirements prioritized by the product
owner,
while the sprint backlog contains the selected items for the current sprint.
Sprint
backlog is short-term; product backlog is long-term.
Sprint backlog?
+
The sprint backlog is a subset of the product backlog selected for
implementation in
a sprint.
Sprint delivery?
+
Sprint delivery is the completion and demonstration of committed backlog
items to
stakeholders at the end of a sprint.
Sprint goal?
+
A short description of what the sprint aims to achieve. It guides the team
and
aligns stakeholders.
Sprint planning, review & retrospective
+
Sprint planning defines sprint goals and backlog. Sprint review demonstrates
work to
stakeholders. Retrospective reflects on improvements.
Sprint planning?
+
Sprint planning is a meeting where the team decides what work will be done
in the
upcoming sprint.
Sprint planning?
+
Sprint Planning is a Scrum ceremony where the team decides which backlog
items to
work on in the upcoming sprint. It defines the sprint goal and estimated
tasks.
Sprint retrospective?
+
Sprint retrospective is a meeting to reflect on the sprint and identify
improvements.
Sprint review?
+
Sprint review is a meeting to demonstrate completed work to stakeholders and
gather
feedback.
Sprint?
+
A sprint is a time-boxed iteration usually 1-4 weeks where a set of work is
completed.
Story points
+
A unit for estimating effort or complexity in Scrum, not tied to time. Helps
predict
workload and sprint capacity.
Story points?
+
Story points are relative measures of effort complexity or risk for user
stories.
Team velocity tracking?
+
Tracking velocity helps predict how much work a team can complete in future
sprints.
Technical debt?
+
Technical debt is the cost of shortcuts or suboptimal solutions that need
refactoring later.
Test-driven development (tdd)
+
TDD involves writing tests before writing code. It ensures better design,
reduces
bugs, and supports regression testing.
Test-driven development (tdd)?
+
TDD is a practice where tests are written before the code to ensure
functionality
meets requirements.
Theme in agile?
+
A theme is a collection of related user stories or epics around a common
objective.
Time-boxing?
+
Time-boxing is allocating a fixed duration to activities to improve focus
and
productivity.
To balance stakeholder requests in backlog?
+
Evaluate based on business value, urgency, dependencies, and capacity.
Communicate
trade-offs transparently.
To control permissions in confluence?
+
Set space-level or page-level permissions for viewing, editing, or
commenting based
on user roles or groups.
To create a kanban board in jira?
+
Create a board from project → select Kanban → configure columns → add issues
for
workflow tracking.
To handle unplanned work during a sprint?
+
Minimize interruptions. If unavoidable, negotiate scope adjustments with PO
and
team. Track and learn for future planning.
To link jira issues in confluence?
+
Use Jira macro to embed issues, sprints, or reports directly into Confluence
pages.
To track progress in jira?
+
Use dashboards, reports, burndown charts, and cumulative flow diagrams.
Tracer bullet
+
A technique delivering a thin working slice of the system early to validate
architecture and direction.
Types of agile methodology.
+
Scrum, Kanban, XP (Extreme Programming), Lean, SAFe, and Crystal are popular
Agile
variants.
Types of burn-down charts
+
Types include sprint burndown, release burndown, and product burndown
charts. Each
offers different timelines and scope levels.
Use agile
+
Avoid Agile in fixed-scope, fixed-budget projects, strict compliance
domains, or
when customer feedback is unavailable.
Use waterfall instead of scrum
+
Use Waterfall when requirements are fixed, documentation-heavy, regulated,
and no
major changes are expected. It fits infrastructure or hardware projects
better.
User story?
+
A user story is a short simple description of a feature from the perspective
of an
end user.
Velocity in agile
+
Velocity measures the amount of work a team completes in a sprint, typically
in
story points. It helps estimate future sprint capacity and planning.
Velocity in agile?
+
Velocity measures the amount of work a team completes in a sprint.
Velocity?
+
Velocity measures the amount of work a team completes in a sprint, often in
story
points. Helps with forecasting.
You balance speed and quality in delivery?
+
Prioritize well-defined backlog items, maintain testing standards, and avoid
overcommitment.
You communicate delivery status to stakeholders?
+
Use sprint reviews, dashboards, Jira reports, and release notes for
transparency.
You ensure effective communication in cross-functional
teams?
+
Daily stand-ups, retrospectives, sprint reviews, shared documentation, and
collaboration tools help maintain transparency.
You ensure quality in delivery?
+
Unit tests, code reviews, automated testing, CI/CD pipelines, and adherence
to
Definition of Done.
You ensure team accountability?
+
Transparent commitments, daily stand-ups, peer reviews, and clear Definition
of
Done.
You ensure timely delivery?
+
Clear sprint goals, proper estimation, daily tracking, and removing blockers
proactively help ensure on-time delivery.
You estimate tasks in sprint planning?
+
Using story points, ideal hours, or T-shirt sizing. Estimation considers
complexity,
effort, and risk.
You handle blocked tasks?
+
Identify blockers early, escalate if needed, and collaborate to remove
impediments
quickly.
You handle changing priorities mid-sprint?
+
Limit mid-sprint changes; negotiate with PO, document impact, and adjust
future
sprint planning.
You handle conflicts in cross-functional teams?
+
Encourage open communication, identify root causes, facilitate discussions,
and
align on shared goals.
You handle incomplete stories at sprint end?
+
Move them back to backlog, review root cause, and include in future sprints
after
re-estimation.
You handle skill gaps in cross-functional teams?
+
Encourage knowledge sharing, mentoring, pair programming, and cross-training
to
build team capability.
You handle technical debt in backlog?
+
Track and prioritize technical debt items along with functional stories to
ensure
system maintainability.
You handle urgent production issues during a sprint?
+
Address them immediately if critical, or plan within sprint buffer. Document
impact
on sprint goals.
You improve team collaboration?
+
Facilitate open communication, collaborative tools, clear goals, and regular
retrospectives.
You manage dependencies across teams?
+
Identify dependencies early, communicate timelines, and coordinate during
planning
and stand-ups.
You manage scope creep during a sprint?
+
Freeze the sprint backlog, handle new requests in the next sprint, and
communicate
priorities clearly.
You measure productivity in cross-functional teams?
+
Use velocity, cycle time, burndown charts, quality metrics, and stakeholder
feedback.
You measure successful delivery?
+
Completion of sprint backlog, meeting Definition of Done, stakeholder
satisfaction,
and business value delivered.
You measure team performance?
+
Velocity, quality metrics, stakeholder satisfaction, sprint predictability,
and
adherence to Definition of Done.
You prioritize backlog items?
+
Using MoSCoW (Must, Should, Could, Won’t), business value, risk,
dependencies, and
ROI.
You track multiple sprints simultaneously?
+
Use program boards, Jira portfolios, or scaled Agile tools like SAFe to
visualize
cross-team progress.
You track sprint progress?
+
Use burndown charts, task boards, and daily stand-ups to monitor completed
versus
remaining work.
JKM Angular
:host property in CSS
+
:host targets the component’s root element from within its CSS., Allows
styling the
host without affecting other components.
Activated route?
+
ActivatedRoute provides info about the current route., Access route params,
query
params, fragments, and data., Injected into components via constructor.
Active router links?
+
Active links are highlighted when the route matches the current URL., Use
routerLinkActive directive:, Home, This helps in UI feedback for navigation.
Add web workers in your application?
+
Use Angular CLI: ng generate web-worker ., Update angular.json and enable
TypeScript
worker configuration., Offloads heavy computation to background threads for
performance.
Advantages and disadvantages of Angular
+
Advantages: Component-based, TypeScript, SPA support, tooling.,
Disadvantages: Steep
learning curve, larger bundle size, complex for small apps.
Advantages of Angular over other frameworks
+
Two-way data binding reduces boilerplate code., Dependency injection
improves
modularity., Rich ecosystem, TypeScript support, and reusable components.
Advantages of Angular over other frameworks
+
Strong TypeScript support., Declarative templates with data binding., Rich
ecosystem
and official libraries (Material, Forms, RxJS)., Modular, testable, and
maintainable
code.
Advantages of Angular over React
+
Angular is a full-fledged framework, React is a library., Built-in support
for
forms, routing, and HTTP., Strong TypeScript integration for better type
safety.
Advantages of Angular?
+
Two-way data binding, modularity, dependency injection, TypeScript support,
and
powerful CLI.
Advantages of AOT
+
Faster app startup., Smaller bundle size., Detects template errors at build
time.,
Better security by compiling templates ahead of time.
Advantages of Bazel tool
+
Faster builds with caching, Parallel execution, Language-agnostic support,
Scales
well for monorepos
Angular Animation?
+
Angular Animation allows creating smooth UI animations in components., Built
on Web
Animations API with @angular/animations., Supports transitions, keyframes,
triggers,
and states for dynamic effects.
Angular application work?
+
Angular apps run in the browser., Templates define UI, components handle
logic, and
services manage data., Data binding updates the view dynamically when the
model
changes.
Angular Architecture Diagram
+
Angular architecture includes:, Modules (NgModule), Components (UI + logic),
Templates (HTML), Directives (behavior), Services (business logic),
Dependency
Injection and Routing
Angular Authentication and Authorization
+
Authentication: Verify user identity (login, JWT)., Authorization: Control
access to
resources/routes based on roles., Implemented using guards, tokens, and
HttpInterceptors.
Angular CLI Builder?
+
Angular CLI Builder is a customizable build pipeline tool., It allows
modifying
build, serve, and test processes., Used to extend or replace default Angular
CLI
behavior.
Angular CLI?
+
Angular CLI is a command-line tool to scaffold, build, and maintain Angular
applications.
Angular CLI?
+
Angular CLI is a command-line tool for Angular projects., Used to generate
components, modules, services, and run builds., Simplifies scaffolding and
deployment tasks.
Angular compiler?
+
Transforms Angular TypeScript and templates into JavaScript., Includes AOT
and JIT
compilers., Generates code for change detection and view rendering.
Angular DSL?
+
DSL (Domain-Specific Language) in Angular refers to template syntax., It
allows
declarative UI using HTML with Angular directives., Includes *ngIf, *ngFor,
interpolation, and bindings.
Angular Elements
+
Angular Components packaged as custom HTML elements., Can be used outside
Angular
apps., Supports inputs, outputs, and encapsulation.
Angular expressions vs JavaScript expressions
+
Angular expressions are evaluated in the scope context and are safe., No
loops,
conditionals, or global access., JS expressions can access any variable or
perform
complex operations.
Angular finds components, directives, and pipes
+
Compiler scans NgModule declarations., Generates factories and resolves
templates
and dependencies.
Angular Framework?
+
Angular is a TypeScript-based front-end framework for building dynamic
single-page
applications (SPAs)., It provides features like components, data binding,
dependency
injection, and routing., Maintains a modular architecture and encourages
reusable
code., It supports both client-side rendering and progressive web apps.
Angular introduced as a client-side framework?
+
To create dynamic SPAs with fast user interactions., Reduces server load by
rendering templates on the client., Provides data binding, modularity, and
reusable
components.
Angular Ivy?
+
Ivy is the new rendering engine in Angular., It improves build size, speed,
and
runtime performance., Supports AOT compilation, better debugging, and
improved type
checking.
Angular Language Service?
+
Provides editor support like autocomplete, type checking, and error
detection for
Angular templates., Helps developers write Angular code faster and with
fewer
mistakes.
Angular library
+
Reusable module/package with components, directives, services., Can be
published and
shared via npm.
Angular Material mean?
+
Angular Material is a UI component library implementing Google’s Material
Design.,
Provides pre-built components like buttons, tables, forms, and dialogs.,
Enhances UI
consistency and responsiveness.
Angular Material?
+
A UI component library for Angular apps., Provides pre-built, responsive,
and
accessible components., Includes buttons, forms, tables, navigation, and
themes.
Angular Material?
+
Official UI component library for Angular., Provides modern, accessible, and
responsive UI components.
Angular render on server-side?
+
Yes, using Angular Universal., Enables SSR for SEO and faster initial load.
Angular Router?
+
Angular Router allows navigation between views/components., It maps URLs to
components., Supports nested routes, lazy loading, and route guards.,
Enables
single-page application (SPA) behavior.
Angular security model for preventing XSS attacks
+
Angular automatically escapes interpolated content., Sanitizes URLs, HTML,
and
styles in templates., Prevents injection attacks on the DOM.
Angular Signals with an example
+
import { signal } from '@angular/core';, const count = signal(0);,
count.set(5); //
Updates reactive value, count.subscribe(val => console.log(val));, When
count
changes, subscribed components update automatically.
Angular Signals?
+
Signals are reactive primitives to track state changes., They allow
automatic UI
updates when values change.
Angular simplifies Internationalization (i18n)
+
Provides built-in i18n support, translation files, and pipes., Supports
pluralization, locale formatting, and dynamic translations., CLI helps
extract and
compile translations.
Angular Universal?
+
Angular Universal enables server-side rendering for SEO and faster load
times.
Angular Universal?
+
Angular Universal enables server-side rendering (SSR) of Angular apps.,
Improves SEO
and performance., Pre-renders HTML on the server before sending to client.
Angular uses client-side rendering by default
+
True. Angular renders templates in the browser using JavaScript.,
Server-side
rendering (Angular Universal) is optional.
Angular?
+
Angular is a platform and framework for building single-page client
applications
using HTML and TypeScript.
Angular?
+
Angular is a TypeScript-based front-end framework., Used to build
single-page
applications (SPAs)., Supports components, modules, services, and reactive
programming.
Annotations in Angular
+
Older term for decorators in AngularJS., Used to attach metadata to classes
or
functions., Helps framework know how to process the component.
AOT Compilation and advantages
+
Compiles templates during build time., Catches template errors early,
reduces bundle
size, improves performance.
AOT compilation? Advantages?
+
AOT (Ahead-of-Time) compiles Angular templates during build time.,
Advantages:
Faster rendering, smaller bundle size, early error detection, and better
security.
AOT compiler
+
Ahead-of-Time compiler compiles templates during build, not runtime.,
Reduces bundle
size, improves performance, and catches template errors early.
AOT?
+
AOT compiles Angular templates during build., Generates optimized JavaScript
before
the app loads., Improves performance and reduces runtime errors.
Applications of HTTP interceptors
+
Add authentication tokens, logging, error handling, caching., Modify
request/response globally., Handle API versioning or header manipulation.
Are all components generated in production build?
+
Only components referenced or reachable from templates and routes are
included.,
Unused components are tree-shaken.
Are multiple interceptors supported in Angular?
+
Yes, interceptors are executed in the order provided., Each can pass control
to the
next using next.handle().
AsyncPipe in Angular?
+
AsyncPipe subscribes to Observables/Promises in templates and handles
unsubscription
automatically.
Bazel tool?
+
Bazel is a build and test tool developed by Google., It handles large-scale
projects
efficiently., Supports incremental builds and caching.
BehaviorSubject in Angular?
+
BehaviorSubject stores current value and emits it to new subscribers.
Benefit of Automatic Inlining of Fonts
+
Embeds fonts directly into CSS to reduce network requests., Improves page
load speed
and performance., Enhances First Contentful Paint (FCP) metrics.
Best practices for security in Angular
+
Use sanitization, HttpClient, and Angular templates safely., Avoid innerHTML
for
untrusted content., Enable Content Security Policy (CSP) and HTTPS.
Bootstrapped component?
+
Root component loaded by Angular to start the application., Declared in
bootstrap
array of AppModule.
Bootstrapping module?
+
The bootstrapping module initializes the Angular application., It is usually
the
root module (AppModule) loaded by main.ts., It sets up the root component
and starts
the application., It imports other modules required for app startup.
Bootstrapping module?
+
It is the root Angular module that launches the application., Defined with
@NgModule
and bootstrap array., Typically called AppModule.
Browser support for Angular
+
Supports latest Chrome, Firefox, Edge, Safari., IE11 support is deprecated
in recent
Angular versions., Modern Angular relies on evergreen browsers for features.
Browser support of Angular Elements
+
Supported in all modern browsers (Chrome, Firefox, Edge, Safari)., Polyfills
may be
needed for IE11.
Builder?
+
A Builder is a class or script that executes a specific task in Angular
CLI., It can
run builds, tests, linting, or deploy tasks., Provides flexibility to
customize CLI
workflows.
Building blocks of Angular?
+
Angular is built using several key components: Components (UI control),
Modules
(grouping functionality), Templates (HTML with Angular bindings), Services
(business
logic), and Dependency Injection. These work together to build scalable
single-page
applications.
Can you read full response?
+
Use { observe: 'response' } with HttpClient:, this.http.get('api/users', {
observe:
'response' }).subscribe(resp => console.log(resp.status, resp.body));, It
returns
headers, status, and body.
Case types in Angular?
+
Angular uses naming conventions:, camelCase for variables and functions,
PascalCase
for classes and components, kebab-case for selectors and filenames, This
ensures
consistency and readability.
Categorize data binding types?
+
One-way binding: Interpolation, property, event, Two-way binding:
[(ngModel)],
Enables dynamic updates between component and view.
Chain pipes?
+
Multiple pipes can be applied sequentially using |., Example: {{ name |
uppercase |
slice:0:5 }}, Output is passed from one pipe to the next.
Change Detection and how does it work?
+
Change Detection tracks updates in component data and updates the view.,
Angular
checks the component tree for changes automatically., It works via Zones and
triggers re-rendering when a model changes., Helps keep UI and data
synchronized.
Change detection in Angular?
+
Change detection tracks changes in application state and updates the DOM
accordingly.
Change settings of zone.js
+
Configure zone.js flags before import in polyfills:, (window as
any).__Zone_disable_X = true;, Controls patching of timers, events, or async
operations.
Choose an element from a component template?
+
Use ViewChild or ViewChildren decorators., Example: @ViewChild('myElement')
element:
ElementRef;, Access DOM elements directly in component class.
Class decorators in Angular?
+
Class decorators attach metadata to a class., Common ones: @Component,
@Directive,
@Injectable, @NgModule., They define how the class behaves in Angular’s DI
and
rendering system.
Class decorators?
+
Class decorators define metadata for classes., Example: @Injectable() marks
a class
for dependency injection.
Class field decorators?
+
Class field decorators annotate properties of a class., Examples: @Input(),
@Output(), @ViewChild()., They help Angular bind data, access DOM, or
communicate
between components.
Classes that should not be added to declarations
+
Services, Modules, Non-Angular classes, Declarations should include
components,
directives, and pipes only.
Client-side frameworks like Angular were introduced?
+
To create dynamic, responsive web apps without reloading pages., They handle
data
binding, DOM manipulation, and routing on the client side., Improves
performance and
user experience.
Code for creating a decorator.
+
A basic Angular decorator example:, function Log(target, key) {,
console.log(`Property ${key} was accessed`);, }, Decorators enhance or
modify class
behavior during runtime.
Codelyzer?
+
Codelyzer is a static analysis tool for Angular projects., It checks for
coding
style, best practices, and template errors., Used with TSLint for linting
Angular
apps.
Collection?
+
In Angular, a collection is a group of objects like arrays, sets, or maps.,
Used to
store and iterate over data in templates using ngFor.
Compare service() and factory() functions.
+
service() returns an instantiated singleton object and is created using a
constructor function. factory() allows returning a custom object, function,
or
primitive and provides more flexibility. Both are used for sharing reusable
logic
across components.
Compilation process?
+
Transforms Angular templates and metadata into efficient JavaScript.,
Ensures type
safety and detects template errors., Optimizes the app for performance.
Component Decorator?
+
@Component defines a class as an Angular component., Specifies metadata like
selector, template, and styles., Registers the component with Angular’s
module
system.
Component Test Harnesses?
+
A test API for Angular Material components., Allows interacting with
components in
tests without relying on DOM selectors., Provides a clean and maintainable
way to
write unit tests.
Components in Angular?
+
Components are building blocks of Angular applications that control a part
of the
UI.
Components, Modules, and Services in Angular
+
Component: UI + logic., Module: Groups components, directives, and
services.,
Service: Provides reusable business logic, injected via dependency
injection.
Components?
+
Components are building blocks of Angular apps., They contain template,
class
(logic), and metadata., Responsible for rendering views and handling user
interaction.
Concept of Dependency Injection (DI).
+
DI provides class dependencies automatically via Angular’s injector.,
Reduces manual
instantiation and promotes testability., Example: Injecting a service into a
component constructor.
Configure injectors with providers at different levels
+
Root injector: App-wide singleton (providedIn: 'root')., Module injector:
Module-specific., Component injector: Scoped to component and children.
Content projection?
+
Mechanism to pass content from parent to child component., Allows child
components
to display dynamic content from parent templates.
Create a standalone component manually
+
Set standalone: true in the component decorator:, @Component({, selector:
'app-my-component',, standalone: true,, templateUrl: './my-component.html',
}),
export class MyComponent {}
Create a standalone component using CLI
+
Run: ng generate component my-component --standalone., Generates a component
without
declaring it in a module.
Create an app shell in Angular?
+
Use Angular CLI command: ng add @angular/pwa to enable PWA features., Then
run ng
generate app-shell --client-project ., It generates server-side rendered
shell for
faster initial load., App shell improves performance and perceived loading
speed.
Create directives using CLI
+
Run:, ng generate directive myDirective, Generates directive file with
@Directive
decorator ready to use.
Create displayBlock components
+
Use display: block in component CSS or
Create schematics for libraries?
+
Use Angular CLI command: ng generate schematic , Define rules to create
components
or modules in the library., Automates repetitive tasks in library
development.
Custom elements
+
Custom elements are browser-native HTML elements defined by developers.,
They
encapsulate functionality and can be reused like standard tags.
Custom elements work internally
+
Angular wraps a component in custom element class., Manages inputs/outputs,
change
detection, and lifecycle hooks., Element behaves like a standard HTML tag.
Custom pipe?
+
Custom pipe is a user-defined pipe to transform data., Created using @Pipe
decorator
and implementing PipeTransform., Useful for app-specific formatting or
logic.
Data binding in Angular
+
Synchronizes data between component and template., Can be one-way or
two-way.,
Reduces manual DOM manipulation.
Data binding in Angular?
+
Data binding synchronizes data between the component class and template.
Data binding?
+
Data binding connects component class with template/view., Types include
one-way
(interpolation, property, event) and two-way binding., Enables dynamic UI
updates.
Data Binding? In how many ways can it be executed?
+
Data binding connects data between the component and the UI. Angular
supports four
main types: Interpolation ({{ }}), Property Binding ([ ]), Event Binding ((
)), and
Two-way Binding ([( )]) using ngModel.
Deal with errors in observables?
+
Use the catchError operator in RxJS., Handle errors inside subscribe via
error
callback., Example:, observable.pipe(catchError(err =>
of([]))).subscribe(...)
Declarable in Angular?
+
Declarable refers to classes that can be declared in an NgModule., Includes
Components, Directives, and Pipes., They define UI behavior or
transformations in
templates.
Decorator in Angular?
+
Decorator is a function that adds metadata to classes, e.g., @Component,
@Injectable.
Decorators in Angular
+
Decorators provide metadata to classes, methods, or properties., Types:
@Component,
@Injectable, @Directive, @Pipe., They enable Angular features like
dependency
injection and templates.
Define routes?
+
Routes are defined using a Routes array:, const routes: Routes = [, { path:
'home',
component: HomeComponent },, { path: 'about', component: AboutComponent },
];,
Configured via RouterModule.forRoot(routes).
Define the ng-content Directive
+
Allows content projection into a child component., Acts as a placeholder for
parent-provided HTML content.
Define typings for custom elements
+
Create a .d.ts file declaring:, interface HTMLElementTagNameMap {
'my-element':
MyComponentElement; }, Ensures TypeScript type checking.
Dependency Hierarchy formed?
+
Angular forms a tree hierarchy of injectors., Root injector provides global
services., Child components can have component-level injectors., Services
are
resolved from closest injector upwards.
Dependency Injection
+
DI is a design pattern to inject dependencies into components/services.,
Promotes
loose coupling and testability., Angular has a built-in DI system.
Dependency injection in Angular?
+
DI is a design pattern where a class receives its dependencies from an
external
source rather than creating them.
Dependency injection in Angular?
+
Dependency Injection (DI) provides services or objects to components
automatically.,
Avoids manual creation of service instances., Promotes modularity and
testability.
Dependency injection tree in Angular?
+
Hierarchy of injectors controlling service scope and lifetime.
Describe the MVVM architecture
+
Model-View-ViewModel separates data, UI, and logic., Angular components act
as
ViewModel, templates as View, services/models as Model.
Describe various dependencies in Angular application?
+
Dependencies are described using constructor injection in services or
components.,
Decorators like @Injectable() and @Inject() define provider rules.,
Angular’s DI
system manages the lifecycle and resolution of dependencies.
Design goals of Service Workers
+
Offline-first experience, Background sync and push notifications, Improved
performance and caching strategies, Enhancing reliability and responsiveness
Detect route change in Angular?
+
Subscribe to Router events:, this.router.events.subscribe(event => { /*
handle
NavigationEnd */ });, You can use ActivatedRoute to detect parameter
changes.,
Useful for executing logic on route transitions.
DI token?
+
DI token is a key used to inject a dependency in Angular’s DI system., Can
be a
type, string, or InjectionToken., Helps Angular locate and provide the
correct
service or value.
DifBet ActivatedRoute and Router?
+
ActivatedRoute provides info about current route; Router is used to navigate
programmatically.
DifBet Angular Elements and Angular Components?
+
Angular Elements are Angular components packaged as custom elements to use
in
non-Angular apps.
DifBet Angular Material and Bootstrap?
+
Angular Material provides Angular components with Material Design; Bootstrap
is CSS
framework.
DifBet Angular service and singleton service?
+
Service is reusable class; singleton ensures a single instance
application-wide
using providedIn: 'root'.
DifBet Angular Service Worker and Service Worker API?
+
Angular Service Worker integrates with Angular for PWA features; Service
Worker API
is native browser API.
DifBet AngularJS and Angular?
+
AngularJS is based on JavaScript (v1.x); Angular (v2+) is based on
TypeScript and
component-based architecture.
DifBet CanActivate and CanDeactivate guards?
+
CanActivate controls route access; CanDeactivate controls leaving a route.
DifBet catchError and retry operators in RxJS?
+
catchError handles errors; retry retries failed requests a specified number
of
times.
DifBet Content Projection and ViewChild?
+
Content Projection inserts external content into component; ViewChild
accesses
component's template elements.
DifBet debounceTime() and throttleTime()?
+
debounceTime waits until silence; throttleTime emits at most once in time
interval.
DifBet declarations and imports in NgModule?
+
Declarations define components, directives, pipes within module; imports
bring in
other modules.
DifBet eagerly loaded and lazy loaded modules?
+
Eager modules load at app startup; lazy modules load on demand.
DifBet FormControl, FormGroup, and FormArray?
+
FormControl represents a single input; FormGroup groups controls; FormArray
is a
dynamic array of controls.
DifBet forwardRef and Injector in Angular?
+
forwardRef allows referencing classes before declaration; Injector provides
DI
manually.
DifBet HttpClientModule and HttpModule?
+
HttpModule is deprecated; HttpClientModule is modern and supports typed
responses
and interceptors.
DifBet map() and switchMap()?
+
map transforms values; switchMap cancels previous inner observable and
switches to
new observable.
DifBet NgFor and NgForOf?
+
NgFor is the structural directive; NgForOf is the underlying implementation
for
iterables.
DifBet ngIf else and ngSwitch?
+
ngIf else conditionally renders templates; ngSwitch selects among multiple
templates.
DifBet ngOnChanges and ngDoCheck?
+
ngOnChanges is triggered by input property changes; ngDoCheck is called on
every
change detection cycle.
DifBet ng-template and ng-container?
+
ng-template defines reusable template; ng-container is a logical container
that
doesn't render in DOM.
DifBet NgZone and ChangeDetectorRef?
+
NgZone manages async operations and triggers change detection;
ChangeDetectorRef
manually triggers change detection.
DifBet OnPush and Default change detection strategy?
+
Default checks all components every cycle; OnPush checks only when input
reference
changes.
DifBet OnPush and Default change detection?
+
OnPush runs only when inputs change; Default runs on every change detection
cycle.
DifBet Promise and Observable in Angular?
+
Promise handles single async value; Observable handles multiple values over
time
with operators.
DifBet providedIn: 'root' and providedIn: 'any'?
+
'root' provides singleton service globally; 'any' provides separate
instances for
lazy-loaded modules.
DifBet providers and imports in NgModule?
+
Providers register services with DI; imports bring in other modules.
DifBet pure and impure pipes?
+
Pure pipes are executed only when input changes; impure pipes run on every
change
detection cycle.
DifBet PurePipe and ImpurePipe?
+
PurePipe executes only when input changes; ImpurePipe executes every change
detection.
DifBet Renderer and Renderer2?
+
Renderer2 is the updated, safer API for DOM manipulation in Angular 4+.
DifBet Renderer2 and ElementRef?
+
Renderer2 provides safe DOM manipulation; ElementRef directly accesses
native
element (less safe).
DifBet resolvers and guards?
+
Resolvers fetch data before route activation; guards determine access.
DifBet routerLink and href?
+
routerLink navigates without page reload using Angular router; href reloads
the
page.
DifBet static and dynamic components?
+
Static components are declared in template; dynamic components are created
programmatically using ComponentFactoryResolver.
DifBet structural and attribute directives?
+
Structural changes DOM layout; attribute changes element behavior or style.
DifBet Subject and EventEmitter?
+
EventEmitter extends Subject and is used for @Output in components.
DifBet template-driven and reactive forms in terms of
validation?
+
Template-driven uses directives and template validation; Reactive uses form
controls
and programmatic validation.
DifBet template-driven and reactive forms?
+
Template-driven forms are simple and rely on directives; reactive forms are
more
powerful, programmatically created, and use FormBuilder.
DifBet templateRef and viewContainerRef?
+
TemplateRef represents embedded template; ViewContainerRef represents
container to
insert views.
DifBet ViewChild and ContentChild?
+
ViewChild references elements/components in template; ContentChild
references
projected content.
DifBet ViewEncapsulation.None, Emulated, and
ShadowDom?
+
None: no encapsulation; Emulated: scoped styles; ShadowDom: uses native
shadow DOM.
DifBet window.history and Angular Router?
+
window.history manipulates browser history; Angular Router manages SPA
routes
without full page reload.
DiffBet Angular and AngularJS
+
AngularJS (1.x) uses JavaScript and MVC., Angular (2+) uses TypeScript,
components,
and modules., Angular is faster, modular, and supports Ivy compiler.
DiffBet Angular and Backbone.js
+
Angular: MVVM, components, DI, two-way binding., Backbone.js: Lightweight,
MVC,
manual DOM manipulation., Angular offers more structured development and
tooling.
DiffBet Angular and jQuery
+
Angular: Full SPA framework, two-way binding, MVVM., jQuery: DOM
manipulation
library, no architecture.
DiffBet Angular expressions and JavaScript expressions
+
Angular expressions are safe and auto-sanitized., Run within Angular context
and
cannot use loops or exceptions.
DiffBet AngularJS and Angular?
+
AngularJS is JavaScript-based and uses MVC architecture., Angular (2+) is
TypeScript-based, faster, modular, and uses components., Angular supports
mobile
development and modern tooling., Angular has better performance, AOT
compilation,
and enhanced dependency injection.
DiffBet Annotation and Decorator
+
Annotation: Metadata in older frameworks., Decorator (Angular): Adds
metadata and
behavior to classes, properties, or methods.
DiffBet Component and Directive
+
Component: Has template + logic, renders UI., Directive: No template,
modifies DOM
behavior., Component is a type of directive with a view.
DiffBet constructor and ngOnInit
+
constructor: Instantiates the class, used for dependency injection.,
ngOnInit:
Lifecycle hook, executes after inputs are initialized., Use ngOnInit for
initialization logic instead of constructor.
DiffBet interpolated content and innerHTML
+
Interpolation ({{ }}) is automatically sanitized by Angular., innerHTML can
bypass
sanitization if used with untrusted content., Interpolation is safer for
user-generated content.
DiffBet ngIf and hidden property
+
ngIf adds/removes element from DOM., [hidden] hides element but keeps it in
DOM.,
Use ngIf for conditional rendering and hidden for styling.
DiffBet NgModule and JavaScript module
+
NgModule defines Angular metadata (components, directives, services).,
JavaScript
module only exports/imports variables or classes.
DiffBet promise and observable
+
Promise: Handles single async value; executes immediately., Observable: Can
emit
multiple values over time; lazy execution., Observable supports operators,
cancellation, and chaining.
DiffBet pure and impure pipe
+
Pure Pipe: Executes only when input changes; optimized for performance.,
Impure
Pipe: Executes on every change detection; can handle complex scenarios.,
Impure
pipes can cause performance overhead.
Differences between AngularJS and Angular
+
AngularJS: JS-based, uses MVC, two-way binding., Angular: TypeScript-based,
component-driven, improved performance., Angular has better mobile support
and
modular architecture.
Differences between AngularJS and Angular for DI
+
AngularJS uses function-based injection with $inject., Angular uses
class-based
injection with @Injectable() decorators., Angular DI supports hierarchical
injectors
and tree-shakable services.
Differences between reactive and template-driven forms
+
Reactive: Model-driven, synchronous, testable., Template-driven:
Template-driven,
simpler, less scalable., Reactive supports dynamic controls; template-driven
does
not.
Differences between various versions of Angular
+
AngularJS (1.x) is JavaScript-based and uses MVC., Angular 2+ is
TypeScript-based,
component-driven, modular, and faster., Later versions added Ivy compiler,
CLI
improvements, RxJS updates, and stricter type checking., Each version
focuses on
performance, security, and tooling enhancements.
Different types of compilation in Angular
+
JIT (Just-in-Time): Compiles in the browser at runtime., AOT
(Ahead-of-Time):
Compiles at build time.
Different ways to group form controls
+
FormGroup: Groups multiple controls logically., FormArray: Groups controls
dynamically as an array., Nested FormGroups for hierarchical structures.
Digest cycle in AngularJS.
+
The digest cycle is the internal process where AngularJS checks for model
changes
and updates the view. It compares current and previous values in watchers
and
continues until all bindings stabilize. It runs automatically during events
handled
by Angular.
Directive in Angular?
+
Directive is a class that can modify DOM behavior or structure.
Directives in Angular
+
Directives are instructions for the DOM., Types: Attribute, Structural
(*ngIf,
*ngFor), and Custom directives., They modify the behavior or appearance of
elements.
Directives in Angular?
+
Instructions to manipulate DOM., Types: Structural (*ngIf, *ngFor) and
Attribute
([ngClass], [ngStyle]).
Directives?
+
Directives are instructions in templates to manipulate DOM., Types:
Structural
(*ngIf, *ngFor) and Attribute ([ngClass])., They modify appearance,
behavior, or
layout of elements.
Do I need a Routing Module always?
+
Not strictly, but recommended for modularity., Helps separate route
configuration
from main app module., Improves maintainability and scalability.
Do I need to bootstrap custom elements?
+
No, Angular Elements are self-bootstrapped using createCustomElement().
Do I still need entryComponents in Angular 9?
+
No, Ivy compiler handles dynamic and bootstrapped components automatically.
Do you perform error handling?
+
Use RxJS catchError or pipe with tap:,
this.http.get('api').pipe(catchError(err =>
of([])));, Allows graceful fallback or logging.
Does Angular prevent HTTP-level vulnerabilities?
+
Angular provides HttpClient with built-in CSRF/XSRF support., Prevents
common HTTP
attacks if configured correctly., Additional server-side measures may still
be
required.
Does Angular support dynamic imports?
+
Yes, using import() syntax for lazy-loaded modules., Enables code splitting
and
reduces initial bundle size., Works seamlessly with Angular CLI and Webpack.
DOM sanitizer?
+
Service that cleans untrusted content before rendering., Used for HTML,
styles,
URLs, and resource URLs., Prevents script execution in Angular apps.
Dynamic components
+
Components created programmatically at runtime., Use
ComponentFactoryResolver or
ViewContainerRef.createComponent(), Useful for modals, tabs, or runtime
content.
Dynamic forms
+
Forms created programmatically at runtime., Useful when form structure is
not known
at compile-time., Built using FormBuilder or reactive APIs.
Eager and Lazy loading?
+
Eager loading: Loads all modules at app startup., Lazy loading: Loads
modules on
demand, improving initial load time.
Editor support for Angular Language Service
+
Supported in VS Code, WebStorm, Sublime, and Atom., Provides autocompletion,
quick
info, error detection, and navigation in templates.
Enable binding expression validation?
+
Enable it via "strictTemplates": true in angularCompilerOptions., It
validates
property and event bindings in templates., Prevents runtime template errors
and
improves type safety.
Entry component?
+
Component instantiated dynamically, not referenced in template., Used in
modals,
dialogs, or dynamically created components.
EntryComponents array not necessary every time?
+
Angular 9+ uses Ivy compiler, which automatically detects required
components., No
manual entryComponents needed for dynamic components.
Event binding in Angular?
+
Event binding binds events from DOM elements to component methods using
(event)
syntax.
Exactly is a parameterized pipe?
+
A pipe that accepts arguments to modify output., Example: {{ birthday |
date:'shortDate' }} where 'shortDate' is a parameter.
Exactly is the router state?
+
Router state is the current configuration and URL state of the Angular
router.,
Includes active routes, parameters, query parameters, and route data.
Example of built-in validators
+
name: new FormControl('', [Validators.required, Validators.minLength(3)]),
Applies
required and minimum length validation.
Example of few metadata errors
+
Using arrow functions in decorators., Dynamic expressions in @Input()
default
values., Referencing non-static properties in metadata.
Examples of NgModules
+
BrowserModule, FormsModule, HttpClientModule, RouterModule
Feature modules?
+
NgModules created for specific functionality of an app., Helps in lazy
loading, code
organization, and reusability.
Features included in Ivy preview
+
Tree-shakable components, Faster compilation, Improved type checking in
templates,
Better build size optimization
Features of Angular 7
+
CLI prompts, virtual scrolling, drag & drop., Improved performance, updated
RxJS
6.3., Better accessibility and dependency updates.
Features provided by Angular Language Service
+
Autocomplete for directives, components, and inputs, Error checking in
templates,
Quick info on variables and types, Navigation to component and template
definitions
Find Angular CLI version
+
Run command: ng version or ng v in terminal., It shows Angular CLI,
framework, and
Node versions.
Folding?
+
Folding is the process of resolving expressions at compile time., Helps AOT
replace
constants and simplify templates.
forRoot helps avoid duplicate router instances
+
forRoot() ensures singleton services in shared modules., Lazy-loaded modules
can use
forChild() without duplicating router.
Four phases of template translation
+
1. Extraction - extract translatable strings., 2. Translation - provide
translated
text., 3. Merging - merge translations with templates., 4. Rendering -
compile
translated templates.
Generate a class in Angular 7 using CLI
+
Command: ng generate class my-class, Creates a TypeScript class file in
project
structure.
Get current direction for locales
+
Use Directionality service: dir.value returns 'ltr' or 'rtl'., Useful for
layout
adjustments in RTL languages.
Get the current route?
+
Use Angular ActivatedRoute or Router service., Example:
this.route.snapshot.url or
this.router.url., It provides access to route parameters, query params, and
path
info.
Give an example of attribute directives
+
Attribute directives change the appearance or behavior of DOM elements.,
Example:,
Give an example of custom pipe
+
A custom pipe transforms data in templates., Example:, @Pipe({name:
'reverse'}),
export class ReversePipe implements PipeTransform {, transform(value:
string) {
return value.split('').reverse().join(''); }, }, Usage: {{ 'Angular' |
reverse }} →
ralugnA.
Guard in Angular?
+
Guard is a service to control access to routes, e.g., CanActivate,
CanDeactivate.
Happens if custom id is not unique
+
Angular may overwrite translations or throw errors., Unique IDs prevent
conflicts
and ensure correct mapping.
Happens if I import the same module twice?
+
Angular does not create duplicate services if a module is imported multiple
times.,
Components and directives are available where declared., Providers are
instantiated
only once at root level.
Happens if you do not supply handler for the observer
+
No callback is executed; observable executes but subscriber ignores emitted
values.,
No error or complete handling occurs.
Happens if you use script tag inside template?
+
Angular does not execute script tags in templates for security., Scripts are
ignored
to prevent XSS attacks., Use services or component logic instead.
Happens if you use the script tag within a template?
+
Scripts in Angular templates do not execute for security reasons (DOM
sanitization)., Use external scripts or component logic instead.
HTTP interceptors?
+
HTTP interceptors are used to intercept HTTP requests and responses., They
can
modify headers, add tokens, or handle errors globally., Registered in
Angular’s
dependency injection system., Useful for logging, caching, and
authentication.
Http Interceptors?
+
Classes that intercept HTTP requests and responses globally., Can modify
headers,
log activity, or handle errors., Implemented via HTTP_INTERCEPTORS token.
HttpClient and its benefits?
+
HttpClient is Angular’s service for HTTP communication., Supports typed
responses,
interceptors, and observables., Simplifies REST API calls with automatic
JSON
parsing.
HttpInterceptor in Angular?
+
Interceptor is a service to modify HTTP requests or responses globally.
Hydration?
+
Hydration converts server-rendered HTML into a fully interactive client
app., Used
in Angular Universal for SSR (Server-Side Rendering).
If BrowserModule used in feature module?
+
Error occurs: BrowserModule should only be imported in AppModule., Feature
modules
should use CommonModule instead.
Imported modules in CLI-generated feature modules
+
CommonModule for common directives., FormsModule if forms are used.,
RouterModule
for routing inside the feature module.
Impure Pipes
+
Impure pipes may return different output even if input is same., Executed on
every
change detection cycle., Useful for dynamic or async data transformations.
Include SASS into an Angular project?
+
Install node-sass or use Angular CLI:, ng config
schematics.@schematics/angular:component.style scss, Rename .css files to
.scss.,
Angular compiles SASS into CSS automatically.
Index property in ngFor directive
+
let i = index gives the current iteration index., Can be used for numbering
items or
conditionally styling elements.
Inject dynamic script in Angular?
+
Use Renderer2 or document.createElement('script') in a component., Set src
and
append it to document.body., Ensure scripts are loaded after component
initialization.
Install Angular Language Service in a project?
+
Use NPM: npm install @angular/language-service --save-dev., Also, enable it
in your
IDE (VS Code, WebStorm) for Angular templates.
Interpolation in Angular?
+
Interpolation allows embedding expressions in HTML using {{ expression }}
syntax.
Interpolation?
+
Interpolation binds component data to HTML view using {{ }}., Example:
Invoke a builder?
+
In Angular, a builder is invoked via angular.json or the CLI., Use commands
like ng
build or ng run :., Builders handle tasks like building, serving, or testing
projects., They are customizable via options in the angular.json
configuration.
Is aliasing possible for inputs and outputs?
+
Yes, using @Input('aliasName') or @Output('aliasName')., Allows different
property
names externally vs internally.
Is bootstrapped component required to be entry
component?
+
Yes, it must be included in entryComponents in Angular versions <9., In
Angular 9+ (Ivy), entryComponents array is no longer needed.
Is it mandatory to use @Injectable on every
service?
+
Only required if the service has dependencies injected., Recommended for
consistency and AOT compatibility.
Is it safe to use direct DOM API methods?
+
No, direct DOM manipulation may bypass Angular security., It can
introduce XSS
risks., Prefer Angular templates, bindings, or Renderer2.
Is static flag mandatory for ViewChild?
+
static: true/false required when accessing child elements in ngOnInit vs
ngAfterViewInit., true for early access, false for later lifecycle
access.
It helps determine what component should be
displayed.
+
Router links?, Router links ([routerLink]) are Angular directives to
navigate
between routes., Example: Home.
JIT?
+
JIT compiles Angular templates in the browser at runtime., Faster builds
but
slower app startup., Used mainly during development.
Key components of Angular
+
Component: UI + logic, Directive: Behavior or DOM manipulation, Module:
Organizes components, Service: Shared logic/data, Pipe: Data
transformation,
Routing: Navigation between views
Lazy loading in Angular?
+
Lazy loading loads modules only when needed, improving performance.
Lazy loading?
+
Lazy loading loads modules only when needed., Reduces initial load time
and
improves performance., Configured in the routing module using
loadChildren.
Lifecycle hooks available
+
Common hooks:, ngOnInit - after component initialization, ngOnChanges -
on input
property change, ngDoCheck - custom change detection, ngOnDestroy -
cleanup
before component removal
lifecycle hooks in Angular?
+
Lifecycle hooks are methods called at specific points in a component's
life,
e.g., ngOnInit, ngOnDestroy.
Lifecycle hooks in Angular? Examples?
+
Lifecycle hooks allow execution of logic at specific component stages.
Common
hooks include:, · ngOnInit() - initialization, · ngOnChanges() - when
input
properties change, · ngOnDestroy() - cleanup before removal, ·
ngAfterViewInit()
- when view loads
Lifecycle hooks of a zone
+
onStable: triggered when zone has no pending tasks., onUnstable:
triggered when
async tasks start., onMicrotaskEmpty: after microtasks complete.
lifecycle hooks? Explain a few.
+
Lifecycle hooks are methods called at specific component stages.,
Examples:,
ngOnInit: Initialization, ngOnChanges: Detect input changes,
ngOnDestroy:
Cleanup before destruction, They help manage component behavior.
Limitations with web workers
+
Cannot access DOM directly, Limited access to window or document
objects, Cannot
use Angular services directly, Communication is via messages only
List of template expression operators
+
+ - * / %, comparison (<>
<=>= == !=), logical (&& || !), ternary (? :), nullish (?.)
operators.
List pluralization categories
+
Angular supports: zero, one, two, few, many, other., Used in ICU plural
expressions.
Macros?
+
Macros are predefined expressions or reusable snippets in Angular
compilation.,
Used to simplify repeated patterns in metadata or templates.
Manually bootstrap an application
+
Use platformBrowserDynamic().bootstrapModule(AppModule) in main.ts.,
Starts
Angular without relying on automatic bootstrapping.
Manually register locale data
+
Import locale from @angular/common and register:, import {
registerLocaleData }
from '@angular/common';, import localeFr from
'@angular/common/locales/fr';,
registerLocaleData(localeFr);
Mapping rules between Angular component and custom
element
+
Component inputs → element attributes/properties, Component outputs →
DOM
events, Lifecycle hooks are preserved automatically
Metadata rewriting?
+
Metadata rewriting updates compiled metadata JSON files for AOT., Allows
Angular
to optimize templates and components at build time.
Metadata?
+
Metadata provides additional info about classes to Angular., Used via
decorators
like @Component and @NgModule., Tells Angular how to process a class.
Method decorators?
+
Decorators applied to methods to modify or enhance behavior., Example:
@HostListener listens to events on host elements.
Methods of NgZone to control change detection
+
run(): execute inside Angular zone (triggers detection).,
runOutsideAngular():
execute outside detection., onStable, onUnstable for subscriptions.
Module in Angular?
+
Modules group components, directives, pipes, and services into cohesive
blocks
of functionality.
Module?
+
Module (NgModule) organizes components, directives, and services., Every
Angular
app has a root module (AppModule)., Modules help in lazy loading and
modular
development.
Multicasting?
+
Multicasting allows sharing a single observable execution among multiple
subscribers., Achieved using Subject or share() operator., Reduces
unnecessary
API calls or processing.
MVVM Architecture
+
Model-View-ViewModel separates UI, logic, and data., Model: Data and
business
logic., View: User interface., ViewModel: Mediator between view and
model,
handles commands and data binding., Promotes testability and clean
separation of
concerns.
Navigating between routes in Angular
+
Use RouterLink or Router service:, Home, Or programmatically:
this.router.navigate(['/home']);
NgAfterContentInit in Angular?
+
ngAfterContentInit is called after content projected into component is
initialized.
NgAfterViewInit in Angular?
+
ngAfterViewInit is called after component's view and child views are
initialized.
Ngcc
+
Angular Compatibility Compiler converts node_modules packages compiled
with View
Engine to Ivy., Ensures libraries are compatible with Angular Ivy
compiler.
Ng-content and its purpose?
+
is a placeholder in a component template., Used for content projection,
letting
parent content be rendered in child components.
NgModule in Angular?
+
NgModule is a decorator that defines a module and its metadata, like
declarations, imports, providers, and bootstrap.
NgOnDestroy in Angular?
+
ngOnDestroy is called just before component destruction to clean up
resources.
NgOnInit in Angular?
+
ngOnInit is called once after component initialization.
NgOnInit?
+
ngOnInit is a lifecycle hook called after Angular initializes a
component., Used
to perform component initialization and fetch data., Runs once per
component
instantiation.
NgRx?
+
NgRx is a state management library for Angular., Based on Redux pattern,
uses
actions, reducers, and store., Helps manage complex application state
predictably.
NgUpgrade?
+
NgUpgrade allows hybrid apps running AngularJS and Angular together.,
Facilitates incremental migration from AngularJS to Angular., Supports
components, services, and routing interoperability.
NgZone
+
NgZone is a service that manages Angular’s change detection context., It
runs
code inside or outside Angular zone to control updates efficiently.
Non-null type assertion operator?
+
The ! operator asserts that a value is not null or undefined., Example:
value!.length tells TypeScript the variable is safe., Used to prevent
compiler
errors when you know the value exists.
NoopZone
+
A no-operation zone that disables automatic change detection., Useful
for
performance optimization in large apps.
Observable creation functions
+
of() - emits given values, from() - converts array, promise to
observable,
interval() - emits sequence periodically, fromEvent() - listens to DOM
events
Observable in Angular?
+
Observable represents a stream of asynchronous data that can be
subscribed to.
Observable?
+
Observable is a stream of data over time., It can emit next, error, and
complete
notifications., Used for HTTP, events, and async tasks.
Observables different from promises?
+
Observables can emit multiple values over time, promises only one.,
Observables
are lazy and cancellable., Promises are eager and simpler., Observables
support
operators for transformation and filtering.
Observables vs Promises
+
Observables: Multiple values over time, cancellable, lazy evaluation.,
Promises:
Single value, eager, not cancellable., Observables are used with RxJS in
Angular.
observables?
+
Observables are data streams that emit values over time., They allow
asynchronous operations like HTTP requests or events., Provided by RxJS
in
Angular.
Observer?
+
An observer is an object that listens to an observable., It has methods:
next,
error, and complete., Example: { next: x => console.log(x), error: e =>
console.log(e) }.
Operators in RxJS?
+
Operators are functions to transform, filter, or combine Observables,
e.g., map,
filter, mergeMap.
Optimize performance of async validators
+
Use debounceTime to reduce API calls., Use distinctUntilChanged for
unique
inputs., Avoid heavy computation inside validator function.
Option to choose between inline and external
template file
+
In @Component decorator:, template - inline HTML, templateUrl - external
HTML
file, Choice depends on component size and readability., *21. Purpose of
ngFor
directive, *ngFor is used to loop over a collection and render
elements.,
Syntax: *ngFor="let item of items"., Useful for dynamic lists and
tables., *22.
Purpose of ngIf directive, *ngIf conditionally renders elements based on
boolean
expression., Removes or adds elements from the DOM., Helps control UI
dynamically.
Optional dependency
+
A dependency that may or may not be provided., Use @Optional() decorator
in
constructor injection.
Parameterized pipe?
+
Pipes that accept arguments to modify output., Example: {{ amount |
currency:'USD':true }}, Allows flexible data formatting in templates.
Parent to Child data sharing example
+
Parent Component:, , Child Component:, @Input() childData: string;, This
passes
parentData from parent to child.
Pass headers for HTTP client?
+
Use HttpHeaders in Angular’s HttpClient., Example:, this.http.get(url, {
headers: new HttpHeaders({'Auth':'token'}) }), Allows sending
authentication,
content-type, or custom headers.
Perform error handling in observables?
+
Use catchError operator inside .pipe()., Example:
observable.pipe(catchError(err
=> of(defaultValue))), Can also use retry() to retry failed requests.
Pipe in Angular?
+
Pipe transforms data in templates, e.g., date, currency, custom pipes.
Pipes in Angular?
+
Pipes transform data before displaying in a template., Example: {{ name
|
uppercase }} converts text to uppercase., Can be built-in or custom.
Pipes?
+
Pipes transform data in the template without changing the component.,
Example:
{{date | date:'short'}}, Angular has built-in pipes like DatePipe,
UpperCasePipe, CurrencyPipe.
PipeTransform Interface
+
Interface that custom pipes must implement., Defines the transform()
method for
input-to-output transformation., Enables reusable data formatting.
platform in Angular?
+
Platform provides runtime context for Angular applications., Examples:
platformBrowser(), platformServer()., It bootstraps the Angular
application on
the respective environment.
Possible data update scenarios for change
detection
+
Model updates via property binding, User input in forms, Async
operations like
HTTP requests, timers, Manual triggering using ChangeDetectorRef
Possible errors with declarations
+
Declaring a component twice in different modules, Declaring
non-component
classes, Missing component import in module
Precedence between pipe and ternary operators
+
Ternary operators have higher precedence., Pipe (|) executes after
ternary
expression evaluates.
Prevent automatic sanitization
+
Use Angular DomSanitizer to mark content as trusted:,
bypassSecurityTrustHtml,
bypassSecurityTrustUrl, etc., Use carefully to avoid XSS
vulnerabilities.
Prioritize TypeScript over JavaScript in Angular?
+
TypeScript provides strong typing, classes, interfaces, and compile-time
checks., Improves developer productivity and maintainability.
Property binding in Angular?
+
Property binding binds component properties to HTML element properties
using
[property] syntax.
Property decorators?
+
Decorators that enhance class properties with Angular features.,
Example:
@Input() for parent-to-child binding, @Output() for event emission.
Protractor?
+
Protractor is an end-to-end testing framework for Angular apps., It runs
tests
in real browsers and integrates with Selenium., It understands
Angular-specific
elements like ng-model and ng-repeat.
Provide a singleton service
+
Use @Injectable({ providedIn: 'root' })., Angular injects one instance
app-wide., Do not redeclare in feature modules to avoid duplicates.
Provide build configuration for multiple locales
+
Use angular.json configurations:, "locales": { "fr":
"src/locale/messages.fr.xlf" }, Build with: ng build --localize.
Provide configuration inheritance?
+
Angular modules can extend or import other modules., Child modules
inherit
providers, declarations, and configurations from parent modules., Helps
maintain
shared settings across the app.
Provider?
+
A provider tells Angular how to create a service., It defines the
dependency
injection configuration., Declared in modules, components, or services.
Pure Pipes
+
Pure pipes return same output for same input., Executed only when input
changes., Used for performance optimization.
Purpose of tag
+
Specifies the base path for relative URLs in an Angular app., Helps
router
resolve paths correctly., Placed in the section of index.html., Example:
.
Purpose of animate function
+
animate() specifies duration, timing, and styles for transitions., It
animates
the element from one style to another., Used inside transition() to
control
animation flow.
Purpose of any type cast function?
+
The any type allows bypassing TypeScript type checking., It is used to
temporarily cast a variable when type is unknown., Useful during
migration or
working with dynamic data.
Purpose of async pipe
+
async pipe automatically subscribes to Observable or Promise., It
updates the
template with emitted values., Handles subscription and unsubscription
automatically.
Purpose of CommonModule?
+
CommonModule provides common directives like ngIf and ngFor., It is
imported in
feature modules to use standard Angular directives., Helps avoid
reimplementing
basic functionality.
Purpose of custom id
+
Assigns a unique identifier to a translatable string., Helps maintain
consistent
translations across builds.
Purpose of differential loading in CLI
+
Generates two bundles: modern ES2015+ for new browsers, ES5 for old
browsers.,
Reduces payload for modern browsers., Improves performance and load
time.
Purpose of FormBuilder
+
Simplifies creation of FormGroup, FormControl, and FormArray., Reduces
boilerplate code for reactive forms.
Purpose of hidden property
+
[hidden] toggles visibility of an element using CSS display: none.,
Unlike ngIf,
it does not remove the element from the DOM.
Purpose of i18n attribute
+
Marks an element or text for translation., Angular extracts these for
generating
translation files.
Purpose of innerHTML
+
innerHTML sets or gets the HTML content of an element., Used for dynamic
HTML
rendering in the DOM.
Purpose of metadata JSON files
+
Store compiled metadata about components, directives, and modules., Used
by AOT
compiler for dependency injection and code generation.
Purpose of ngFor trackBy
+
trackBy improves performance by tracking items using unique identifier.,
Prevents unnecessary DOM re-rendering when lists change.
Purpose of ngSwitch directive
+
ngSwitch conditionally displays elements based on expression value.,
ngSwitchCase and ngSwitchDefault define cases and default view.
Purpose of Wildcard route
+
Wildcard route (**) catches all undefined routes., Typically used for
404
pages., Example: { path: '**', component: PageNotFoundComponent }.
Reactive forms
+
Form model is defined in component class using FormControl, FormGroup.,
Provides
predictable, programmatic control and validators.
Reason for No provider for HTTP exception
+
Occurs when HttpClientModule is not imported in AppModule., Add
HttpClientModule
to imports to resolve dependency injection errors.
Reason to deprecate Web Tracing Framework
+
It was browser-dependent and complex., Angular adopted modern debugging
tools
and console-based tracing., Simplifies performance monitoring and
reduces
maintenance.
Reason to deprecate web worker packages
+
Native Web Worker APIs became standardized., Angular moved to simpler,
built-in
worker support., External packages were redundant and increased bundle
size.
Recommendation for provider scope
+
Provide services in root for singleton usage., Avoid multiple
registrations in
lazy-loaded modules unless necessary., Use feature module providers for
module-scoped instances.
ReplaySubject in Angular?
+
ReplaySubject emits a specified number of previous values to new
subscribers.
Report missing translations
+
Angular logs missing translations in console during compilation., Use
tools or
custom loaders to handle untranslated keys.
Reset the form
+
Use form.reset() to reset values and validation state., Optionally, pass
default
values: form.reset({ name: 'John' }).
Restrict provider scope to a module
+
Declare the provider in the providers array of the module., Avoid
providedIn:
'root' in @Injectable()., This creates a module-specific instance.
Restrictions of metadata
+
Cannot use dynamic expressions in decorators., Arrow functions or
complex
expressions are not allowed., Only static, serializable values are
permitted.
Restrictions on declarable classes
+
Declarables cannot be services or modules., They must be declared in
exactly one
NgModule., Cannot be imported multiple times across modules.
Role of ngModule metadata in compilation process
+
Defines components, directives, pipes, and services., Helps compiler
resolve
dependencies and build module graph.
Role of template compiler for XSS prevention
+
The compiler escapes unsafe content during template rendering., Ensures
dynamic
content does not execute scripts., Acts as a first-line defense against
XSS.
Root module in Angular?
+
The AppModule is the root module bootstrapped to launch the application.
Route Parameters?
+
Data passed through URLs to routes., Path parameters: /user/:id, Query
parameters: /user?id=1, Fragment: #section1, Matrix parameters:
/user;id=1
Routed entry component?
+
Component loaded via router dynamically, not referenced in template.,
Needs to
be known to Angular compiler to generate factory.
Router events?
+
Router events are lifecycle events during navigation., Examples:
NavigationStart, RoutesRecognized, NavigationEnd, NavigationError., You
can
subscribe to Router.events for tracking navigation.
Router imports?
+
To use routing, import:, RouterModule, Routes from @angular/router, Then
configure routes using RouterModule.forRoot(routes) or forChild(routes).
Router links?
+
[routerLink] is used for navigation without page reload., Example: Home,
It
generates URLs based on route configuration.
Router outlet?
+
is a placeholder where routed components are displayed., The router
dynamically
injects the matched component here., Only one per view or multiple for
nested
routes.
Router state?
+
Router state represents the current tree of activated routes., Provides
access
to route parameters, query parameters, and data., Useful for inspecting
the
current route in the app.
Router state?
+
Router state represents current route information., Contains URL,
params,
queryParams, and component data., Accessible via Router or
ActivatedRoute
service.
RouterModule in Angular?
+
RouterModule provides services and directives for configuring routing.
Routing in Angular?
+
Routing enables navigation between different views in a single-page
application.
Rule in Schematics?
+
A rule defines transformations on a project tree., It decides how files
are
created, modified, or deleted., Rules are building blocks of schematics.
Run Bazel directly?
+
Use Bazel CLI commands: bazel build //src:app or bazel test //src:app.,
It
executes targets defined in BUILD files., Helps in running incremental
builds
independently of Angular CLI.
RxJS in Angular?
+
RxJS is a reactive programming library for handling asynchronous data
streams
using Observables.
RxJS in Angular?
+
RxJS is a library for reactive programming., Used with observables to
handle
async data, events, and streams., Provides operators like map, filter,
and
debounceTime.
RxJS Subject in Angular?
+
Subject is an observable that multicasts values to multiple observers.,
It can
act as both an observer and observable., Used for communication between
components or services.
RxJS?
+
RxJS (Reactive Extensions for JavaScript) is a library for reactive
programming., Provides observables, operators, and subjects., Used for
async
tasks and event handling in Angular.
safe navigation operator?
+
?. operator prevents null or undefined errors in templates., Example:
user?.name
returns undefined if user is null.
Sanitization? Does Angular support it?
+
Sanitization cleans untrusted input to prevent code injection., Angular
provides
built-in DomSanitizer for HTML, styles, URLs, and scripts.
Schematic?
+
Schematics are code generators for Angular projects., They automate
creation of
components, services, modules, or custom templates., Used with Angular
CLI.
Schematics CLI?
+
Command-line tool to run, test, and create schematics., Example:
schematics
blank --name=my-schematic., Helps automate repetitive tasks in Angular
projects.
Scope hierarchy in Angular
+
Angular components have isolated scopes with hierarchical injectors.,
Child
components inherit parent services via DI.
Scope in Angular
+
Scope is the binding context between controller and view., Used in
AngularJS;
replaced by Component class properties in Angular.
Security principles in Angular
+
Follow XSS prevention, CSRF protection, input validation, and
sanitization.,
Avoid direct DOM manipulation and unsafe URL usage., Use Angular
built-in
sanitizers and HttpClient.
Select an element in component template?
+
Use template reference variables or @ViewChild() decorator., Example:
@ViewChild('myDiv') myDivElement: ElementRef;., This allows accessing
DOM
elements or child components from the component class.
Select an element within a component template?
+
Use @ViewChild() or @ViewChildren() decorators., Example:
@ViewChild('myDiv')
div: ElementRef;, Allows access to DOM elements or child components in
TS code.
select ICU expression
+
Used for conditional translations based on variable values., Example:
gender-based messages: {gender, select, male {...} female {...} other
{...}}
Server-side XSS protection in Angular
+
Validate and sanitize inputs before sending to client., Use CSP headers,
HTTPS,
and server-side escaping., Combine with Angular client-side protections.
Service in Angular?
+
Service is a class that provides shared functionality across components.
Service Worker and its role in Angular?
+
Service Worker is a background script that intercepts network requests.,
It
enables offline caching, push notifications, and performance
improvements.,
Angular supports Service Worker via @angular/pwa package.
Service?
+
Service is a class that holds business logic or shared data., Injected
into
components using Dependency Injection., Promotes code reusability across
components.
Services in Angular?
+
Reusable classes that hold business logic or shared data., Injected into
components via DI., Helps separate UI and logic.
Set ngFor and ngIf on same element
+
Use :,
Share data between components in Angular?
+
Parent-to-child: @Input(), Child-to-parent: @Output() with EventEmitter,
Service
with BehaviorSubject or Subject for unrelated components
Share services using modules?
+
Yes, but use Core module or providedIn: 'root'., Avoid providing in
Shared
module to prevent multiple instances.
Shared module
+
A module containing reusable components, directives, pipes, and
services.,
Imported by other modules to reduce code duplication., Typically does
not
provide singleton services.
Shorthand notation for subscribe method
+
Instead of an observer object, use separate callbacks:,
observable.subscribe(val
=> console.log(val), err => console.log(err), () =>
console.log('complete'));
Single Page Applications (SPA)
+
SPA loads one HTML page and dynamically updates content., Routing is
handled on
the client side., Improves speed and reduces server load.
Slice pipe?
+
Slice pipe extracts a subset of array or string., Example: {{ items |
slice:0:3
}} shows first 3 items., Useful for pagination or previews.
Some features of Angular
+
Component-based architecture., Two-way data binding and dependency
injection.,
Directives, services, and RxJS support., Powerful CLI for project
scaffolding.
SPA? (Single Page Application)
+
A SPA loads a single HTML page and dynamically updates content using
JavaScript
without full page reloads. Unlike traditional websites where each action
loads a
new page, SPAs improve speed, user experience, and reduce server load.
Special configuration for Angular 9?
+
Angular 9 uses Ivy compiler by default., No additional configuration is
needed
for most apps.
Specify Angular template compiler options?
+
Template compiler options are specified in tsconfig.json or
angular.json., You
can enable strict type checking, full template type checking, and other
options., Example: "angularCompilerOptions": { "strictTemplates": true
}., It
helps catch template errors at compile time.
Standalone component?
+
A component that does not require a module., Can be used independently
with its
own imports, providers, and declarations.
State CSS classes provided by ngModel
+
ng-valid, ng-invalid, ng-dirty, ng-pristine, ng-touched, ng-untouched,
Helps
style form validation states.
State function?
+
state() defines a named state for an animation., It specifies styles
associated
with that state., Used in combination with transition() to animate
between
states.
Steps to use animation module
+
1. Install @angular/animations., 2. Import BrowserAnimationsModule in
the root
module., 3. Use trigger, state, style, animate, and transition in
components.,
4. Bind animations to templates using [ @triggerName ].
Steps to use declaration elements
+
1. Declare component, directive, or pipe in NgModule., 2. Export if
needed for
other modules., 3. Import module in consuming module., 4. Use element in
template.
string interpolation and property binding.
+
String interpolation: {{ value }} inserts data into templates., Property
binding: [property]="value" binds data to element properties., Both keep
view
and data synchronized.
String interpolation in Angular?
+
Binding data from component to template using {{ value }}.,
Automatically
updates the DOM when the component value changes.
Style function?
+
style() defines CSS styles to apply in a particular state or keyframe.,
Used
inside state(), transition(), or animate()., Example: style({ opacity:
0,
transform: 'translateX(-100%)' }).
Subject in Angular?
+
Subject is an Observable that allows multicasting to multiple
subscribers.
Subscribing?
+
Subscribing is listening to an observable., Example: .subscribe(data =>
console.log(data));, Triggers execution and receives emitted values.
Template expressions?
+
Template expressions are evaluated inside interpolation or binding., Can
include
properties, methods, operators., Cannot contain statements like loops or
conditionals.
Template statements?
+
Template statements handle events like (click) or (change)., Invoke
component
methods in response to user actions., Example: Click
Template?
+
Template is the HTML view of a component., It defines structure, layout,
and
binds data using Angular syntax., Can include directives, bindings, and
pipes.
Template-driven forms
+
Forms defined directly in HTML template using ngModel., Less control but
simpler
for small forms.
Templates in Angular
+
Templates define the HTML view of a component., They can contain Angular
directives, bindings, and expressions., Templates are combined with
component
logic to render the UI.
Templates in Angular?
+
HTML with Angular directives, bindings, and components., Defines the
view for a
component.
Test Angular application using CLI?
+
Use ng test to run unit tests with Karma and Jasmine., Use ng e2e for
end-to-end
testing with Protractor or Cypress., CLI manages configurations and test
runner
setup automatically.
TestBed?
+
TestBed is Angular’s unit testing utility for configuring and
initializing
environment., It allows creating components, services, and modules in
isolation., Used with Karma or Jasmine to run tests.
Three phases of AOT
+
1. Metadata analysis: Parse decorators and template metadata., 2.
Template
compilation: Convert templates to TypeScript code., 3. Code generation:
Emit
optimized JavaScript for the browser.
Transfer components to custom elements
+
Use createCustomElement(Component, { injector }), Register via
customElements.define('tag-name', element).
Transition function?
+
transition() defines how animations move between states., It specifies
conditions, duration, and easing for the animation., Example:
transition('open
=> closed', animate('300ms ease-in')).
Translate an attribute
+
Add i18n-attribute to mark element attributes: Welcome,
Translate text without creating an element
+
Use i18n attribute on existing elements or directives., Angular supports
inline
translations for text content.
Transpiling in Angular?
+
Transpiling converts TypeScript or modern JavaScript into plain
JavaScript.,
This ensures compatibility with browsers., Angular uses the TypeScript
compiler
(tsc) for this process., It helps leverage ES6+ features safely in older
browsers.
Trigger an animation
+
Use Angular Animation API: trigger, state, transition, animate., Call
animation
in template with [@animationName]., Can also trigger via component
methods.
Two-way binding in Angular?
+
Two-way binding synchronizes data between component and template using
[(ngModel)].
Two-way data binding
+
Updates component model when view changes and vice versa., Implemented
using
[(ngModel)]., Simplifies form handling.
Type narrowing?
+
Type narrowing is the process of refining a variable’s type., TypeScript
uses
control flow analysis like if, typeof, or instanceof., Example: if
(typeof x ===
"string") { x.toUpperCase(); }
Types of data binding in Angular?
+
Interpolation, Property Binding, Event Binding, Two-way Binding
([(ngModel)]).
Types of directives in Angular?
+
Components, Structural Directives (e.g., *ngIf, *ngFor), and Attribute
Directives (e.g., ngClass, ngStyle).
Types of feature modules
+
Eager-loaded modules: Loaded at app startup., Lazy-loaded modules:
Loaded on
demand via routing., Shared modules: Contain reusable components,
directives,
pipes., Core module: Provides singleton services.
Types of filters in AngularJS.
+
Filters format data displayed in the UI. Common filters include:, ✓
currency
(formats currency), ✓ date (formats date), ✓ filter (filters arrays), ✓
uppercase/lowercase, ✓ orderBy (sorts collections),
Types of injector hierarchies
+
Root injector, Module-level injector, Component-level injector, Child
injectors
inherit from parent injector.
Types of validator functions
+
Synchronous validators (Validators.required, Validators.minLength),
Asynchronous
validators (HTTP-based or custom async checks)
Type-safe TestBed API changes in Angular 9
+
TestBed APIs now return strongly typed component and fixture instances.,
Improves type checking in unit tests.
TypeScript class with constructor and function
+
class Person {, constructor(public name: string) {}, greet() {
console.log(`Hello ${this.name}`); }, }, let p = new Person("John");,
p.greet();
TypeScript?
+
TypeScript is a superset of JavaScript that adds static typing., It
compiles
down to plain JavaScript for browser compatibility., Provides features
like
classes, interfaces, and type checking., Used extensively in Angular for
better
maintainability and scalability.
Update specific properties of a form model
+
Use patchValue() for partial updates., setValue() requires all
properties to be
updated., Example: form.patchValue({ name: 'John' }).
Upgrade Angular version?
+
Use ng update @angular/core @angular/cli., Follow migration guides for
breaking
changes., CLI updates dependencies, TypeScript, and configuration
automatically.
Upgrade location service of AngularJS?
+
Migrate $location service to Angular’s Router module., Update code to
use
Router.navigate() or ActivatedRoute., Ensures smooth URL and state
management in
Angular.
Use any JavaScript feature in expression syntax
for
AOT?
+
No, only static and serializable expressions are allowed., Dynamic or
runtime
JavaScript features are rejected.
Use AOT compilation with Ivy?
+
Yes, Ivy fully supports AOT (Ahead-of-Time) compilation., It improves
startup
performance and catches template errors at compile time.
Use arrow functions in AOT?
+
No, arrow functions are not allowed in decorators or metadata., AOT
requires
static, serializable expressions.
Use Bazel with Angular CLI?
+
Install Bazel schematics: ng add @angular/bazel., Build or test projects
using
Bazel commands: ng build --bazel., It replaces default Webpack builder
for
performance optimization.
Use HttpClient with an example
+
Inject HttpClient in a service:, this.http.get
('api/users').subscribe(data =>
console.log(data));, Use .get, .post, .put, .delete for REST calls.,
Returns
observable streams.
Use interceptor for entire application
+
Provide it in AppModule providers:, providers: [{ provide:
HTTP_INTERCEPTORS,
useClass: MyInterceptor, multi: true }], Ensures all HTTP requests pass
through
it.
Use jQuery in Angular?
+
Install jQuery via npm: npm install jquery., Import it in angular.json
scripts
or component: import * as $ from 'jquery';., Use carefully; prefer
Angular
templates over direct DOM manipulation.
Use polyfills in Angular application?
+
Modify polyfills.ts file to enable browser compatibility., Includes
support for
older browsers (IE, Edge)., Polyfills ensure Angular features work
across
different platforms.
Use SASS in Angular project?
+
Set --style=scss when creating project: ng new app --style=scss., Or
change file
extensions to .scss and configure angular.json., Angular CLI
automatically
compiles SASS to CSS.
Utility functions provided by RxJS
+
Functions like of, from, interval, timer, throwError, and fromEvent.,
Used to
create or manipulate observables.
Various kinds of directives
+
Structural: *ngIf, *ngFor - modify DOM structure, Attribute: [ngStyle],
[ngClass] - change element behavior/appearance, Custom directives:
User-defined
behaviors
Various security contexts in Angular
+
HTML (content in templates), Style (CSS binding), Script (JavaScript
context),
URL (resource links), Resource URL (external resources)
Verify model changes in forms
+
Subscribe to valueChanges or statusChanges on form or controls.,
Example:
form.valueChanges.subscribe(val => console.log(val)).
view encapsulation in Angular?
+
Controls CSS scope in components., Types: Emulated (default), None,
Shadow DOM.,
Prevents styles from leaking or being overridden.
ViewEncapsulation? Types?
+
ViewEncapsulation controls styling scope in Angular components., It has
three
modes:, · Emulated (default, scoped styles), · None (global styles), ·
ShadowDom
(real Shadow DOM isolation)
Ways to control AOT compilation
+
Enable/disable in angular.json using "aot": true/false., Use CLI
commands: ng
build --aot., Manage template metadata and decorators carefully.
Ways to remove duplicate service registration
+
Provide service only in root., Avoid lazy-loaded module providers for
shared
services., Use forRoot pattern for modules with services.
Ways to trigger change detection in Angular
+
User events (click, input) automatically trigger detection.,
ChangeDetectorRef.detectChanges() manually triggers detection.,
NgZone.run()
executes code inside Angular zone., Async operations via Observables or
Promises
also trigger it.
Workspace APIs?
+
Workspace APIs allow managing Angular projects programmatically., Used
for
creating, modifying, or generating projects and configurations., Part of
Angular
DevKit (@angular-devkit/core).
Zone context
+
The environment that monitors async operations., Angular uses it to know
when to
run change detection.
Zone?
+
Zone.js is a library used by Angular to detect asynchronous operations.,
It
helps Angular trigger change detection automatically., All async tasks
like
setTimeout, promises, and HTTP requests are tracked.
:host property in CSS
+
:host targets the component’s root element from within its CSS., Allows
styling
the host without affecting other components.
Activated route?
+
ActivatedRoute provides info about the current route., Access route
params,
query params, fragments, and data., Injected into components via
constructor.
Active router links?
+
Active links are highlighted when the route matches the current URL.,
Use
routerLinkActive directive:, Home, This helps in UI feedback for
navigation.
Add web workers in your application?
+
Use Angular CLI: ng generate web-worker ., Update angular.json and
enable
TypeScript worker configuration., Offloads heavy computation to
background
threads for performance.
Advantages and disadvantages of Angular
+
Advantages: Component-based, TypeScript, SPA support, tooling.,
Disadvantages:
Steep learning curve, larger bundle size, complex for small apps.
Advantages of Angular over other frameworks
+
Two-way data binding reduces boilerplate code., Dependency injection
improves
modularity., Rich ecosystem, TypeScript support, and reusable
components.
Advantages of Angular over other frameworks
+
Strong TypeScript support., Declarative templates with data binding.,
Rich
ecosystem and official libraries (Material, Forms, RxJS)., Modular,
testable,
and maintainable code.
Advantages of Angular over React
+
Angular is a full-fledged framework, React is a library., Built-in
support for
forms, routing, and HTTP., Strong TypeScript integration for better type
safety.
Advantages of Angular?
+
Two-way data binding, modularity, dependency injection, TypeScript
support, and
powerful CLI.
Advantages of AOT
+
Faster app startup., Smaller bundle size., Detects template errors at
build
time., Better security by compiling templates ahead of time.
Advantages of Bazel tool
+
Faster builds with caching, Parallel execution, Language-agnostic
support,
Scales well for monorepos
Angular Animation?
+
Angular Animation allows creating smooth UI animations in components.,
Built on
Web Animations API with @angular/animations., Supports transitions,
keyframes,
triggers, and states for dynamic effects.
Angular application work?
+
Angular apps run in the browser., Templates define UI, components handle
logic,
and services manage data., Data binding updates the view dynamically
when the
model changes.
Angular Architecture Diagram
+
Angular architecture includes:, Modules (NgModule), Components (UI +
logic),
Templates (HTML), Directives (behavior), Services (business logic),
Dependency
Injection and Routing
Angular Authentication and Authorization
+
Authentication: Verify user identity (login, JWT)., Authorization:
Control
access to resources/routes based on roles., Implemented using guards,
tokens,
and HttpInterceptors.
Angular CLI Builder?
+
Angular CLI Builder is a customizable build pipeline tool., It allows
modifying
build, serve, and test processes., Used to extend or replace default
Angular CLI
behavior.
Angular CLI?
+
Angular CLI is a command-line tool to scaffold, build, and maintain
Angular
applications.
Angular CLI?
+
Angular CLI is a command-line tool for Angular projects., Used to
generate
components, modules, services, and run builds., Simplifies scaffolding
and
deployment tasks.
Angular compiler?
+
Transforms Angular TypeScript and templates into JavaScript., Includes
AOT and
JIT compilers., Generates code for change detection and view rendering.
Angular DSL?
+
DSL (Domain-Specific Language) in Angular refers to template syntax., It
allows
declarative UI using HTML with Angular directives., Includes *ngIf,
*ngFor,
interpolation, and bindings.
Angular Elements
+
Angular Components packaged as custom HTML elements., Can be used
outside
Angular apps., Supports inputs, outputs, and encapsulation.
Angular expressions vs JavaScript expressions
+
Angular expressions are evaluated in the scope context and are safe., No
loops,
conditionals, or global access., JS expressions can access any variable
or
perform complex operations.
Angular finds components, directives, and pipes
+
Compiler scans NgModule declarations., Generates factories and resolves
templates and dependencies.
Angular Framework?
+
Angular is a TypeScript-based front-end framework for building dynamic
single-page applications (SPAs)., It provides features like components,
data
binding, dependency injection, and routing., Maintains a modular
architecture
and encourages reusable code., It supports both client-side rendering
and
progressive web apps.
Angular introduced as a client-side framework?
+
To create dynamic SPAs with fast user interactions., Reduces server load
by
rendering templates on the client., Provides data binding, modularity,
and
reusable components.
Angular Ivy?
+
Ivy is the new rendering engine in Angular., It improves build size,
speed, and
runtime performance., Supports AOT compilation, better debugging, and
improved
type checking.
Angular Language Service?
+
Provides editor support like autocomplete, type checking, and error
detection
for Angular templates., Helps developers write Angular code faster and
with
fewer mistakes.
Angular library
+
Reusable module/package with components, directives, services., Can be
published
and shared via npm.
Angular Material mean?
+
Angular Material is a UI component library implementing Google’s
Material
Design., Provides pre-built components like buttons, tables, forms, and
dialogs., Enhances UI consistency and responsiveness.
Angular Material?
+
A UI component library for Angular apps., Provides pre-built,
responsive, and
accessible components., Includes buttons, forms, tables, navigation, and
themes.
Angular Material?
+
Official UI component library for Angular., Provides modern, accessible,
and
responsive UI components.
Angular render on server-side?
+
Yes, using Angular Universal., Enables SSR for SEO and faster initial
load.
Angular Router?
+
Angular Router allows navigation between views/components., It maps URLs
to
components., Supports nested routes, lazy loading, and route guards.,
Enables
single-page application (SPA) behavior.
Angular security model for preventing XSS attacks
+
Angular automatically escapes interpolated content., Sanitizes URLs,
HTML, and
styles in templates., Prevents injection attacks on the DOM.
Angular Signals with an example
+
import { signal } from '@angular/core';, const count = signal(0);,
count.set(5);
// Updates reactive value, count.subscribe(val => console.log(val));,
When count
changes, subscribed components update automatically.
Angular Signals?
+
Signals are reactive primitives to track state changes., They allow
automatic UI
updates when values change.
Angular simplifies Internationalization (i18n)
+
Provides built-in i18n support, translation files, and pipes., Supports
pluralization, locale formatting, and dynamic translations., CLI helps
extract
and compile translations.
Angular Universal?
+
Angular Universal enables server-side rendering for SEO and faster load
times.
Angular Universal?
+
Angular Universal enables server-side rendering (SSR) of Angular apps.,
Improves
SEO and performance., Pre-renders HTML on the server before sending to
client.
Angular uses client-side rendering by default
+
True. Angular renders templates in the browser using JavaScript.,
Server-side
rendering (Angular Universal) is optional.
Angular?
+
Angular is a platform and framework for building single-page client
applications
using HTML and TypeScript.
Angular?
+
Angular is a TypeScript-based front-end framework., Used to build
single-page
applications (SPAs)., Supports components, modules, services, and
reactive
programming.
Annotations in Angular
+
Older term for decorators in AngularJS., Used to attach metadata to
classes or
functions., Helps framework know how to process the component.
AOT Compilation and advantages
+
Compiles templates during build time., Catches template errors early,
reduces
bundle size, improves performance.
AOT compilation? Advantages?
+
AOT (Ahead-of-Time) compiles Angular templates during build time.,
Advantages:
Faster rendering, smaller bundle size, early error detection, and better
security.
AOT compiler
+
Ahead-of-Time compiler compiles templates during build, not runtime.,
Reduces
bundle size, improves performance, and catches template errors early.
AOT?
+
AOT compiles Angular templates during build., Generates optimized
JavaScript
before the app loads., Improves performance and reduces runtime errors.
Applications of HTTP interceptors
+
Add authentication tokens, logging, error handling, caching., Modify
request/response globally., Handle API versioning or header
manipulation.
Are all components generated in production build?
+
Only components referenced or reachable from templates and routes are
included.,
Unused components are tree-shaken.
Are multiple interceptors supported in Angular?
+
Yes, interceptors are executed in the order provided., Each can pass
control to
the next using next.handle().
AsyncPipe in Angular?
+
AsyncPipe subscribes to Observables/Promises in templates and handles
unsubscription automatically.
Bazel tool?
+
Bazel is a build and test tool developed by Google., It handles
large-scale
projects efficiently., Supports incremental builds and caching.
BehaviorSubject in Angular?
+
BehaviorSubject stores current value and emits it to new subscribers.
Benefit of Automatic Inlining of Fonts
+
Embeds fonts directly into CSS to reduce network requests., Improves
page load
speed and performance., Enhances First Contentful Paint (FCP) metrics.
Best practices for security in Angular
+
Use sanitization, HttpClient, and Angular templates safely., Avoid
innerHTML for
untrusted content., Enable Content Security Policy (CSP) and HTTPS.
Bootstrapped component?
+
Root component loaded by Angular to start the application., Declared in
bootstrap array of AppModule.
Bootstrapping module?
+
The bootstrapping module initializes the Angular application., It is
usually the
root module (AppModule) loaded by main.ts., It sets up the root
component and
starts the application., It imports other modules required for app
startup.
Bootstrapping module?
+
It is the root Angular module that launches the application., Defined
with
@NgModule and bootstrap array., Typically called AppModule.
Browser support for Angular
+
Supports latest Chrome, Firefox, Edge, Safari., IE11 support is
deprecated in
recent Angular versions., Modern Angular relies on evergreen browsers
for
features.
Browser support of Angular Elements
+
Supported in all modern browsers (Chrome, Firefox, Edge, Safari).,
Polyfills may
be needed for IE11.
Builder?
+
A Builder is a class or script that executes a specific task in Angular
CLI., It
can run builds, tests, linting, or deploy tasks., Provides flexibility
to
customize CLI workflows.
Building blocks of Angular?
+
Angular is built using several key components: Components (UI control),
Modules
(grouping functionality), Templates (HTML with Angular bindings),
Services
(business logic), and Dependency Injection. These work together to build
scalable single-page applications.
Can you read full response?
+
Use { observe: 'response' } with HttpClient:, this.http.get('api/users',
{
observe: 'response' }).subscribe(resp => console.log(resp.status,
resp.body));,
It returns headers, status, and body.
Case types in Angular?
+
Angular uses naming conventions:, camelCase for variables and functions,
PascalCase for classes and components, kebab-case for selectors and
filenames,
This ensures consistency and readability.
Categorize data binding types?
+
One-way binding: Interpolation, property, event, Two-way binding:
[(ngModel)],
Enables dynamic updates between component and view.
Chain pipes?
+
Multiple pipes can be applied sequentially using |., Example: {{ name |
uppercase | slice:0:5 }}, Output is passed from one pipe to the next.
Change Detection and how does it work?
+
Change Detection tracks updates in component data and updates the view.,
Angular
checks the component tree for changes automatically., It works via Zones
and
triggers re-rendering when a model changes., Helps keep UI and data
synchronized.
Change detection in Angular?
+
Change detection tracks changes in application state and updates the DOM
accordingly.
Change settings of zone.js
+
Configure zone.js flags before import in polyfills:, (window as
any).__Zone_disable_X = true;, Controls patching of timers, events, or
async
operations.
Choose an element from a component template?
+
Use ViewChild or ViewChildren decorators., Example:
@ViewChild('myElement')
element: ElementRef;, Access DOM elements directly in component class.
Class decorators in Angular?
+
Class decorators attach metadata to a class., Common ones: @Component,
@Directive, @Injectable, @NgModule., They define how the class behaves
in
Angular’s DI and rendering system.
Class decorators?
+
Class decorators define metadata for classes., Example: @Injectable()
marks a
class for dependency injection.
Class field decorators?
+
Class field decorators annotate properties of a class., Examples:
@Input(),
@Output(), @ViewChild()., They help Angular bind data, access DOM, or
communicate between components.
Classes that should not be added to declarations
+
Services, Modules, Non-Angular classes, Declarations should include
components,
directives, and pipes only.
Client-side frameworks like Angular were
introduced?
+
To create dynamic, responsive web apps without reloading pages., They
handle
data binding, DOM manipulation, and routing on the client side.,
Improves
performance and user experience.
Code for creating a decorator.
+
A basic Angular decorator example:, function Log(target, key) {,
console.log(`Property ${key} was accessed`);, }, Decorators enhance or
modify
class behavior during runtime.
Codelyzer?
+
Codelyzer is a static analysis tool for Angular projects., It checks for
coding
style, best practices, and template errors., Used with TSLint for
linting
Angular apps.
Collection?
+
In Angular, a collection is a group of objects like arrays, sets, or
maps., Used
to store and iterate over data in templates using ngFor.
Compare service() and factory() functions.
+
service() returns an instantiated singleton object and is created using
a
constructor function. factory() allows returning a custom object,
function, or
primitive and provides more flexibility. Both are used for sharing
reusable
logic across components.
Compilation process?
+
Transforms Angular templates and metadata into efficient JavaScript.,
Ensures
type safety and detects template errors., Optimizes the app for
performance.
Component Decorator?
+
@Component defines a class as an Angular component., Specifies metadata
like
selector, template, and styles., Registers the component with Angular’s
module
system.
Component Test Harnesses?
+
A test API for Angular Material components., Allows interacting with
components
in tests without relying on DOM selectors., Provides a clean and
maintainable
way to write unit tests.
Components in Angular?
+
Components are building blocks of Angular applications that control a
part of
the UI.
Components, Modules, and Services in Angular
+
Component: UI + logic., Module: Groups components, directives, and
services.,
Service: Provides reusable business logic, injected via dependency
injection.
Components?
+
Components are building blocks of Angular apps., They contain template,
class
(logic), and metadata., Responsible for rendering views and handling
user
interaction.
Concept of Dependency Injection (DI).
+
DI provides class dependencies automatically via Angular’s injector.,
Reduces
manual instantiation and promotes testability., Example: Injecting a
service
into a component constructor.
Configure injectors with providers at different
levels
+
Root injector: App-wide singleton (providedIn: 'root')., Module
injector:
Module-specific., Component injector: Scoped to component and children.
Content projection?
+
Mechanism to pass content from parent to child component., Allows child
components to display dynamic content from parent templates.
Create a standalone component manually
+
Set standalone: true in the component decorator:, @Component({,
selector:
'app-my-component',, standalone: true,, templateUrl:
'./my-component.html', }),
export class MyComponent {}
Create a standalone component using CLI
+
Run: ng generate component my-component --standalone., Generates a
component
without declaring it in a module.
Create an app shell in Angular?
+
Use Angular CLI command: ng add @angular/pwa to enable PWA features.,
Then run
ng generate app-shell --client-project ., It generates server-side
rendered
shell for faster initial load., App shell improves performance and
perceived
loading speed.
Create directives using CLI
+
Run:, ng generate directive myDirective, Generates directive file with
@Directive decorator ready to use.
Create displayBlock components
+
Use display: block in component CSS or
Create schematics for libraries?
+
Use Angular CLI command: ng generate schematic , Define rules to create
components or modules in the library., Automates repetitive tasks in
library
development.
Custom elements
+
Custom elements are browser-native HTML elements defined by developers.,
They
encapsulate functionality and can be reused like standard tags.
Custom elements work internally
+
Angular wraps a component in custom element class., Manages
inputs/outputs,
change detection, and lifecycle hooks., Element behaves like a standard
HTML
tag.
Custom pipe?
+
Custom pipe is a user-defined pipe to transform data., Created using
@Pipe
decorator and implementing PipeTransform., Useful for app-specific
formatting or
logic.
Data binding in Angular
+
Synchronizes data between component and template., Can be one-way or
two-way.,
Reduces manual DOM manipulation.
Data binding in Angular?
+
Data binding synchronizes data between the component class and template.
Data binding?
+
Data binding connects component class with template/view., Types include
one-way
(interpolation, property, event) and two-way binding., Enables dynamic
UI
updates.
Data Binding? In how many ways can it be executed?
+
Data binding connects data between the component and the UI. Angular
supports
four main types: Interpolation ({{ }}), Property Binding ([ ]), Event
Binding ((
)), and Two-way Binding ([( )]) using ngModel.
Deal with errors in observables?
+
Use the catchError operator in RxJS., Handle errors inside subscribe via
error
callback., Example:, observable.pipe(catchError(err =>
of([]))).subscribe(...)
Declarable in Angular?
+
Declarable refers to classes that can be declared in an NgModule.,
Includes
Components, Directives, and Pipes., They define UI behavior or
transformations
in templates.
Decorator in Angular?
+
Decorator is a function that adds metadata to classes, e.g., @Component,
@Injectable.
Decorators in Angular
+
Decorators provide metadata to classes, methods, or properties., Types:
@Component, @Injectable, @Directive, @Pipe., They enable Angular
features like
dependency injection and templates.
Define routes?
+
Routes are defined using a Routes array:, const routes: Routes = [, {
path:
'home', component: HomeComponent },, { path: 'about', component:
AboutComponent
}, ];, Configured via RouterModule.forRoot(routes).
Define the ng-content Directive
+
Allows content projection into a child component., Acts as a placeholder
for
parent-provided HTML content.
Define typings for custom elements
+
Create a .d.ts file declaring:, interface HTMLElementTagNameMap {
'my-element':
MyComponentElement; }, Ensures TypeScript type checking.
Dependency Hierarchy formed?
+
Angular forms a tree hierarchy of injectors., Root injector provides
global
services., Child components can have component-level injectors.,
Services are
resolved from closest injector upwards.
Dependency Injection
+
DI is a design pattern to inject dependencies into components/services.,
Promotes loose coupling and testability., Angular has a built-in DI
system.
Dependency injection in Angular?
+
DI is a design pattern where a class receives its dependencies from an
external
source rather than creating them.
Dependency injection in Angular?
+
Dependency Injection (DI) provides services or objects to components
automatically., Avoids manual creation of service instances., Promotes
modularity and testability.
Dependency injection tree in Angular?
+
Hierarchy of injectors controlling service scope and lifetime.
Describe the MVVM architecture
+
Model-View-ViewModel separates data, UI, and logic., Angular components
act as
ViewModel, templates as View, services/models as Model.
Describe various dependencies in Angular
application?
+
Dependencies are described using constructor injection in services or
components., Decorators like @Injectable() and @Inject() define provider
rules.,
Angular’s DI system manages the lifecycle and resolution of
dependencies.
Design goals of Service Workers
+
Offline-first experience, Background sync and push notifications,
Improved
performance and caching strategies, Enhancing reliability and
responsiveness
Detect route change in Angular?
+
Subscribe to Router events:, this.router.events.subscribe(event => { /*
handle
NavigationEnd */ });, You can use ActivatedRoute to detect parameter
changes.,
Useful for executing logic on route transitions.
DI token?
+
DI token is a key used to inject a dependency in Angular’s DI system.,
Can be a
type, string, or InjectionToken., Helps Angular locate and provide the
correct
service or value.
DifBet ActivatedRoute and Router?
+
ActivatedRoute provides info about current route; Router is used to
navigate
programmatically.
DifBet Angular Elements and Angular Components?
+
Angular Elements are Angular components packaged as custom elements to
use in
non-Angular apps.
DifBet Angular Material and Bootstrap?
+
Angular Material provides Angular components with Material Design;
Bootstrap is
CSS framework.
DifBet Angular service and singleton service?
+
Service is reusable class; singleton ensures a single instance
application-wide
using providedIn: 'root'.
DifBet Angular Service Worker and Service Worker
API?
+
Angular Service Worker integrates with Angular for PWA features; Service
Worker
API is native browser API.
DifBet AngularJS and Angular?
+
AngularJS is based on JavaScript (v1.x); Angular (v2+) is based on
TypeScript
and component-based architecture.
DifBet CanActivate and CanDeactivate guards?
+
CanActivate controls route access; CanDeactivate controls leaving a
route.
DifBet catchError and retry operators in RxJS?
+
catchError handles errors; retry retries failed requests a specified
number of
times.
DifBet Content Projection and ViewChild?
+
Content Projection inserts external content into component; ViewChild
accesses
component's template elements.
DifBet debounceTime() and throttleTime()?
+
debounceTime waits until silence; throttleTime emits at most once in
time
interval.
DifBet declarations and imports in NgModule?
+
Declarations define components, directives, pipes within module; imports
bring
in other modules.
DifBet eagerly loaded and lazy loaded modules?
+
Eager modules load at app startup; lazy modules load on demand.
DifBet FormControl, FormGroup, and FormArray?
+
FormControl represents a single input; FormGroup groups controls;
FormArray is a
dynamic array of controls.
DifBet forwardRef and Injector in Angular?
+
forwardRef allows referencing classes before declaration; Injector
provides DI
manually.
DifBet HttpClientModule and HttpModule?
+
HttpModule is deprecated; HttpClientModule is modern and supports typed
responses and interceptors.
DifBet map() and switchMap()?
+
map transforms values; switchMap cancels previous inner observable and
switches
to new observable.
DifBet NgFor and NgForOf?
+
NgFor is the structural directive; NgForOf is the underlying
implementation for
iterables.
DifBet ngIf else and ngSwitch?
+
ngIf else conditionally renders templates; ngSwitch selects among
multiple
templates.
DifBet ngOnChanges and ngDoCheck?
+
ngOnChanges is triggered by input property changes; ngDoCheck is called
on every
change detection cycle.
DifBet ng-template and ng-container?
+
ng-template defines reusable template; ng-container is a logical
container that
doesn't render in DOM.
DifBet NgZone and ChangeDetectorRef?
+
NgZone manages async operations and triggers change detection;
ChangeDetectorRef
manually triggers change detection.
DifBet OnPush and Default change detection
strategy?
+
Default checks all components every cycle; OnPush checks only when input
reference changes.
DifBet OnPush and Default change detection?
+
OnPush runs only when inputs change; Default runs on every change
detection
cycle.
DifBet Promise and Observable in Angular?
+
Promise handles single async value; Observable handles multiple values
over time
with operators.
DifBet providedIn: 'root' and providedIn: 'any'?
+
'root' provides singleton service globally; 'any' provides separate
instances
for lazy-loaded modules.
DifBet providers and imports in NgModule?
+
Providers register services with DI; imports bring in other modules.
DifBet pure and impure pipes?
+
Pure pipes are executed only when input changes; impure pipes run on
every
change detection cycle.
DifBet PurePipe and ImpurePipe?
+
PurePipe executes only when input changes; ImpurePipe executes every
change
detection.
DifBet Renderer and Renderer2?
+
Renderer2 is the updated, safer API for DOM manipulation in Angular 4+.
DifBet Renderer2 and ElementRef?
+
Renderer2 provides safe DOM manipulation; ElementRef directly accesses
native
element (less safe).
DifBet resolvers and guards?
+
Resolvers fetch data before route activation; guards determine access.
DifBet routerLink and href?
+
routerLink navigates without page reload using Angular router; href
reloads the
page.
DifBet static and dynamic components?
+
Static components are declared in template; dynamic components are
created
programmatically using ComponentFactoryResolver.
DifBet structural and attribute directives?
+
Structural changes DOM layout; attribute changes element behavior or
style.
DifBet Subject and EventEmitter?
+
EventEmitter extends Subject and is used for @Output in components.
DifBet template-driven and reactive forms in terms
of validation?
+
Template-driven uses directives and template validation; Reactive uses
form
controls and programmatic validation.
DifBet template-driven and reactive forms?
+
Template-driven forms are simple and rely on directives; reactive forms
are more
powerful, programmatically created, and use FormBuilder.
DifBet templateRef and viewContainerRef?
+
TemplateRef represents embedded template; ViewContainerRef represents
container
to insert views.
DifBet ViewChild and ContentChild?
+
ViewChild references elements/components in template; ContentChild
references
projected content.
DifBet ViewEncapsulation.None, Emulated, and
ShadowDom?
+
None: no encapsulation; Emulated: scoped styles; ShadowDom: uses native
shadow
DOM.
DifBet window.history and Angular Router?
+
window.history manipulates browser history; Angular Router manages SPA
routes
without full page reload.
DiffBet Angular and AngularJS
+
AngularJS (1.x) uses JavaScript and MVC., Angular (2+) uses TypeScript,
components, and modules., Angular is faster, modular, and supports Ivy
compiler.
DiffBet Angular and Backbone.js
+
Angular: MVVM, components, DI, two-way binding., Backbone.js:
Lightweight, MVC,
manual DOM manipulation., Angular offers more structured development and
tooling.
DiffBet Angular and jQuery
+
Angular: Full SPA framework, two-way binding, MVVM., jQuery: DOM
manipulation
library, no architecture.
DiffBet Angular expressions and JavaScript
expressions
+
Angular expressions are safe and auto-sanitized., Run within Angular
context and
cannot use loops or exceptions.
DiffBet AngularJS and Angular?
+
AngularJS is JavaScript-based and uses MVC architecture., Angular (2+)
is
TypeScript-based, faster, modular, and uses components., Angular
supports mobile
development and modern tooling., Angular has better performance, AOT
compilation, and enhanced dependency injection.
DiffBet Annotation and Decorator
+
Annotation: Metadata in older frameworks., Decorator (Angular): Adds
metadata
and behavior to classes, properties, or methods.
DiffBet Component and Directive
+
Component: Has template + logic, renders UI., Directive: No template,
modifies
DOM behavior., Component is a type of directive with a view.
DiffBet constructor and ngOnInit
+
constructor: Instantiates the class, used for dependency injection.,
ngOnInit:
Lifecycle hook, executes after inputs are initialized., Use ngOnInit for
initialization logic instead of constructor.
DiffBet interpolated content and innerHTML
+
Interpolation ({{ }}) is automatically sanitized by Angular., innerHTML
can
bypass sanitization if used with untrusted content., Interpolation is
safer for
user-generated content.
DiffBet ngIf and hidden property
+
ngIf adds/removes element from DOM., [hidden] hides element but keeps it
in
DOM., Use ngIf for conditional rendering and hidden for styling.
DiffBet NgModule and JavaScript module
+
NgModule defines Angular metadata (components, directives, services).,
JavaScript module only exports/imports variables or classes.
DiffBet promise and observable
+
Promise: Handles single async value; executes immediately., Observable:
Can emit
multiple values over time; lazy execution., Observable supports
operators,
cancellation, and chaining.
DiffBet pure and impure pipe
+
Pure Pipe: Executes only when input changes; optimized for performance.,
Impure
Pipe: Executes on every change detection; can handle complex scenarios.,
Impure
pipes can cause performance overhead.
Differences between AngularJS and Angular
+
AngularJS: JS-based, uses MVC, two-way binding., Angular:
TypeScript-based,
component-driven, improved performance., Angular has better mobile
support and
modular architecture.
Differences between AngularJS and Angular for DI
+
AngularJS uses function-based injection with $inject., Angular uses
class-based
injection with @Injectable() decorators., Angular DI supports
hierarchical
injectors and tree-shakable services.
Differences between reactive and template-driven
forms
+
Reactive: Model-driven, synchronous, testable., Template-driven:
Template-driven, simpler, less scalable., Reactive supports dynamic
controls;
template-driven does not.
Differences between various versions of Angular
+
AngularJS (1.x) is JavaScript-based and uses MVC., Angular 2+ is
TypeScript-based, component-driven, modular, and faster., Later versions
added
Ivy compiler, CLI improvements, RxJS updates, and stricter type
checking., Each
version focuses on performance, security, and tooling enhancements.
Different types of compilation in Angular
+
JIT (Just-in-Time): Compiles in the browser at runtime., AOT
(Ahead-of-Time):
Compiles at build time.
Different ways to group form controls
+
FormGroup: Groups multiple controls logically., FormArray: Groups
controls
dynamically as an array., Nested FormGroups for hierarchical structures.
Digest cycle in AngularJS.
+
The digest cycle is the internal process where AngularJS checks for
model
changes and updates the view. It compares current and previous values in
watchers and continues until all bindings stabilize. It runs
automatically
during events handled by Angular.
Directive in Angular?
+
Directive is a class that can modify DOM behavior or structure.
Directives in Angular
+
Directives are instructions for the DOM., Types: Attribute, Structural
(*ngIf,
*ngFor), and Custom directives., They modify the behavior or appearance
of
elements.
Directives in Angular?
+
Instructions to manipulate DOM., Types: Structural (*ngIf, *ngFor) and
Attribute
([ngClass], [ngStyle]).
Directives?
+
Directives are instructions in templates to manipulate DOM., Types:
Structural
(*ngIf, *ngFor) and Attribute ([ngClass])., They modify appearance,
behavior, or
layout of elements.
Do I need a Routing Module always?
+
Not strictly, but recommended for modularity., Helps separate route
configuration from main app module., Improves maintainability and
scalability.
Do I need to bootstrap custom elements?
+
No, Angular Elements are self-bootstrapped using createCustomElement().
Do I still need entryComponents in Angular 9?
+
No, Ivy compiler handles dynamic and bootstrapped components
automatically.
Do you perform error handling?
+
Use RxJS catchError or pipe with tap:,
this.http.get('api').pipe(catchError(err
=> of([])));, Allows graceful fallback or logging.
Does Angular prevent HTTP-level vulnerabilities?
+
Angular provides HttpClient with built-in CSRF/XSRF support., Prevents
common
HTTP attacks if configured correctly., Additional server-side measures
may still
be required.
Does Angular support dynamic imports?
+
Yes, using import() syntax for lazy-loaded modules., Enables code
splitting and
reduces initial bundle size., Works seamlessly with Angular CLI and
Webpack.
DOM sanitizer?
+
Service that cleans untrusted content before rendering., Used for HTML,
styles,
URLs, and resource URLs., Prevents script execution in Angular apps.
Dynamic components
+
Components created programmatically at runtime., Use
ComponentFactoryResolver or
ViewContainerRef.createComponent(), Useful for modals, tabs, or runtime
content.
Dynamic forms
+
Forms created programmatically at runtime., Useful when form structure
is not
known at compile-time., Built using FormBuilder or reactive APIs.
Eager and Lazy loading?
+
Eager loading: Loads all modules at app startup., Lazy loading: Loads
modules on
demand, improving initial load time.
Editor support for Angular Language Service
+
Supported in VS Code, WebStorm, Sublime, and Atom., Provides
autocompletion,
quick info, error detection, and navigation in templates.
Enable binding expression validation?
+
Enable it via "strictTemplates": true in angularCompilerOptions., It
validates
property and event bindings in templates., Prevents runtime template
errors and
improves type safety.
Entry component?
+
Component instantiated dynamically, not referenced in template., Used in
modals,
dialogs, or dynamically created components.
EntryComponents array not necessary every time?
+
Angular 9+ uses Ivy compiler, which automatically detects required
components.,
No manual entryComponents needed for dynamic components.
Event binding in Angular?
+
Event binding binds events from DOM elements to component methods using
(event)
syntax.
Exactly is a parameterized pipe?
+
A pipe that accepts arguments to modify output., Example: {{ birthday |
date:'shortDate' }} where 'shortDate' is a parameter.
Exactly is the router state?
+
Router state is the current configuration and URL state of the Angular
router.,
Includes active routes, parameters, query parameters, and route data.
Example of built-in validators
+
name: new FormControl('', [Validators.required,
Validators.minLength(3)]),
Applies required and minimum length validation.
Example of few metadata errors
+
Using arrow functions in decorators., Dynamic expressions in @Input()
default
values., Referencing non-static properties in metadata.
Examples of NgModules
+
BrowserModule, FormsModule, HttpClientModule, RouterModule
Feature modules?
+
NgModules created for specific functionality of an app., Helps in lazy
loading,
code organization, and reusability.
Features included in Ivy preview
+
Tree-shakable components, Faster compilation, Improved type checking in
templates, Better build size optimization
Features of Angular 7
+
CLI prompts, virtual scrolling, drag & drop., Improved performance,
updated RxJS
6.3., Better accessibility and dependency updates.
Features provided by Angular Language Service
+
Autocomplete for directives, components, and inputs, Error checking in
templates, Quick info on variables and types, Navigation to component
and
template definitions
Find Angular CLI version
+
Run command: ng version or ng v in terminal., It shows Angular CLI,
framework,
and Node versions.
Folding?
+
Folding is the process of resolving expressions at compile time., Helps
AOT
replace constants and simplify templates.
forRoot helps avoid duplicate router instances
+
forRoot() ensures singleton services in shared modules., Lazy-loaded
modules can
use forChild() without duplicating router.
Four phases of template translation
+
1. Extraction - extract translatable strings., 2. Translation - provide
translated text., 3. Merging - merge translations with templates., 4.
Rendering
- compile translated templates.
Generate a class in Angular 7 using CLI
+
Command: ng generate class my-class, Creates a TypeScript class file in
project
structure.
Get current direction for locales
+
Use Directionality service: dir.value returns 'ltr' or 'rtl'., Useful
for layout
adjustments in RTL languages.
Get the current route?
+
Use Angular ActivatedRoute or Router service., Example:
this.route.snapshot.url
or this.router.url., It provides access to route parameters, query
params, and
path info.
Give an example of attribute directives
+
Attribute directives change the appearance or behavior of DOM elements.,
Example:,
Give an example of custom pipe
+
A custom pipe transforms data in templates., Example:, @Pipe({name:
'reverse'}),
export class ReversePipe implements PipeTransform {, transform(value:
string) {
return value.split('').reverse().join(''); }, }, Usage: {{ 'Angular' |
reverse
}} → ralugnA.
Guard in Angular?
+
Guard is a service to control access to routes, e.g., CanActivate,
CanDeactivate.
Happens if custom id is not unique
+
Angular may overwrite translations or throw errors., Unique IDs prevent
conflicts and ensure correct mapping.
Happens if I import the same module twice?
+
Angular does not create duplicate services if a module is imported
multiple
times., Components and directives are available where declared.,
Providers are
instantiated only once at root level.
Happens if you do not supply handler for the
observer
+
No callback is executed; observable executes but subscriber ignores
emitted
values., No error or complete handling occurs.
Happens if you use script tag inside template?
+
Angular does not execute script tags in templates for security., Scripts
are
ignored to prevent XSS attacks., Use services or component logic
instead.
Happens if you use the script tag within a
template?
+
Scripts in Angular templates do not execute for security reasons (DOM
sanitization)., Use external scripts or component logic instead.
HTTP interceptors?
+
HTTP interceptors are used to intercept HTTP requests and responses.,
They can
modify headers, add tokens, or handle errors globally., Registered in
Angular’s
dependency injection system., Useful for logging, caching, and
authentication.
Http Interceptors?
+
Classes that intercept HTTP requests and responses globally., Can modify
headers, log activity, or handle errors., Implemented via
HTTP_INTERCEPTORS
token.
HttpClient and its benefits?
+
HttpClient is Angular’s service for HTTP communication., Supports typed
responses, interceptors, and observables., Simplifies REST API calls
with
automatic JSON parsing.
HttpInterceptor in Angular?
+
Interceptor is a service to modify HTTP requests or responses globally.
Hydration?
+
Hydration converts server-rendered HTML into a fully interactive client
app.,
Used in Angular Universal for SSR (Server-Side Rendering).
If BrowserModule used in feature module?
+
Error occurs: BrowserModule should only be imported in AppModule.,
Feature
modules should use CommonModule instead.
Imported modules in CLI-generated feature modules
+
CommonModule for common directives., FormsModule if forms are used.,
RouterModule for routing inside the feature module.
Impure Pipes
+
Impure pipes may return different output even if input is same.,
Executed on
every change detection cycle., Useful for dynamic or async data
transformations.
Include SASS into an Angular project?
+
Install node-sass or use Angular CLI:, ng config
schematics.@schematics/angular:component.style scss, Rename .css files
to
.scss., Angular compiles SASS into CSS automatically.
Index property in ngFor directive
+
let i = index gives the current iteration index., Can be used for
numbering
items or conditionally styling elements.
Inject dynamic script in Angular?
+
Use Renderer2 or document.createElement('script') in a component., Set
src and
append it to document.body., Ensure scripts are loaded after component
initialization.
Install Angular Language Service in a project?
+
Use NPM: npm install @angular/language-service --save-dev., Also, enable
it in
your IDE (VS Code, WebStorm) for Angular templates.
Interpolation in Angular?
+
Interpolation allows embedding expressions in HTML using {{ expression
}}
syntax.
Interpolation?
+
Interpolation binds component data to HTML view using {{ }}., Example:
Invoke a builder?
+
In Angular, a builder is invoked via angular.json or the CLI., Use
commands like
ng build or ng run :., Builders handle tasks like building, serving, or
testing
projects., They are customizable via options in the angular.json
configuration.
Is aliasing possible for inputs and outputs?
+
Yes, using @Input('aliasName') or @Output('aliasName')., Allows
different
property names externally vs internally.
Is bootstrapped component required to be entry
component?
+
Yes, it must be included in entryComponents in Angular versions <9., In
Angular 9+ (Ivy), entryComponents array is no longer needed.
Is it mandatory to use @Injectable on every
service?
+
Only required if the service has dependencies injected., Recommended
for
consistency and AOT compatibility.
Is it safe to use direct DOM API methods?
+
No, direct DOM manipulation may bypass Angular security., It can
introduce
XSS risks., Prefer Angular templates, bindings, or Renderer2.
Is static flag mandatory for ViewChild?
+
static: true/false required when accessing child elements in
ngOnInit vs
ngAfterViewInit., true for early access, false for later lifecycle
access.
It helps determine what component should be
displayed.
+
Router links?, Router links ([routerLink]) are Angular directives to
navigate between routes., Example: Home.
JIT?
+
JIT compiles Angular templates in the browser at runtime., Faster
builds but
slower app startup., Used mainly during development.
Key components of Angular
+
Component: UI + logic, Directive: Behavior or DOM manipulation,
Module:
Organizes components, Service: Shared logic/data, Pipe: Data
transformation,
Routing: Navigation between views
Lazy loading in Angular?
+
Lazy loading loads modules only when needed, improving performance.
Lazy loading?
+
Lazy loading loads modules only when needed., Reduces initial load
time and
improves performance., Configured in the routing module using
loadChildren.
Lifecycle hooks available
+
Common hooks:, ngOnInit - after component initialization,
ngOnChanges - on
input property change, ngDoCheck - custom change detection,
ngOnDestroy -
cleanup before component removal
lifecycle hooks in Angular?
+
Lifecycle hooks are methods called at specific points in a
component's life,
e.g., ngOnInit, ngOnDestroy.
Lifecycle hooks in Angular? Examples?
+
Lifecycle hooks allow execution of logic at specific component
stages.
Common hooks include:, · ngOnInit() - initialization, ·
ngOnChanges() - when
input properties change, · ngOnDestroy() - cleanup before removal, ·
ngAfterViewInit() - when view loads
Lifecycle hooks of a zone
+
onStable: triggered when zone has no pending tasks., onUnstable:
triggered
when async tasks start., onMicrotaskEmpty: after microtasks
complete.
lifecycle hooks? Explain a few.
+
Lifecycle hooks are methods called at specific component stages.,
Examples:,
ngOnInit: Initialization, ngOnChanges: Detect input changes,
ngOnDestroy:
Cleanup before destruction, They help manage component behavior.
Limitations with web workers
+
Cannot access DOM directly, Limited access to window or document
objects,
Cannot use Angular services directly, Communication is via messages
only
List of template expression operators
+
+ - * / %, comparison (<>
<=>= == !=), logical (&& || !), ternary (? :), nullish (?.)
operators.
List pluralization categories
+
Angular supports: zero, one, two, few, many, other., Used in ICU
plural
expressions.
Macros?
+
Macros are predefined expressions or reusable snippets in Angular
compilation., Used to simplify repeated patterns in metadata or
templates.
Manually bootstrap an application
+
Use platformBrowserDynamic().bootstrapModule(AppModule) in main.ts.,
Starts
Angular without relying on automatic bootstrapping.
Manually register locale data
+
Import locale from @angular/common and register:, import {
registerLocaleData } from '@angular/common';, import localeFr from
'@angular/common/locales/fr';, registerLocaleData(localeFr);
Mapping rules between Angular component and
custom element
+
Component inputs → element attributes/properties, Component outputs
→ DOM
events, Lifecycle hooks are preserved automatically
Metadata rewriting?
+
Metadata rewriting updates compiled metadata JSON files for AOT.,
Allows
Angular to optimize templates and components at build time.
Metadata?
+
Metadata provides additional info about classes to Angular., Used
via
decorators like @Component and @NgModule., Tells Angular how to
process a
class.
Method decorators?
+
Decorators applied to methods to modify or enhance behavior.,
Example:
@HostListener listens to events on host elements.
Methods of NgZone to control change detection
+
run(): execute inside Angular zone (triggers detection).,
runOutsideAngular(): execute outside detection., onStable,
onUnstable for
subscriptions.
Module in Angular?
+
Modules group components, directives, pipes, and services into
cohesive
blocks of functionality.
Module?
+
Module (NgModule) organizes components, directives, and services.,
Every
Angular app has a root module (AppModule)., Modules help in lazy
loading and
modular development.
Multicasting?
+
Multicasting allows sharing a single observable execution among
multiple
subscribers., Achieved using Subject or share() operator., Reduces
unnecessary API calls or processing.
MVVM Architecture
+
Model-View-ViewModel separates UI, logic, and data., Model: Data and
business logic., View: User interface., ViewModel: Mediator between
view and
model, handles commands and data binding., Promotes testability and
clean
separation of concerns.
Navigating between routes in Angular
+
Use RouterLink or Router service:, Home, Or programmatically:
this.router.navigate(['/home']);
NgAfterContentInit in Angular?
+
ngAfterContentInit is called after content projected into component
is
initialized.
NgAfterViewInit in Angular?
+
ngAfterViewInit is called after component's view and child views are
initialized.
Ngcc
+
Angular Compatibility Compiler converts node_modules packages
compiled with
View Engine to Ivy., Ensures libraries are compatible with Angular
Ivy
compiler.
Ng-content and its purpose?
+
is a placeholder in a component template., Used for content
projection,
letting parent content be rendered in child components.
NgModule in Angular?
+
NgModule is a decorator that defines a module and its metadata, like
declarations, imports, providers, and bootstrap.
NgOnDestroy in Angular?
+
ngOnDestroy is called just before component destruction to clean up
resources.
NgOnInit in Angular?
+
ngOnInit is called once after component initialization.
NgOnInit?
+
ngOnInit is a lifecycle hook called after Angular initializes a
component.,
Used to perform component initialization and fetch data., Runs once
per
component instantiation.
NgRx?
+
NgRx is a state management library for Angular., Based on Redux
pattern,
uses actions, reducers, and store., Helps manage complex application
state
predictably.
NgUpgrade?
+
NgUpgrade allows hybrid apps running AngularJS and Angular
together.,
Facilitates incremental migration from AngularJS to Angular.,
Supports
components, services, and routing interoperability.
NgZone
+
NgZone is a service that manages Angular’s change detection
context., It
runs code inside or outside Angular zone to control updates
efficiently.
Non-null type assertion operator?
+
The ! operator asserts that a value is not null or undefined.,
Example:
value!.length tells TypeScript the variable is safe., Used to
prevent
compiler errors when you know the value exists.
NoopZone
+
A no-operation zone that disables automatic change detection.,
Useful for
performance optimization in large apps.
Observable creation functions
+
of() - emits given values, from() - converts array, promise to
observable,
interval() - emits sequence periodically, fromEvent() - listens to
DOM
events
Observable in Angular?
+
Observable represents a stream of asynchronous data that can be
subscribed
to.
Observable?
+
Observable is a stream of data over time., It can emit next, error,
and
complete notifications., Used for HTTP, events, and async tasks.
Observables different from promises?
+
Observables can emit multiple values over time, promises only one.,
Observables are lazy and cancellable., Promises are eager and
simpler.,
Observables support operators for transformation and filtering.
Observables vs Promises
+
Observables: Multiple values over time, cancellable, lazy
evaluation.,
Promises: Single value, eager, not cancellable., Observables are
used with
RxJS in Angular.
observables?
+
Observables are data streams that emit values over time., They allow
asynchronous operations like HTTP requests or events., Provided by
RxJS in
Angular.
Observer?
+
An observer is an object that listens to an observable., It has
methods:
next, error, and complete., Example: { next: x => console.log(x),
error: e
=> console.log(e) }.
Operators in RxJS?
+
Operators are functions to transform, filter, or combine
Observables, e.g.,
map, filter, mergeMap.
Optimize performance of async validators
+
Use debounceTime to reduce API calls., Use distinctUntilChanged for
unique
inputs., Avoid heavy computation inside validator function.
Option to choose between inline and external
template file
+
In @Component decorator:, template - inline HTML, templateUrl -
external
HTML file, Choice depends on component size and readability., *21.
Purpose
of ngFor directive, *ngFor is used to loop over a collection and
render
elements., Syntax: *ngFor="let item of items"., Useful for dynamic
lists and
tables., *22. Purpose of ngIf directive, *ngIf conditionally renders
elements based on boolean expression., Removes or adds elements from
the
DOM., Helps control UI dynamically.
Optional dependency
+
A dependency that may or may not be provided., Use @Optional()
decorator in
constructor injection.
Parameterized pipe?
+
Pipes that accept arguments to modify output., Example: {{ amount |
currency:'USD':true }}, Allows flexible data formatting in
templates.
Parent to Child data sharing example
+
Parent Component:, , Child Component:, @Input() childData: string;,
This
passes parentData from parent to child.
Pass headers for HTTP client?
+
Use HttpHeaders in Angular’s HttpClient., Example:,
this.http.get(url, {
headers: new HttpHeaders({'Auth':'token'}) }), Allows sending
authentication, content-type, or custom headers.
Perform error handling in observables?
+
Use catchError operator inside .pipe()., Example:
observable.pipe(catchError(err => of(defaultValue))), Can also use
retry()
to retry failed requests.
Pipe in Angular?
+
Pipe transforms data in templates, e.g., date, currency, custom
pipes.
Pipes in Angular?
+
Pipes transform data before displaying in a template., Example: {{
name |
uppercase }} converts text to uppercase., Can be built-in or custom.
Pipes?
+
Pipes transform data in the template without changing the
component.,
Example: {{date | date:'short'}}, Angular has built-in pipes like
DatePipe,
UpperCasePipe, CurrencyPipe.
PipeTransform Interface
+
Interface that custom pipes must implement., Defines the transform()
method
for input-to-output transformation., Enables reusable data
formatting.
platform in Angular?
+
Platform provides runtime context for Angular applications.,
Examples:
platformBrowser(), platformServer()., It bootstraps the Angular
application
on the respective environment.
Possible data update scenarios for change
detection
+
Model updates via property binding, User input in forms, Async
operations
like HTTP requests, timers, Manual triggering using
ChangeDetectorRef
Possible errors with declarations
+
Declaring a component twice in different modules, Declaring
non-component
classes, Missing component import in module
Precedence between pipe and ternary operators
+
Ternary operators have higher precedence., Pipe (|) executes after
ternary
expression evaluates.
Prevent automatic sanitization
+
Use Angular DomSanitizer to mark content as trusted:,
bypassSecurityTrustHtml, bypassSecurityTrustUrl, etc., Use carefully
to
avoid XSS vulnerabilities.
Prioritize TypeScript over JavaScript in
Angular?
+
TypeScript provides strong typing, classes, interfaces, and
compile-time
checks., Improves developer productivity and maintainability.
Property binding in Angular?
+
Property binding binds component properties to HTML element
properties using
[property] syntax.
Property decorators?
+
Decorators that enhance class properties with Angular features.,
Example:
@Input() for parent-to-child binding, @Output() for event emission.
Protractor?
+
Protractor is an end-to-end testing framework for Angular apps., It
runs
tests in real browsers and integrates with Selenium., It understands
Angular-specific elements like ng-model and ng-repeat.
Provide a singleton service
+
Use @Injectable({ providedIn: 'root' })., Angular injects one
instance
app-wide., Do not redeclare in feature modules to avoid duplicates.
Provide build configuration for multiple
locales
+
Use angular.json configurations:, "locales": { "fr":
"src/locale/messages.fr.xlf" }, Build with: ng build --localize.
Provide configuration inheritance?
+
Angular modules can extend or import other modules., Child modules
inherit
providers, declarations, and configurations from parent modules.,
Helps
maintain shared settings across the app.
Provider?
+
A provider tells Angular how to create a service., It defines the
dependency
injection configuration., Declared in modules, components, or
services.
Pure Pipes
+
Pure pipes return same output for same input., Executed only when
input
changes., Used for performance optimization.
Purpose of tag
+
Specifies the base path for relative URLs in an Angular app., Helps
router
resolve paths correctly., Placed in the section of index.html.,
Example: .
Purpose of animate function
+
animate() specifies duration, timing, and styles for transitions.,
It
animates the element from one style to another., Used inside
transition() to
control animation flow.
Purpose of any type cast function?
+
The any type allows bypassing TypeScript type checking., It is used
to
temporarily cast a variable when type is unknown., Useful during
migration
or working with dynamic data.
Purpose of async pipe
+
async pipe automatically subscribes to Observable or Promise., It
updates
the template with emitted values., Handles subscription and
unsubscription
automatically.
Purpose of CommonModule?
+
CommonModule provides common directives like ngIf and ngFor., It is
imported
in feature modules to use standard Angular directives., Helps avoid
reimplementing basic functionality.
Purpose of custom id
+
Assigns a unique identifier to a translatable string., Helps
maintain
consistent translations across builds.
Purpose of differential loading in CLI
+
Generates two bundles: modern ES2015+ for new browsers, ES5 for old
browsers., Reduces payload for modern browsers., Improves
performance and
load time.
Purpose of FormBuilder
+
Simplifies creation of FormGroup, FormControl, and FormArray.,
Reduces
boilerplate code for reactive forms.
Purpose of hidden property
+
[hidden] toggles visibility of an element using CSS display: none.,
Unlike
ngIf, it does not remove the element from the DOM.
Purpose of i18n attribute
+
Marks an element or text for translation., Angular extracts these
for
generating translation files.
Purpose of innerHTML
+
innerHTML sets or gets the HTML content of an element., Used for
dynamic
HTML rendering in the DOM.
Purpose of metadata JSON files
+
Store compiled metadata about components, directives, and modules.,
Used by
AOT compiler for dependency injection and code generation.
Purpose of ngFor trackBy
+
trackBy improves performance by tracking items using unique
identifier.,
Prevents unnecessary DOM re-rendering when lists change.
Purpose of ngSwitch directive
+
ngSwitch conditionally displays elements based on expression value.,
ngSwitchCase and ngSwitchDefault define cases and default view.
Purpose of Wildcard route
+
Wildcard route (**) catches all undefined routes., Typically used
for 404
pages., Example: { path: '**', component: PageNotFoundComponent }.
Reactive forms
+
Form model is defined in component class using FormControl,
FormGroup.,
Provides predictable, programmatic control and validators.
Reason for No provider for HTTP exception
+
Occurs when HttpClientModule is not imported in AppModule., Add
HttpClientModule to imports to resolve dependency injection errors.
Reason to deprecate Web Tracing Framework
+
It was browser-dependent and complex., Angular adopted modern
debugging
tools and console-based tracing., Simplifies performance monitoring
and
reduces maintenance.
Reason to deprecate web worker packages
+
Native Web Worker APIs became standardized., Angular moved to
simpler,
built-in worker support., External packages were redundant and
increased
bundle size.
Recommendation for provider scope
+
Provide services in root for singleton usage., Avoid multiple
registrations
in lazy-loaded modules unless necessary., Use feature module
providers for
module-scoped instances.
ReplaySubject in Angular?
+
ReplaySubject emits a specified number of previous values to new
subscribers.
Report missing translations
+
Angular logs missing translations in console during compilation.,
Use tools
or custom loaders to handle untranslated keys.
Reset the form
+
Use form.reset() to reset values and validation state., Optionally,
pass
default values: form.reset({ name: 'John' }).
Restrict provider scope to a module
+
Declare the provider in the providers array of the module., Avoid
providedIn: 'root' in @Injectable()., This creates a module-specific
instance.
Restrictions of metadata
+
Cannot use dynamic expressions in decorators., Arrow functions or
complex
expressions are not allowed., Only static, serializable values are
permitted.
Restrictions on declarable classes
+
Declarables cannot be services or modules., They must be declared in
exactly
one NgModule., Cannot be imported multiple times across modules.
Role of ngModule metadata in compilation
process
+
Defines components, directives, pipes, and services., Helps compiler
resolve
dependencies and build module graph.
Role of template compiler for XSS prevention
+
The compiler escapes unsafe content during template rendering.,
Ensures
dynamic content does not execute scripts., Acts as a first-line
defense
against XSS.
Root module in Angular?
+
The AppModule is the root module bootstrapped to launch the
application.
Route Parameters?
+
Data passed through URLs to routes., Path parameters: /user/:id,
Query
parameters: /user?id=1, Fragment: #section1, Matrix parameters:
/user;id=1
Routed entry component?
+
Component loaded via router dynamically, not referenced in
template., Needs
to be known to Angular compiler to generate factory.
Router events?
+
Router events are lifecycle events during navigation., Examples:
NavigationStart, RoutesRecognized, NavigationEnd, NavigationError.,
You can
subscribe to Router.events for tracking navigation.
Router imports?
+
To use routing, import:, RouterModule, Routes from @angular/router,
Then
configure routes using RouterModule.forRoot(routes) or
forChild(routes).
Router links?
+
[routerLink] is used for navigation without page reload., Example:
Home, It
generates URLs based on route configuration.
Router outlet?
+
is a placeholder where routed components are displayed., The router
dynamically injects the matched component here., Only one per view
or
multiple for nested routes.
Router state?
+
Router state represents the current tree of activated routes.,
Provides
access to route parameters, query parameters, and data., Useful for
inspecting the current route in the app.
Router state?
+
Router state represents current route information., Contains URL,
params,
queryParams, and component data., Accessible via Router or
ActivatedRoute
service.
RouterModule in Angular?
+
RouterModule provides services and directives for configuring
routing.
Routing in Angular?
+
Routing enables navigation between different views in a single-page
application.
Rule in Schematics?
+
A rule defines transformations on a project tree., It decides how
files are
created, modified, or deleted., Rules are building blocks of
schematics.
Run Bazel directly?
+
Use Bazel CLI commands: bazel build //src:app or bazel test
//src:app., It
executes targets defined in BUILD files., Helps in running
incremental
builds independently of Angular CLI.
RxJS in Angular?
+
RxJS is a reactive programming library for handling asynchronous
data
streams using Observables.
RxJS in Angular?
+
RxJS is a library for reactive programming., Used with observables
to handle
async data, events, and streams., Provides operators like map,
filter, and
debounceTime.
RxJS Subject in Angular?
+
Subject is an observable that multicasts values to multiple
observers., It
can act as both an observer and observable., Used for communication
between
components or services.
RxJS?
+
RxJS (Reactive Extensions for JavaScript) is a library for reactive
programming., Provides observables, operators, and subjects., Used
for async
tasks and event handling in Angular.
safe navigation operator?
+
?. operator prevents null or undefined errors in templates.,
Example:
user?.name returns undefined if user is null.
Sanitization? Does Angular support it?
+
Sanitization cleans untrusted input to prevent code injection.,
Angular
provides built-in DomSanitizer for HTML, styles, URLs, and scripts.
Schematic?
+
Schematics are code generators for Angular projects., They automate
creation
of components, services, modules, or custom templates., Used with
Angular
CLI.
Schematics CLI?
+
Command-line tool to run, test, and create schematics., Example:
schematics
blank --name=my-schematic., Helps automate repetitive tasks in
Angular
projects.
Scope hierarchy in Angular
+
Angular components have isolated scopes with hierarchical
injectors., Child
components inherit parent services via DI.
Scope in Angular
+
Scope is the binding context between controller and view., Used in
AngularJS; replaced by Component class properties in Angular.
Security principles in Angular
+
Follow XSS prevention, CSRF protection, input validation, and
sanitization.,
Avoid direct DOM manipulation and unsafe URL usage., Use Angular
built-in
sanitizers and HttpClient.
Select an element in component template?
+
Use template reference variables or @ViewChild() decorator.,
Example:
@ViewChild('myDiv') myDivElement: ElementRef;., This allows
accessing DOM
elements or child components from the component class.
Select an element within a component template?
+
Use @ViewChild() or @ViewChildren() decorators., Example:
@ViewChild('myDiv') div: ElementRef;, Allows access to DOM elements
or child
components in TS code.
select ICU expression
+
Used for conditional translations based on variable values.,
Example:
gender-based messages: {gender, select, male {...} female {...}
other {...}}
Server-side XSS protection in Angular
+
Validate and sanitize inputs before sending to client., Use CSP
headers,
HTTPS, and server-side escaping., Combine with Angular client-side
protections.
Service in Angular?
+
Service is a class that provides shared functionality across
components.
Service Worker and its role in Angular?
+
Service Worker is a background script that intercepts network
requests., It
enables offline caching, push notifications, and performance
improvements.,
Angular supports Service Worker via @angular/pwa package.
Service?
+
Service is a class that holds business logic or shared data.,
Injected into
components using Dependency Injection., Promotes code reusability
across
components.
Services in Angular?
+
Reusable classes that hold business logic or shared data., Injected
into
components via DI., Helps separate UI and logic.
Set ngFor and ngIf on same element
+
Use :,
Share data between components in Angular?
+
Parent-to-child: @Input(), Child-to-parent: @Output() with
EventEmitter,
Service with BehaviorSubject or Subject for unrelated components
Share services using modules?
+
Yes, but use Core module or providedIn: 'root'., Avoid providing in
Shared
module to prevent multiple instances.
Shared module
+
A module containing reusable components, directives, pipes, and
services.,
Imported by other modules to reduce code duplication., Typically
does not
provide singleton services.
Shorthand notation for subscribe method
+
Instead of an observer object, use separate callbacks:,
observable.subscribe(val => console.log(val), err =>
console.log(err), () =>
console.log('complete'));
Single Page Applications (SPA)
+
SPA loads one HTML page and dynamically updates content., Routing is
handled
on the client side., Improves speed and reduces server load.
Slice pipe?
+
Slice pipe extracts a subset of array or string., Example: {{ items
|
slice:0:3 }} shows first 3 items., Useful for pagination or
previews.
Some features of Angular
+
Component-based architecture., Two-way data binding and dependency
injection., Directives, services, and RxJS support., Powerful CLI
for
project scaffolding.
SPA? (Single Page Application)
+
A SPA loads a single HTML page and dynamically updates content using
JavaScript without full page reloads. Unlike traditional websites
where each
action loads a new page, SPAs improve speed, user experience, and
reduce
server load.
Special configuration for Angular 9?
+
Angular 9 uses Ivy compiler by default., No additional configuration
is
needed for most apps.
Specify Angular template compiler options?
+
Template compiler options are specified in tsconfig.json or
angular.json.,
You can enable strict type checking, full template type checking,
and other
options., Example: "angularCompilerOptions": { "strictTemplates":
true }.,
It helps catch template errors at compile time.
Standalone component?
+
A component that does not require a module., Can be used
independently with
its own imports, providers, and declarations.
State CSS classes provided by ngModel
+
ng-valid, ng-invalid, ng-dirty, ng-pristine, ng-touched,
ng-untouched, Helps
style form validation states.
State function?
+
state() defines a named state for an animation., It specifies styles
associated with that state., Used in combination with transition()
to
animate between states.
Steps to use animation module
+
1. Install @angular/animations., 2. Import BrowserAnimationsModule
in the
root module., 3. Use trigger, state, style, animate, and transition
in
components., 4. Bind animations to templates using [ @triggerName ].
Steps to use declaration elements
+
1. Declare component, directive, or pipe in NgModule., 2. Export if
needed
for other modules., 3. Import module in consuming module., 4. Use
element in
template.
string interpolation and property binding.
+
String interpolation: {{ value }} inserts data into templates.,
Property
binding: [property]="value" binds data to element properties., Both
keep
view and data synchronized.
String interpolation in Angular?
+
Binding data from component to template using {{ value }}.,
Automatically
updates the DOM when the component value changes.
Style function?
+
style() defines CSS styles to apply in a particular state or
keyframe., Used
inside state(), transition(), or animate()., Example: style({
opacity: 0,
transform: 'translateX(-100%)' }).
Subject in Angular?
+
Subject is an Observable that allows multicasting to multiple
subscribers.
Subscribing?
+
Subscribing is listening to an observable., Example: .subscribe(data
=>
console.log(data));, Triggers execution and receives emitted values.
Template expressions?
+
Template expressions are evaluated inside interpolation or binding.,
Can
include properties, methods, operators., Cannot contain statements
like
loops or conditionals.
Template statements?
+
Template statements handle events like (click) or (change)., Invoke
component methods in response to user actions., Example: Click
Template?
+
Template is the HTML view of a component., It defines structure,
layout, and
binds data using Angular syntax., Can include directives, bindings,
and
pipes.
Template-driven forms
+
Forms defined directly in HTML template using ngModel., Less control
but
simpler for small forms.
Templates in Angular
+
Templates define the HTML view of a component., They can contain
Angular
directives, bindings, and expressions., Templates are combined with
component logic to render the UI.
Templates in Angular?
+
HTML with Angular directives, bindings, and components., Defines the
view
for a component.
Test Angular application using CLI?
+
Use ng test to run unit tests with Karma and Jasmine., Use ng e2e
for
end-to-end testing with Protractor or Cypress., CLI manages
configurations
and test runner setup automatically.
TestBed?
+
TestBed is Angular’s unit testing utility for configuring and
initializing
environment., It allows creating components, services, and modules
in
isolation., Used with Karma or Jasmine to run tests.
Three phases of AOT
+
1. Metadata analysis: Parse decorators and template metadata., 2.
Template
compilation: Convert templates to TypeScript code., 3. Code
generation: Emit
optimized JavaScript for the browser.
Transfer components to custom elements
+
Use createCustomElement(Component, { injector }), Register via
customElements.define('tag-name', element).
Transition function?
+
transition() defines how animations move between states., It
specifies
conditions, duration, and easing for the animation., Example:
transition('open => closed', animate('300ms ease-in')).
Translate an attribute
+
Add i18n-attribute to mark element attributes: Welcome,
Translate text without creating an element
+
Use i18n attribute on existing elements or directives., Angular
supports
inline translations for text content.
Transpiling in Angular?
+
Transpiling converts TypeScript or modern JavaScript into plain
JavaScript.,
This ensures compatibility with browsers., Angular uses the
TypeScript
compiler (tsc) for this process., It helps leverage ES6+ features
safely in
older browsers.
Trigger an animation
+
Use Angular Animation API: trigger, state, transition, animate.,
Call
animation in template with [@animationName]., Can also trigger via
component
methods.
Two-way binding in Angular?
+
Two-way binding synchronizes data between component and template
using
[(ngModel)].
Two-way data binding
+
Updates component model when view changes and vice versa.,
Implemented using
[(ngModel)]., Simplifies form handling.
Type narrowing?
+
Type narrowing is the process of refining a variable’s type.,
TypeScript
uses control flow analysis like if, typeof, or instanceof., Example:
if
(typeof x === "string") { x.toUpperCase(); }
Types of data binding in Angular?
+
Interpolation, Property Binding, Event Binding, Two-way Binding
([(ngModel)]).
Types of directives in Angular?
+
Components, Structural Directives (e.g., *ngIf, *ngFor), and
Attribute
Directives (e.g., ngClass, ngStyle).
Types of feature modules
+
Eager-loaded modules: Loaded at app startup., Lazy-loaded modules:
Loaded on
demand via routing., Shared modules: Contain reusable components,
directives, pipes., Core module: Provides singleton services.
Types of filters in AngularJS.
+
Filters format data displayed in the UI. Common filters include:, ✓
currency
(formats currency), ✓ date (formats date), ✓ filter (filters
arrays), ✓
uppercase/lowercase, ✓ orderBy (sorts collections),
Types of injector hierarchies
+
Root injector, Module-level injector, Component-level injector,
Child
injectors inherit from parent injector.
Types of validator functions
+
Synchronous validators (Validators.required, Validators.minLength),
Asynchronous validators (HTTP-based or custom async checks)
Type-safe TestBed API changes in Angular 9
+
TestBed APIs now return strongly typed component and fixture
instances.,
Improves type checking in unit tests.
TypeScript class with constructor and function
+
class Person {, constructor(public name: string) {}, greet() {
console.log(`Hello ${this.name}`); }, }, let p = new
Person("John");,
p.greet();
TypeScript?
+
TypeScript is a superset of JavaScript that adds static typing., It
compiles
down to plain JavaScript for browser compatibility., Provides
features like
classes, interfaces, and type checking., Used extensively in Angular
for
better maintainability and scalability.
Update specific properties of a form model
+
Use patchValue() for partial updates., setValue() requires all
properties to
be updated., Example: form.patchValue({ name: 'John' }).
Upgrade Angular version?
+
Use ng update @angular/core @angular/cli., Follow migration guides
for
breaking changes., CLI updates dependencies, TypeScript, and
configuration
automatically.
Upgrade location service of AngularJS?
+
Migrate $location service to Angular’s Router module., Update code
to use
Router.navigate() or ActivatedRoute., Ensures smooth URL and state
management in Angular.
Use any JavaScript feature in expression
syntax
for AOT?
+
No, only static and serializable expressions are allowed., Dynamic
or
runtime JavaScript features are rejected.
Use AOT compilation with Ivy?
+
Yes, Ivy fully supports AOT (Ahead-of-Time) compilation., It
improves
startup performance and catches template errors at compile time.
Use arrow functions in AOT?
+
No, arrow functions are not allowed in decorators or metadata., AOT
requires
static, serializable expressions.
Use Bazel with Angular CLI?
+
Install Bazel schematics: ng add @angular/bazel., Build or test
projects
using Bazel commands: ng build --bazel., It replaces default Webpack
builder
for performance optimization.
Use HttpClient with an example
+
Inject HttpClient in a service:, this.http.get
('api/users').subscribe(data
=> console.log(data));, Use .get, .post, .put, .delete for REST
calls.,
Returns observable streams.
Use interceptor for entire application
+
Provide it in AppModule providers:, providers: [{ provide:
HTTP_INTERCEPTORS, useClass: MyInterceptor, multi: true }], Ensures
all HTTP
requests pass through it.
Use jQuery in Angular?
+
Install jQuery via npm: npm install jquery., Import it in
angular.json
scripts or component: import * as $ from 'jquery';., Use carefully;
prefer
Angular templates over direct DOM manipulation.
Use polyfills in Angular application?
+
Modify polyfills.ts file to enable browser compatibility., Includes
support
for older browsers (IE, Edge)., Polyfills ensure Angular features
work
across different platforms.
Use SASS in Angular project?
+
Set --style=scss when creating project: ng new app --style=scss., Or
change
file extensions to .scss and configure angular.json., Angular CLI
automatically compiles SASS to CSS.
Utility functions provided by RxJS
+
Functions like of, from, interval, timer, throwError, and
fromEvent., Used
to create or manipulate observables.
Various kinds of directives
+
Structural: *ngIf, *ngFor - modify DOM structure, Attribute:
[ngStyle],
[ngClass] - change element behavior/appearance, Custom directives:
User-defined behaviors
Various security contexts in Angular
+
HTML (content in templates), Style (CSS binding), Script (JavaScript
context), URL (resource links), Resource URL (external resources)
Verify model changes in forms
+
Subscribe to valueChanges or statusChanges on form or controls.,
Example:
form.valueChanges.subscribe(val => console.log(val)).
view encapsulation in Angular?
+
Controls CSS scope in components., Types: Emulated (default), None,
Shadow
DOM., Prevents styles from leaking or being overridden.
ViewEncapsulation? Types?
+
ViewEncapsulation controls styling scope in Angular components., It
has
three modes:, · Emulated (default, scoped styles), · None (global
styles), ·
ShadowDom (real Shadow DOM isolation)
Ways to control AOT compilation
+
Enable/disable in angular.json using "aot": true/false., Use CLI
commands:
ng build --aot., Manage template metadata and decorators carefully.
Ways to remove duplicate service registration
+
Provide service only in root., Avoid lazy-loaded module providers
for shared
services., Use forRoot pattern for modules with services.
Ways to trigger change detection in Angular
+
User events (click, input) automatically trigger detection.,
ChangeDetectorRef.detectChanges() manually triggers detection.,
NgZone.run()
executes code inside Angular zone., Async operations via Observables
or
Promises also trigger it.
Workspace APIs?
+
Workspace APIs allow managing Angular projects programmatically.,
Used for
creating, modifying, or generating projects and configurations.,
Part of
Angular DevKit (@angular-devkit/core).
Zone context
+
The environment that monitors async operations., Angular uses it to
know
when to run change detection.
Zone?
+
Zone.js is a library used by Angular to detect asynchronous
operations., It
helps Angular trigger change detection automatically., All async
tasks like
setTimeout, promises, and HTTP requests are tracked.
:host property in CSS
+
:host targets the component’s root element from within its CSS.,
Allows
styling the host without affecting other components.
Activated route?
+
ActivatedRoute provides info about the current route., Access route
params,
query params, fragments, and data., Injected into components via
constructor.
Active router links?
+
Active links are highlighted when the route matches the current
URL., Use
routerLinkActive directive:, Home, This helps in UI feedback for
navigation.
Add web workers in your application?
+
Use Angular CLI: ng generate web-worker ., Update angular.json and
enable
TypeScript worker configuration., Offloads heavy computation to
background
threads for performance.
Advantages and disadvantages of Angular
+
Advantages: Component-based, TypeScript, SPA support, tooling.,
Disadvantages: Steep learning curve, larger bundle size, complex for
small
apps.
Advantages of Angular over other frameworks
+
Two-way data binding reduces boilerplate code., Dependency injection
improves modularity., Rich ecosystem, TypeScript support, and
reusable
components.
Advantages of Angular over other frameworks
+
Strong TypeScript support., Declarative templates with data
binding., Rich
ecosystem and official libraries (Material, Forms, RxJS)., Modular,
testable, and maintainable code.
Advantages of Angular over React
+
Angular is a full-fledged framework, React is a library., Built-in
support
for forms, routing, and HTTP., Strong TypeScript integration for
better type
safety.
Advantages of Angular?
+
Two-way data binding, modularity, dependency injection, TypeScript
support,
and powerful CLI.
Advantages of AOT
+
Faster app startup., Smaller bundle size., Detects template errors
at build
time., Better security by compiling templates ahead of time.
Advantages of Bazel tool
+
Faster builds with caching, Parallel execution, Language-agnostic
support,
Scales well for monorepos
Angular Animation?
+
Angular Animation allows creating smooth UI animations in
components., Built
on Web Animations API with @angular/animations., Supports
transitions,
keyframes, triggers, and states for dynamic effects.
Angular application work?
+
Angular apps run in the browser., Templates define UI, components
handle
logic, and services manage data., Data binding updates the view
dynamically
when the model changes.
Angular Architecture Diagram
+
Angular architecture includes:, Modules (NgModule), Components (UI +
logic),
Templates (HTML), Directives (behavior), Services (business logic),
Dependency Injection and Routing
Angular Authentication and Authorization
+
Authentication: Verify user identity (login, JWT)., Authorization:
Control
access to resources/routes based on roles., Implemented using
guards,
tokens, and HttpInterceptors.
Angular CLI Builder?
+
Angular CLI Builder is a customizable build pipeline tool., It
allows
modifying build, serve, and test processes., Used to extend or
replace
default Angular CLI behavior.
Angular CLI?
+
Angular CLI is a command-line tool to scaffold, build, and maintain
Angular
applications.
Angular CLI?
+
Angular CLI is a command-line tool for Angular projects., Used to
generate
components, modules, services, and run builds., Simplifies
scaffolding and
deployment tasks.
Angular compiler?
+
Transforms Angular TypeScript and templates into JavaScript.,
Includes AOT
and JIT compilers., Generates code for change detection and view
rendering.
Angular DSL?
+
DSL (Domain-Specific Language) in Angular refers to template
syntax., It
allows declarative UI using HTML with Angular directives., Includes
*ngIf,
*ngFor, interpolation, and bindings.
Angular Elements
+
Angular Components packaged as custom HTML elements., Can be used
outside
Angular apps., Supports inputs, outputs, and encapsulation.
Angular expressions vs JavaScript expressions
+
Angular expressions are evaluated in the scope context and are
safe., No
loops, conditionals, or global access., JS expressions can access
any
variable or perform complex operations.
Angular finds components, directives, and
pipes
+
Compiler scans NgModule declarations., Generates factories and
resolves
templates and dependencies.
Angular Framework?
+
Angular is a TypeScript-based front-end framework for building
dynamic
single-page applications (SPAs)., It provides features like
components, data
binding, dependency injection, and routing., Maintains a modular
architecture and encourages reusable code., It supports both
client-side
rendering and progressive web apps.
Angular introduced as a client-side framework?
+
To create dynamic SPAs with fast user interactions., Reduces server
load by
rendering templates on the client., Provides data binding,
modularity, and
reusable components.
Angular Ivy?
+
Ivy is the new rendering engine in Angular., It improves build size,
speed,
and runtime performance., Supports AOT compilation, better
debugging, and
improved type checking.
Angular Language Service?
+
Provides editor support like autocomplete, type checking, and error
detection for Angular templates., Helps developers write Angular
code faster
and with fewer mistakes.
Angular library
+
Reusable module/package with components, directives, services., Can
be
published and shared via npm.
Angular Material mean?
+
Angular Material is a UI component library implementing Google’s
Material
Design., Provides pre-built components like buttons, tables, forms,
and
dialogs., Enhances UI consistency and responsiveness.
Angular Material?
+
A UI component library for Angular apps., Provides pre-built,
responsive,
and accessible components., Includes buttons, forms, tables,
navigation, and
themes.
Angular Material?
+
Official UI component library for Angular., Provides modern,
accessible, and
responsive UI components.
Angular render on server-side?
+
Yes, using Angular Universal., Enables SSR for SEO and faster
initial load.
Angular Router?
+
Angular Router allows navigation between views/components., It maps
URLs to
components., Supports nested routes, lazy loading, and route
guards.,
Enables single-page application (SPA) behavior.
Angular security model for preventing XSS
attacks
+
Angular automatically escapes interpolated content., Sanitizes URLs,
HTML,
and styles in templates., Prevents injection attacks on the DOM.
Angular Signals with an example
+
import { signal } from '@angular/core';, const count = signal(0);,
count.set(5); // Updates reactive value, count.subscribe(val =>
console.log(val));, When count changes, subscribed components update
automatically.
Angular Signals?
+
Signals are reactive primitives to track state changes., They allow
automatic UI updates when values change.
Angular simplifies Internationalization (i18n)
+
Provides built-in i18n support, translation files, and pipes.,
Supports
pluralization, locale formatting, and dynamic translations., CLI
helps
extract and compile translations.
Angular Universal?
+
Angular Universal enables server-side rendering for SEO and faster
load
times.
Angular Universal?
+
Angular Universal enables server-side rendering (SSR) of Angular
apps.,
Improves SEO and performance., Pre-renders HTML on the server before
sending
to client.
Angular uses client-side rendering by default
+
True. Angular renders templates in the browser using JavaScript.,
Server-side rendering (Angular Universal) is optional.
Angular?
+
Angular is a platform and framework for building single-page client
applications using HTML and TypeScript.
Angular?
+
Angular is a TypeScript-based front-end framework., Used to build
single-page applications (SPAs)., Supports components, modules,
services,
and reactive programming.
Annotations in Angular
+
Older term for decorators in AngularJS., Used to attach metadata to
classes
or functions., Helps framework know how to process the component.
AOT Compilation and advantages
+
Compiles templates during build time., Catches template errors
early,
reduces bundle size, improves performance.
AOT compilation? Advantages?
+
AOT (Ahead-of-Time) compiles Angular templates during build time.,
Advantages: Faster rendering, smaller bundle size, early error
detection,
and better security.
AOT compiler
+
Ahead-of-Time compiler compiles templates during build, not
runtime.,
Reduces bundle size, improves performance, and catches template
errors
early.
AOT?
+
AOT compiles Angular templates during build., Generates optimized
JavaScript
before the app loads., Improves performance and reduces runtime
errors.
Applications of HTTP interceptors
+
Add authentication tokens, logging, error handling, caching., Modify
request/response globally., Handle API versioning or header
manipulation.
Are all components generated in production
build?
+
Only components referenced or reachable from templates and routes
are
included., Unused components are tree-shaken.
Are multiple interceptors supported in
Angular?
+
Yes, interceptors are executed in the order provided., Each can pass
control
to the next using next.handle().
AsyncPipe in Angular?
+
AsyncPipe subscribes to Observables/Promises in templates and
handles
unsubscription automatically.
Bazel tool?
+
Bazel is a build and test tool developed by Google., It handles
large-scale
projects efficiently., Supports incremental builds and caching.
BehaviorSubject in Angular?
+
BehaviorSubject stores current value and emits it to new
subscribers.
Benefit of Automatic Inlining of Fonts
+
Embeds fonts directly into CSS to reduce network requests., Improves
page
load speed and performance., Enhances First Contentful Paint (FCP)
metrics.
Best practices for security in Angular
+
Use sanitization, HttpClient, and Angular templates safely., Avoid
innerHTML
for untrusted content., Enable Content Security Policy (CSP) and
HTTPS.
Bootstrapped component?
+
Root component loaded by Angular to start the application., Declared
in
bootstrap array of AppModule.
Bootstrapping module?
+
The bootstrapping module initializes the Angular application., It is
usually
the root module (AppModule) loaded by main.ts., It sets up the root
component and starts the application., It imports other modules
required for
app startup.
Bootstrapping module?
+
It is the root Angular module that launches the application.,
Defined with
@NgModule and bootstrap array., Typically called AppModule.
Browser support for Angular
+
Supports latest Chrome, Firefox, Edge, Safari., IE11 support is
deprecated
in recent Angular versions., Modern Angular relies on evergreen
browsers for
features.
Browser support of Angular Elements
+
Supported in all modern browsers (Chrome, Firefox, Edge, Safari).,
Polyfills
may be needed for IE11.
Builder?
+
A Builder is a class or script that executes a specific task in
Angular
CLI., It can run builds, tests, linting, or deploy tasks., Provides
flexibility to customize CLI workflows.
Building blocks of Angular?
+
Angular is built using several key components: Components (UI
control),
Modules (grouping functionality), Templates (HTML with Angular
bindings),
Services (business logic), and Dependency Injection. These work
together to
build scalable single-page applications.
Can you read full response?
+
Use { observe: 'response' } with HttpClient:,
this.http.get('api/users', {
observe: 'response' }).subscribe(resp => console.log(resp.status,
resp.body));, It returns headers, status, and body.
Case types in Angular?
+
Angular uses naming conventions:, camelCase for variables and
functions,
PascalCase for classes and components, kebab-case for selectors and
filenames, This ensures consistency and readability.
Categorize data binding types?
+
One-way binding: Interpolation, property, event, Two-way binding:
[(ngModel)], Enables dynamic updates between component and view.
Chain pipes?
+
Multiple pipes can be applied sequentially using |., Example: {{
name |
uppercase | slice:0:5 }}, Output is passed from one pipe to the
next.
Change Detection and how does it work?
+
Change Detection tracks updates in component data and updates the
view.,
Angular checks the component tree for changes automatically., It
works via
Zones and triggers re-rendering when a model changes., Helps keep UI
and
data synchronized.
Change detection in Angular?
+
Change detection tracks changes in application state and updates the
DOM
accordingly.
Change settings of zone.js
+
Configure zone.js flags before import in polyfills:, (window as
any).__Zone_disable_X = true;, Controls patching of timers, events,
or async
operations.
Choose an element from a component template?
+
Use ViewChild or ViewChildren decorators., Example:
@ViewChild('myElement')
element: ElementRef;, Access DOM elements directly in component
class.
Class decorators in Angular?
+
Class decorators attach metadata to a class., Common ones:
@Component,
@Directive, @Injectable, @NgModule., They define how the class
behaves in
Angular’s DI and rendering system.
Class decorators?
+
Class decorators define metadata for classes., Example:
@Injectable() marks
a class for dependency injection.
Class field decorators?
+
Class field decorators annotate properties of a class., Examples:
@Input(),
@Output(), @ViewChild()., They help Angular bind data, access DOM,
or
communicate between components.
Classes that should not be added to
declarations
+
Services, Modules, Non-Angular classes, Declarations should include
components, directives, and pipes only.
Client-side frameworks like Angular were
introduced?
+
To create dynamic, responsive web apps without reloading pages.,
They handle
data binding, DOM manipulation, and routing on the client side.,
Improves
performance and user experience.
Code for creating a decorator.
+
A basic Angular decorator example:, function Log(target, key) {,
console.log(`Property ${key} was accessed`);, }, Decorators enhance
or
modify class behavior during runtime.
Codelyzer?
+
Codelyzer is a static analysis tool for Angular projects., It checks
for
coding style, best practices, and template errors., Used with TSLint
for
linting Angular apps.
Collection?
+
In Angular, a collection is a group of objects like arrays, sets, or
maps.,
Used to store and iterate over data in templates using ngFor.
Compare service() and factory() functions.
+
service() returns an instantiated singleton object and is created
using a
constructor function. factory() allows returning a custom object,
function,
or primitive and provides more flexibility. Both are used for
sharing
reusable logic across components.
Compilation process?
+
Transforms Angular templates and metadata into efficient
JavaScript.,
Ensures type safety and detects template errors., Optimizes the app
for
performance.
Component Decorator?
+
@Component defines a class as an Angular component., Specifies
metadata like
selector, template, and styles., Registers the component with
Angular’s
module system.
Component Test Harnesses?
+
A test API for Angular Material components., Allows interacting with
components in tests without relying on DOM selectors., Provides a
clean and
maintainable way to write unit tests.
Components in Angular?
+
Components are building blocks of Angular applications that control
a part
of the UI.
Components, Modules, and Services in Angular
+
Component: UI + logic., Module: Groups components, directives, and
services., Service: Provides reusable business logic, injected via
dependency injection.
Components?
+
Components are building blocks of Angular apps., They contain
template,
class (logic), and metadata., Responsible for rendering views and
handling
user interaction.
Concept of Dependency Injection (DI).
+
DI provides class dependencies automatically via Angular’s
injector.,
Reduces manual instantiation and promotes testability., Example:
Injecting a
service into a component constructor.
Configure injectors with providers at
different
levels
+
Root injector: App-wide singleton (providedIn: 'root')., Module
injector:
Module-specific., Component injector: Scoped to component and
children.
Content projection?
+
Mechanism to pass content from parent to child component., Allows
child
components to display dynamic content from parent templates.
Create a standalone component manually
+
Set standalone: true in the component decorator:, @Component({,
selector:
'app-my-component',, standalone: true,, templateUrl:
'./my-component.html',
}), export class MyComponent {}
Create a standalone component using CLI
+
Run: ng generate component my-component --standalone., Generates a
component
without declaring it in a module.
Create an app shell in Angular?
+
Use Angular CLI command: ng add @angular/pwa to enable PWA
features., Then
run ng generate app-shell --client-project ., It generates
server-side
rendered shell for faster initial load., App shell improves
performance and
perceived loading speed.
Create directives using CLI
+
Run:, ng generate directive myDirective, Generates directive file
with
@Directive decorator ready to use.
Create displayBlock components
+
Use display: block in component CSS or
Create schematics for libraries?
+
Use Angular CLI command: ng generate schematic , Define rules to
create
components or modules in the library., Automates repetitive tasks in
library
development.
Custom elements
+
Custom elements are browser-native HTML elements defined by
developers.,
They encapsulate functionality and can be reused like standard tags.
Custom elements work internally
+
Angular wraps a component in custom element class., Manages
inputs/outputs,
change detection, and lifecycle hooks., Element behaves like a
standard HTML
tag.
Custom pipe?
+
Custom pipe is a user-defined pipe to transform data., Created using
@Pipe
decorator and implementing PipeTransform., Useful for app-specific
formatting or logic.
Data binding in Angular
+
Synchronizes data between component and template., Can be one-way or
two-way., Reduces manual DOM manipulation.
Data binding in Angular?
+
Data binding synchronizes data between the component class and
template.
Data binding?
+
Data binding connects component class with template/view., Types
include
one-way (interpolation, property, event) and two-way binding.,
Enables
dynamic UI updates.
Data Binding? In how many ways can it be
executed?
+
Data binding connects data between the component and the UI. Angular
supports four main types: Interpolation ({{ }}), Property Binding ([
]),
Event Binding (( )), and Two-way Binding ([( )]) using ngModel.
Deal with errors in observables?
+
Use the catchError operator in RxJS., Handle errors inside subscribe
via
error callback., Example:, observable.pipe(catchError(err =>
of([]))).subscribe(...)
Declarable in Angular?
+
Declarable refers to classes that can be declared in an NgModule.,
Includes
Components, Directives, and Pipes., They define UI behavior or
transformations in templates.
Decorator in Angular?
+
Decorator is a function that adds metadata to classes, e.g.,
@Component,
@Injectable.
Decorators in Angular
+
Decorators provide metadata to classes, methods, or properties.,
Types:
@Component, @Injectable, @Directive, @Pipe., They enable Angular
features
like dependency injection and templates.
Define routes?
+
Routes are defined using a Routes array:, const routes: Routes = [,
{ path:
'home', component: HomeComponent },, { path: 'about', component:
AboutComponent }, ];, Configured via RouterModule.forRoot(routes).
Define the ng-content Directive
+
Allows content projection into a child component., Acts as a
placeholder for
parent-provided HTML content.
Define typings for custom elements
+
Create a .d.ts file declaring:, interface HTMLElementTagNameMap {
'my-element': MyComponentElement; }, Ensures TypeScript type
checking.
Dependency Hierarchy formed?
+
Angular forms a tree hierarchy of injectors., Root injector provides
global
services., Child components can have component-level injectors.,
Services
are resolved from closest injector upwards.
Dependency Injection
+
DI is a design pattern to inject dependencies into
components/services.,
Promotes loose coupling and testability., Angular has a built-in DI
system.
Dependency injection in Angular?
+
DI is a design pattern where a class receives its dependencies from
an
external source rather than creating them.
Dependency injection in Angular?
+
Dependency Injection (DI) provides services or objects to components
automatically., Avoids manual creation of service instances.,
Promotes
modularity and testability.
Dependency injection tree in Angular?
+
Hierarchy of injectors controlling service scope and lifetime.
Describe the MVVM architecture
+
Model-View-ViewModel separates data, UI, and logic., Angular
components act
as ViewModel, templates as View, services/models as Model.
Describe various dependencies in Angular
application?
+
Dependencies are described using constructor injection in services
or
components., Decorators like @Injectable() and @Inject() define
provider
rules., Angular’s DI system manages the lifecycle and resolution of
dependencies.
Design goals of Service Workers
+
Offline-first experience, Background sync and push notifications,
Improved
performance and caching strategies, Enhancing reliability and
responsiveness
Detect route change in Angular?
+
Subscribe to Router events:, this.router.events.subscribe(event => {
/*
handle NavigationEnd */ });, You can use ActivatedRoute to detect
parameter
changes., Useful for executing logic on route transitions.
DI token?
+
DI token is a key used to inject a dependency in Angular’s DI
system., Can
be a type, string, or InjectionToken., Helps Angular locate and
provide the
correct service or value.
DifBet ActivatedRoute and Router?
+
ActivatedRoute provides info about current route; Router is used to
navigate
programmatically.
DifBet Angular Elements and Angular
Components?
+
Angular Elements are Angular components packaged as custom elements
to use
in non-Angular apps.
DifBet Angular Material and Bootstrap?
+
Angular Material provides Angular components with Material Design;
Bootstrap
is CSS framework.
DifBet Angular service and singleton service?
+
Service is reusable class; singleton ensures a single instance
application-wide using providedIn: 'root'.
DifBet Angular Service Worker and Service
Worker
API?
+
Angular Service Worker integrates with Angular for PWA features;
Service
Worker API is native browser API.
DifBet AngularJS and Angular?
+
AngularJS is based on JavaScript (v1.x); Angular (v2+) is based on
TypeScript and component-based architecture.
DifBet CanActivate and CanDeactivate guards?
+
CanActivate controls route access; CanDeactivate controls leaving a
route.
DifBet catchError and retry operators in RxJS?
+
catchError handles errors; retry retries failed requests a specified
number
of times.
DifBet Content Projection and ViewChild?
+
Content Projection inserts external content into component;
ViewChild
accesses component's template elements.
DifBet debounceTime() and throttleTime()?
+
debounceTime waits until silence; throttleTime emits at most once in
time
interval.
DifBet declarations and imports in NgModule?
+
Declarations define components, directives, pipes within module;
imports
bring in other modules.
DifBet eagerly loaded and lazy loaded modules?
+
Eager modules load at app startup; lazy modules load on demand.
DifBet FormControl, FormGroup, and FormArray?
+
FormControl represents a single input; FormGroup groups controls;
FormArray
is a dynamic array of controls.
DifBet forwardRef and Injector in Angular?
+
forwardRef allows referencing classes before declaration; Injector
provides
DI manually.
DifBet HttpClientModule and HttpModule?
+
HttpModule is deprecated; HttpClientModule is modern and supports
typed
responses and interceptors.
DifBet map() and switchMap()?
+
map transforms values; switchMap cancels previous inner observable
and
switches to new observable.
DifBet NgFor and NgForOf?
+
NgFor is the structural directive; NgForOf is the underlying
implementation
for iterables.
DifBet ngIf else and ngSwitch?
+
ngIf else conditionally renders templates; ngSwitch selects among
multiple
templates.
DifBet ngOnChanges and ngDoCheck?
+
ngOnChanges is triggered by input property changes; ngDoCheck is
called on
every change detection cycle.
DifBet ng-template and ng-container?
+
ng-template defines reusable template; ng-container is a logical
container
that doesn't render in DOM.
DifBet NgZone and ChangeDetectorRef?
+
NgZone manages async operations and triggers change detection;
ChangeDetectorRef manually triggers change detection.
DifBet OnPush and Default change detection
strategy?
+
Default checks all components every cycle; OnPush checks only when
input
reference changes.
DifBet OnPush and Default change detection?
+
OnPush runs only when inputs change; Default runs on every change
detection
cycle.
DifBet Promise and Observable in Angular?
+
Promise handles single async value; Observable handles multiple
values over
time with operators.
DifBet providedIn: 'root' and providedIn:
'any'?
+
'root' provides singleton service globally; 'any' provides separate
instances for lazy-loaded modules.
DifBet providers and imports in NgModule?
+
Providers register services with DI; imports bring in other modules.
DifBet pure and impure pipes?
+
Pure pipes are executed only when input changes; impure pipes run on
every
change detection cycle.
DifBet PurePipe and ImpurePipe?
+
PurePipe executes only when input changes; ImpurePipe executes every
change
detection.
DifBet Renderer and Renderer2?
+
Renderer2 is the updated, safer API for DOM manipulation in Angular
4+.
DifBet Renderer2 and ElementRef?
+
Renderer2 provides safe DOM manipulation; ElementRef directly
accesses
native element (less safe).
DifBet resolvers and guards?
+
Resolvers fetch data before route activation; guards determine
access.
DifBet routerLink and href?
+
routerLink navigates without page reload using Angular router; href
reloads
the page.
DifBet static and dynamic components?
+
Static components are declared in template; dynamic components are
created
programmatically using ComponentFactoryResolver.
DifBet structural and attribute directives?
+
Structural changes DOM layout; attribute changes element behavior or
style.
DifBet Subject and EventEmitter?
+
EventEmitter extends Subject and is used for @Output in components.
DifBet template-driven and reactive forms in
terms of validation?
+
Template-driven uses directives and template validation; Reactive
uses form
controls and programmatic validation.
DifBet template-driven and reactive forms?
+
Template-driven forms are simple and rely on directives; reactive
forms are
more powerful, programmatically created, and use FormBuilder.
DifBet templateRef and viewContainerRef?
+
TemplateRef represents embedded template; ViewContainerRef
represents
container to insert views.
DifBet ViewChild and ContentChild?
+
ViewChild references elements/components in template; ContentChild
references projected content.
DifBet ViewEncapsulation.None, Emulated, and
ShadowDom?
+
None: no encapsulation; Emulated: scoped styles; ShadowDom: uses
native
shadow DOM.
DifBet window.history and Angular Router?
+
window.history manipulates browser history; Angular Router manages
SPA
routes without full page reload.
DiffBet Angular and AngularJS
+
AngularJS (1.x) uses JavaScript and MVC., Angular (2+) uses
TypeScript,
components, and modules., Angular is faster, modular, and supports
Ivy
compiler.
DiffBet Angular and Backbone.js
+
Angular: MVVM, components, DI, two-way binding., Backbone.js:
Lightweight,
MVC, manual DOM manipulation., Angular offers more structured
development
and tooling.
DiffBet Angular and jQuery
+
Angular: Full SPA framework, two-way binding, MVVM., jQuery: DOM
manipulation library, no architecture.
DiffBet Angular expressions and JavaScript
expressions
+
Angular expressions are safe and auto-sanitized., Run within Angular
context
and cannot use loops or exceptions.
DiffBet AngularJS and Angular?
+
AngularJS is JavaScript-based and uses MVC architecture., Angular
(2+) is
TypeScript-based, faster, modular, and uses components., Angular
supports
mobile development and modern tooling., Angular has better
performance, AOT
compilation, and enhanced dependency injection.
DiffBet Annotation and Decorator
+
Annotation: Metadata in older frameworks., Decorator (Angular): Adds
metadata and behavior to classes, properties, or methods.
DiffBet Component and Directive
+
Component: Has template + logic, renders UI., Directive: No
template,
modifies DOM behavior., Component is a type of directive with a
view.
DiffBet constructor and ngOnInit
+
constructor: Instantiates the class, used for dependency injection.,
ngOnInit: Lifecycle hook, executes after inputs are initialized.,
Use
ngOnInit for initialization logic instead of constructor.
DiffBet interpolated content and innerHTML
+
Interpolation ({{ }}) is automatically sanitized by Angular.,
innerHTML can
bypass sanitization if used with untrusted content., Interpolation
is safer
for user-generated content.
DiffBet ngIf and hidden property
+
ngIf adds/removes element from DOM., [hidden] hides element but
keeps it in
DOM., Use ngIf for conditional rendering and hidden for styling.
DiffBet NgModule and JavaScript module
+
NgModule defines Angular metadata (components, directives,
services).,
JavaScript module only exports/imports variables or classes.
DiffBet promise and observable
+
Promise: Handles single async value; executes immediately.,
Observable: Can
emit multiple values over time; lazy execution., Observable supports
operators, cancellation, and chaining.
DiffBet pure and impure pipe
+
Pure Pipe: Executes only when input changes; optimized for
performance.,
Impure Pipe: Executes on every change detection; can handle complex
scenarios., Impure pipes can cause performance overhead.
Differences between AngularJS and Angular
+
AngularJS: JS-based, uses MVC, two-way binding., Angular:
TypeScript-based,
component-driven, improved performance., Angular has better mobile
support
and modular architecture.
Differences between AngularJS and Angular for
DI
+
AngularJS uses function-based injection with $inject., Angular uses
class-based injection with @Injectable() decorators., Angular DI
supports
hierarchical injectors and tree-shakable services.
Differences between reactive and
template-driven
forms
+
Reactive: Model-driven, synchronous, testable., Template-driven:
Template-driven, simpler, less scalable., Reactive supports dynamic
controls; template-driven does not.
Differences between various versions of
Angular
+
AngularJS (1.x) is JavaScript-based and uses MVC., Angular 2+ is
TypeScript-based, component-driven, modular, and faster., Later
versions
added Ivy compiler, CLI improvements, RxJS updates, and stricter
type
checking., Each version focuses on performance, security, and
tooling
enhancements.
Different types of compilation in Angular
+
JIT (Just-in-Time): Compiles in the browser at runtime., AOT
(Ahead-of-Time): Compiles at build time.
Different ways to group form controls
+
FormGroup: Groups multiple controls logically., FormArray: Groups
controls
dynamically as an array., Nested FormGroups for hierarchical
structures.
Digest cycle in AngularJS.
+
The digest cycle is the internal process where AngularJS checks for
model
changes and updates the view. It compares current and previous
values in
watchers and continues until all bindings stabilize. It runs
automatically
during events handled by Angular.
Directive in Angular?
+
Directive is a class that can modify DOM behavior or structure.
Directives in Angular
+
Directives are instructions for the DOM., Types: Attribute,
Structural
(*ngIf, *ngFor), and Custom directives., They modify the behavior or
appearance of elements.
Directives in Angular?
+
Instructions to manipulate DOM., Types: Structural (*ngIf, *ngFor)
and
Attribute ([ngClass], [ngStyle]).
Directives?
+
Directives are instructions in templates to manipulate DOM., Types:
Structural (*ngIf, *ngFor) and Attribute ([ngClass])., They modify
appearance, behavior, or layout of elements.
Do I need a Routing Module always?
+
Not strictly, but recommended for modularity., Helps separate route
configuration from main app module., Improves maintainability and
scalability.
Do I need to bootstrap custom elements?
+
No, Angular Elements are self-bootstrapped using
createCustomElement().
Do I still need entryComponents in Angular 9?
+
No, Ivy compiler handles dynamic and bootstrapped components
automatically.
Do you perform error handling?
+
Use RxJS catchError or pipe with tap:,
this.http.get('api').pipe(catchError(err => of([])));, Allows
graceful
fallback or logging.
Does Angular prevent HTTP-level
vulnerabilities?
+
Angular provides HttpClient with built-in CSRF/XSRF support.,
Prevents
common HTTP attacks if configured correctly., Additional server-side
measures may still be required.
Does Angular support dynamic imports?
+
Yes, using import() syntax for lazy-loaded modules., Enables code
splitting
and reduces initial bundle size., Works seamlessly with Angular CLI
and
Webpack.
DOM sanitizer?
+
Service that cleans untrusted content before rendering., Used for
HTML,
styles, URLs, and resource URLs., Prevents script execution in
Angular apps.
Dynamic components
+
Components created programmatically at runtime., Use
ComponentFactoryResolver or ViewContainerRef.createComponent(),
Useful for
modals, tabs, or runtime content.
Dynamic forms
+
Forms created programmatically at runtime., Useful when form
structure is
not known at compile-time., Built using FormBuilder or reactive
APIs.
Eager and Lazy loading?
+
Eager loading: Loads all modules at app startup., Lazy loading:
Loads
modules on demand, improving initial load time.
Editor support for Angular Language Service
+
Supported in VS Code, WebStorm, Sublime, and Atom., Provides
autocompletion,
quick info, error detection, and navigation in templates.
Enable binding expression validation?
+
Enable it via "strictTemplates": true in angularCompilerOptions., It
validates property and event bindings in templates., Prevents
runtime
template errors and improves type safety.
Entry component?
+
Component instantiated dynamically, not referenced in template.,
Used in
modals, dialogs, or dynamically created components.
EntryComponents array not necessary every
time?
+
Angular 9+ uses Ivy compiler, which automatically detects required
components., No manual entryComponents needed for dynamic
components.
Event binding in Angular?
+
Event binding binds events from DOM elements to component methods
using
(event) syntax.
Exactly is a parameterized pipe?
+
A pipe that accepts arguments to modify output., Example: {{
birthday |
date:'shortDate' }} where 'shortDate' is a parameter.
Exactly is the router state?
+
Router state is the current configuration and URL state of the
Angular
router., Includes active routes, parameters, query parameters, and
route
data.
Example of built-in validators
+
name: new FormControl('', [Validators.required,
Validators.minLength(3)]),
Applies required and minimum length validation.
Example of few metadata errors
+
Using arrow functions in decorators., Dynamic expressions in
@Input()
default values., Referencing non-static properties in metadata.
Examples of NgModules
+
BrowserModule, FormsModule, HttpClientModule, RouterModule
Feature modules?
+
NgModules created for specific functionality of an app., Helps in
lazy
loading, code organization, and reusability.
Features included in Ivy preview
+
Tree-shakable components, Faster compilation, Improved type checking
in
templates, Better build size optimization
Features of Angular 7
+
CLI prompts, virtual scrolling, drag & drop., Improved performance,
updated
RxJS 6.3., Better accessibility and dependency updates.
Features provided by Angular Language Service
+
Autocomplete for directives, components, and inputs, Error checking
in
templates, Quick info on variables and types, Navigation to
component and
template definitions
Find Angular CLI version
+
Run command: ng version or ng v in terminal., It shows Angular CLI,
framework, and Node versions.
Folding?
+
Folding is the process of resolving expressions at compile time.,
Helps AOT
replace constants and simplify templates.
forRoot helps avoid duplicate router instances
+
forRoot() ensures singleton services in shared modules., Lazy-loaded
modules
can use forChild() without duplicating router.
Four phases of template translation
+
1. Extraction - extract translatable strings., 2. Translation -
provide
translated text., 3. Merging - merge translations with templates.,
4.
Rendering - compile translated templates.
Generate a class in Angular 7 using CLI
+
Command: ng generate class my-class, Creates a TypeScript class file
in
project structure.
Get current direction for locales
+
Use Directionality service: dir.value returns 'ltr' or 'rtl'.,
Useful for
layout adjustments in RTL languages.
Get the current route?
+
Use Angular ActivatedRoute or Router service., Example:
this.route.snapshot.url or this.router.url., It provides access to
route
parameters, query params, and path info.
Give an example of attribute directives
+
Attribute directives change the appearance or behavior of DOM
elements.,
Example:,
Give an example of custom pipe
+
A custom pipe transforms data in templates., Example:, @Pipe({name:
'reverse'}), export class ReversePipe implements PipeTransform {,
transform(value: string) { return
value.split('').reverse().join(''); }, },
Usage: {{ 'Angular' | reverse }} → ralugnA.
Guard in Angular?
+
Guard is a service to control access to routes, e.g., CanActivate,
CanDeactivate.
Happens if custom id is not unique
+
Angular may overwrite translations or throw errors., Unique IDs
prevent
conflicts and ensure correct mapping.
Happens if I import the same module twice?
+
Angular does not create duplicate services if a module is imported
multiple
times., Components and directives are available where declared.,
Providers
are instantiated only once at root level.
Happens if you do not supply handler for the
observer
+
No callback is executed; observable executes but subscriber ignores
emitted
values., No error or complete handling occurs.
Happens if you use script tag inside template?
+
Angular does not execute script tags in templates for security.,
Scripts are
ignored to prevent XSS attacks., Use services or component logic
instead.
Happens if you use the script tag within a
template?
+
Scripts in Angular templates do not execute for security reasons
(DOM
sanitization)., Use external scripts or component logic instead.
HTTP interceptors?
+
HTTP interceptors are used to intercept HTTP requests and
responses., They
can modify headers, add tokens, or handle errors globally.,
Registered in
Angular’s dependency injection system., Useful for logging, caching,
and
authentication.
Http Interceptors?
+
Classes that intercept HTTP requests and responses globally., Can
modify
headers, log activity, or handle errors., Implemented via
HTTP_INTERCEPTORS
token.
HttpClient and its benefits?
+
HttpClient is Angular’s service for HTTP communication., Supports
typed
responses, interceptors, and observables., Simplifies REST API calls
with
automatic JSON parsing.
HttpInterceptor in Angular?
+
Interceptor is a service to modify HTTP requests or responses
globally.
Hydration?
+
Hydration converts server-rendered HTML into a fully interactive
client
app., Used in Angular Universal for SSR (Server-Side Rendering).
If BrowserModule used in feature module?
+
Error occurs: BrowserModule should only be imported in AppModule.,
Feature
modules should use CommonModule instead.
Imported modules in CLI-generated feature
modules
+
CommonModule for common directives., FormsModule if forms are used.,
RouterModule for routing inside the feature module.
Impure Pipes
+
Impure pipes may return different output even if input is same.,
Executed on
every change detection cycle., Useful for dynamic or async data
transformations.
Include SASS into an Angular project?
+
Install node-sass or use Angular CLI:, ng config
schematics.@schematics/angular:component.style scss, Rename .css
files to
.scss., Angular compiles SASS into CSS automatically.
Index property in ngFor directive
+
let i = index gives the current iteration index., Can be used for
numbering
items or conditionally styling elements.
Inject dynamic script in Angular?
+
Use Renderer2 or document.createElement('script') in a component.,
Set src
and append it to document.body., Ensure scripts are loaded after
component
initialization.
Install Angular Language Service in a project?
+
Use NPM: npm install @angular/language-service --save-dev., Also,
enable it
in your IDE (VS Code, WebStorm) for Angular templates.
Interpolation in Angular?
+
Interpolation allows embedding expressions in HTML using {{
expression }}
syntax.
Interpolation?
+
Interpolation binds component data to HTML view using {{ }}.,
Example:
Invoke a builder?
+
In Angular, a builder is invoked via angular.json or the CLI., Use
commands
like ng build or ng run :., Builders handle tasks like building,
serving, or
testing projects., They are customizable via options in the
angular.json
configuration.
Is aliasing possible for inputs and outputs?
+
Yes, using @Input('aliasName') or @Output('aliasName')., Allows
different
property names externally vs internally.
Is bootstrapped component required to be entry
component?
+
Yes, it must be included in entryComponents in Angular versions <9.,
In Angular 9+ (Ivy), entryComponents array is no longer needed.
Is it mandatory to use @Injectable on
every
service?
+
Only required if the service has dependencies injected.,
Recommended for
consistency and AOT compatibility.
Is it safe to use direct DOM API methods?
+
No, direct DOM manipulation may bypass Angular security., It can
introduce XSS risks., Prefer Angular templates, bindings, or
Renderer2.
Is static flag mandatory for ViewChild?
+
static: true/false required when accessing child elements in
ngOnInit vs
ngAfterViewInit., true for early access, false for later
lifecycle
access.
It helps determine what component should
be
displayed.
+
Router links?, Router links ([routerLink]) are Angular
directives to
navigate between routes., Example: Home.
JIT?
+
JIT compiles Angular templates in the browser at runtime.,
Faster builds
but slower app startup., Used mainly during development.
Key components of Angular
+
Component: UI + logic, Directive: Behavior or DOM manipulation,
Module:
Organizes components, Service: Shared logic/data, Pipe: Data
transformation, Routing: Navigation between views
Lazy loading in Angular?
+
Lazy loading loads modules only when needed, improving
performance.
Lazy loading?
+
Lazy loading loads modules only when needed., Reduces initial
load time
and improves performance., Configured in the routing module
using
loadChildren.
Lifecycle hooks available
+
Common hooks:, ngOnInit - after component initialization,
ngOnChanges -
on input property change, ngDoCheck - custom change detection,
ngOnDestroy - cleanup before component removal
lifecycle hooks in Angular?
+
Lifecycle hooks are methods called at specific points in a
component's
life, e.g., ngOnInit, ngOnDestroy.
Lifecycle hooks in Angular? Examples?
+
Lifecycle hooks allow execution of logic at specific component
stages.
Common hooks include:, · ngOnInit() - initialization, ·
ngOnChanges() -
when input properties change, · ngOnDestroy() - cleanup before
removal,
· ngAfterViewInit() - when view loads
Lifecycle hooks of a zone
+
onStable: triggered when zone has no pending tasks., onUnstable:
triggered when async tasks start., onMicrotaskEmpty: after
microtasks
complete.
lifecycle hooks? Explain a few.
+
Lifecycle hooks are methods called at specific component
stages.,
Examples:, ngOnInit: Initialization, ngOnChanges: Detect input
changes,
ngOnDestroy: Cleanup before destruction, They help manage
component
behavior.
Limitations with web workers
+
Cannot access DOM directly, Limited access to window or document
objects, Cannot use Angular services directly, Communication is
via
messages only
List of template expression operators
+
+ - * / %, comparison (<>
<=>= == !=), logical (&& || !), ternary (? :), nullish (?.)
operators.
List pluralization categories
+
Angular supports: zero, one, two, few, many, other., Used in ICU
plural
expressions.
Macros?
+
Macros are predefined expressions or reusable snippets in
Angular
compilation., Used to simplify repeated patterns in metadata or
templates.
Manually bootstrap an application
+
Use platformBrowserDynamic().bootstrapModule(AppModule) in
main.ts.,
Starts Angular without relying on automatic bootstrapping.
Manually register locale data
+
Import locale from @angular/common and register:, import {
registerLocaleData } from '@angular/common';, import localeFr
from
'@angular/common/locales/fr';, registerLocaleData(localeFr);
Mapping rules between Angular component
and
custom element
+
Component inputs → element attributes/properties, Component
outputs →
DOM events, Lifecycle hooks are preserved automatically
Metadata rewriting?
+
Metadata rewriting updates compiled metadata JSON files for
AOT., Allows
Angular to optimize templates and components at build time.
Metadata?
+
Metadata provides additional info about classes to Angular.,
Used via
decorators like @Component and @NgModule., Tells Angular how to
process
a class.
Method decorators?
+
Decorators applied to methods to modify or enhance behavior.,
Example:
@HostListener listens to events on host elements.
Methods of NgZone to control change
detection
+
run(): execute inside Angular zone (triggers detection).,
runOutsideAngular(): execute outside detection., onStable,
onUnstable
for subscriptions.
Module in Angular?
+
Modules group components, directives, pipes, and services into
cohesive
blocks of functionality.
Module?
+
Module (NgModule) organizes components, directives, and
services., Every
Angular app has a root module (AppModule)., Modules help in lazy
loading
and modular development.
Multicasting?
+
Multicasting allows sharing a single observable execution among
multiple
subscribers., Achieved using Subject or share() operator.,
Reduces
unnecessary API calls or processing.
MVVM Architecture
+
Model-View-ViewModel separates UI, logic, and data., Model: Data
and
business logic., View: User interface., ViewModel: Mediator
between view
and model, handles commands and data binding., Promotes
testability and
clean separation of concerns.
Navigating between routes in Angular
+
Use RouterLink or Router service:, Home, Or programmatically:
this.router.navigate(['/home']);
NgAfterContentInit in Angular?
+
ngAfterContentInit is called after content projected into
component is
initialized.
NgAfterViewInit in Angular?
+
ngAfterViewInit is called after component's view and child views
are
initialized.
Ngcc
+
Angular Compatibility Compiler converts node_modules packages
compiled
with View Engine to Ivy., Ensures libraries are compatible with
Angular
Ivy compiler.
Ng-content and its purpose?
+
is a placeholder in a component template., Used for content
projection,
letting parent content be rendered in child components.
NgModule in Angular?
+
NgModule is a decorator that defines a module and its metadata,
like
declarations, imports, providers, and bootstrap.
NgOnDestroy in Angular?
+
ngOnDestroy is called just before component destruction to clean
up
resources.
NgOnInit in Angular?
+
ngOnInit is called once after component initialization.
NgOnInit?
+
ngOnInit is a lifecycle hook called after Angular initializes a
component., Used to perform component initialization and fetch
data.,
Runs once per component instantiation.
NgRx?
+
NgRx is a state management library for Angular., Based on Redux
pattern,
uses actions, reducers, and store., Helps manage complex
application
state predictably.
NgUpgrade?
+
NgUpgrade allows hybrid apps running AngularJS and Angular
together.,
Facilitates incremental migration from AngularJS to Angular.,
Supports
components, services, and routing interoperability.
NgZone
+
NgZone is a service that manages Angular’s change detection
context., It
runs code inside or outside Angular zone to control updates
efficiently.
Non-null type assertion operator?
+
The ! operator asserts that a value is not null or undefined.,
Example:
value!.length tells TypeScript the variable is safe., Used to
prevent
compiler errors when you know the value exists.
NoopZone
+
A no-operation zone that disables automatic change detection.,
Useful
for performance optimization in large apps.
Observable creation functions
+
of() - emits given values, from() - converts array, promise to
observable, interval() - emits sequence periodically,
fromEvent() -
listens to DOM events
Observable in Angular?
+
Observable represents a stream of asynchronous data that can be
subscribed to.
Observable?
+
Observable is a stream of data over time., It can emit next,
error, and
complete notifications., Used for HTTP, events, and async tasks.
Observables different from promises?
+
Observables can emit multiple values over time, promises only
one.,
Observables are lazy and cancellable., Promises are eager and
simpler.,
Observables support operators for transformation and filtering.
Observables vs Promises
+
Observables: Multiple values over time, cancellable, lazy
evaluation.,
Promises: Single value, eager, not cancellable., Observables are
used
with RxJS in Angular.
observables?
+
Observables are data streams that emit values over time., They
allow
asynchronous operations like HTTP requests or events., Provided
by RxJS
in Angular.
Observer?
+
An observer is an object that listens to an observable., It has
methods:
next, error, and complete., Example: { next: x =>
console.log(x), error:
e => console.log(e) }.
Operators in RxJS?
+
Operators are functions to transform, filter, or combine
Observables,
e.g., map, filter, mergeMap.
Optimize performance of async validators
+
Use debounceTime to reduce API calls., Use distinctUntilChanged
for
unique inputs., Avoid heavy computation inside validator
function.
Option to choose between inline and
external
template file
+
In @Component decorator:, template - inline HTML, templateUrl -
external
HTML file, Choice depends on component size and readability.,
*21.
Purpose of ngFor directive, *ngFor is used to loop over a
collection and
render elements., Syntax: *ngFor="let item of items"., Useful
for
dynamic lists and tables., *22. Purpose of ngIf directive, *ngIf
conditionally renders elements based on boolean expression.,
Removes or
adds elements from the DOM., Helps control UI dynamically.
Optional dependency
+
A dependency that may or may not be provided., Use @Optional()
decorator
in constructor injection.
Parameterized pipe?
+
Pipes that accept arguments to modify output., Example: {{
amount |
currency:'USD':true }}, Allows flexible data formatting in
templates.
Parent to Child data sharing example
+
Parent Component:, , Child Component:, @Input() childData:
string;, This
passes parentData from parent to child.
Pass headers for HTTP client?
+
Use HttpHeaders in Angular’s HttpClient., Example:,
this.http.get(url, {
headers: new HttpHeaders({'Auth':'token'}) }), Allows sending
authentication, content-type, or custom headers.
Perform error handling in observables?
+
Use catchError operator inside .pipe()., Example:
observable.pipe(catchError(err => of(defaultValue))), Can also
use
retry() to retry failed requests.
Pipe in Angular?
+
Pipe transforms data in templates, e.g., date, currency, custom
pipes.
Pipes in Angular?
+
Pipes transform data before displaying in a template., Example:
{{ name
| uppercase }} converts text to uppercase., Can be built-in or
custom.
Pipes?
+
Pipes transform data in the template without changing the
component.,
Example: {{date | date:'short'}}, Angular has built-in pipes
like
DatePipe, UpperCasePipe, CurrencyPipe.
PipeTransform Interface
+
Interface that custom pipes must implement., Defines the
transform()
method for input-to-output transformation., Enables reusable
data
formatting.
platform in Angular?
+
Platform provides runtime context for Angular applications.,
Examples:
platformBrowser(), platformServer()., It bootstraps the Angular
application on the respective environment.
Possible data update scenarios for change
detection
+
Model updates via property binding, User input in forms, Async
operations like HTTP requests, timers, Manual triggering using
ChangeDetectorRef
Possible errors with declarations
+
Declaring a component twice in different modules, Declaring
non-component classes, Missing component import in module
Precedence between pipe and ternary
operators
+
Ternary operators have higher precedence., Pipe (|) executes
after
ternary expression evaluates.
Prevent automatic sanitization
+
Use Angular DomSanitizer to mark content as trusted:,
bypassSecurityTrustHtml, bypassSecurityTrustUrl, etc., Use
carefully to
avoid XSS vulnerabilities.
Prioritize TypeScript over JavaScript in
Angular?
+
TypeScript provides strong typing, classes, interfaces, and
compile-time
checks., Improves developer productivity and maintainability.
Property binding in Angular?
+
Property binding binds component properties to HTML element
properties
using [property] syntax.
Property decorators?
+
Decorators that enhance class properties with Angular features.,
Example: @Input() for parent-to-child binding, @Output() for
event
emission.
Protractor?
+
Protractor is an end-to-end testing framework for Angular apps.,
It runs
tests in real browsers and integrates with Selenium., It
understands
Angular-specific elements like ng-model and ng-repeat.
Provide a singleton service
+
Use @Injectable({ providedIn: 'root' })., Angular injects one
instance
app-wide., Do not redeclare in feature modules to avoid
duplicates.
Provide build configuration for multiple
locales
+
Use angular.json configurations:, "locales": { "fr":
"src/locale/messages.fr.xlf" }, Build with: ng build --localize.
Provide configuration inheritance?
+
Angular modules can extend or import other modules., Child
modules
inherit providers, declarations, and configurations from parent
modules., Helps maintain shared settings across the app.
Provider?
+
A provider tells Angular how to create a service., It defines
the
dependency injection configuration., Declared in modules,
components, or
services.
Pure Pipes
+
Pure pipes return same output for same input., Executed only
when input
changes., Used for performance optimization.
Purpose of tag
+
Specifies the base path for relative URLs in an Angular app.,
Helps
router resolve paths correctly., Placed in the section of
index.html.,
Example: .
Purpose of animate function
+
animate() specifies duration, timing, and styles for
transitions., It
animates the element from one style to another., Used inside
transition() to control animation flow.
Purpose of any type cast function?
+
The any type allows bypassing TypeScript type checking., It is
used to
temporarily cast a variable when type is unknown., Useful during
migration or working with dynamic data.
Purpose of async pipe
+
async pipe automatically subscribes to Observable or Promise.,
It
updates the template with emitted values., Handles subscription
and
unsubscription automatically.
Purpose of CommonModule?
+
CommonModule provides common directives like ngIf and ngFor., It
is
imported in feature modules to use standard Angular directives.,
Helps
avoid reimplementing basic functionality.
Purpose of custom id
+
Assigns a unique identifier to a translatable string., Helps
maintain
consistent translations across builds.
Purpose of differential loading in CLI
+
Generates two bundles: modern ES2015+ for new browsers, ES5 for
old
browsers., Reduces payload for modern browsers., Improves
performance
and load time.
Purpose of FormBuilder
+
Simplifies creation of FormGroup, FormControl, and FormArray.,
Reduces
boilerplate code for reactive forms.
Purpose of hidden property
+
[hidden] toggles visibility of an element using CSS display:
none.,
Unlike ngIf, it does not remove the element from the DOM.
Purpose of i18n attribute
+
Marks an element or text for translation., Angular extracts
these for
generating translation files.
Purpose of innerHTML
+
innerHTML sets or gets the HTML content of an element., Used for
dynamic
HTML rendering in the DOM.
Purpose of metadata JSON files
+
Store compiled metadata about components, directives, and
modules., Used
by AOT compiler for dependency injection and code generation.
Purpose of ngFor trackBy
+
trackBy improves performance by tracking items using unique
identifier.,
Prevents unnecessary DOM re-rendering when lists change.
Purpose of ngSwitch directive
+
ngSwitch conditionally displays elements based on expression
value.,
ngSwitchCase and ngSwitchDefault define cases and default view.
Purpose of Wildcard route
+
Wildcard route (**) catches all undefined routes., Typically
used for
404 pages., Example: { path: '**', component:
PageNotFoundComponent }.
Reactive forms
+
Form model is defined in component class using FormControl,
FormGroup.,
Provides predictable, programmatic control and validators.
Reason for No provider for HTTP exception
+
Occurs when HttpClientModule is not imported in AppModule., Add
HttpClientModule to imports to resolve dependency injection
errors.
Reason to deprecate Web Tracing Framework
+
It was browser-dependent and complex., Angular adopted modern
debugging
tools and console-based tracing., Simplifies performance
monitoring and
reduces maintenance.
Reason to deprecate web worker packages
+
Native Web Worker APIs became standardized., Angular moved to
simpler,
built-in worker support., External packages were redundant and
increased
bundle size.
Recommendation for provider scope
+
Provide services in root for singleton usage., Avoid multiple
registrations in lazy-loaded modules unless necessary., Use
feature
module providers for module-scoped instances.
ReplaySubject in Angular?
+
ReplaySubject emits a specified number of previous values to new
subscribers.
Report missing translations
+
Angular logs missing translations in console during
compilation., Use
tools or custom loaders to handle untranslated keys.
Reset the form
+
Use form.reset() to reset values and validation state.,
Optionally, pass
default values: form.reset({ name: 'John' }).
Restrict provider scope to a module
+
Declare the provider in the providers array of the module.,
Avoid
providedIn: 'root' in @Injectable()., This creates a
module-specific
instance.
Restrictions of metadata
+
Cannot use dynamic expressions in decorators., Arrow functions
or
complex expressions are not allowed., Only static, serializable
values
are permitted.
Restrictions on declarable classes
+
Declarables cannot be services or modules., They must be
declared in
exactly one NgModule., Cannot be imported multiple times across
modules.
Role of ngModule metadata in compilation
process
+
Defines components, directives, pipes, and services., Helps
compiler
resolve dependencies and build module graph.
Role of template compiler for XSS
prevention
+
The compiler escapes unsafe content during template rendering.,
Ensures
dynamic content does not execute scripts., Acts as a first-line
defense
against XSS.
Root module in Angular?
+
The AppModule is the root module bootstrapped to launch the
application.
Route Parameters?
+
Data passed through URLs to routes., Path parameters: /user/:id,
Query
parameters: /user?id=1, Fragment: #section1, Matrix parameters:
/user;id=1
Routed entry component?
+
Component loaded via router dynamically, not referenced in
template.,
Needs to be known to Angular compiler to generate factory.
Router events?
+
Router events are lifecycle events during navigation., Examples:
NavigationStart, RoutesRecognized, NavigationEnd,
NavigationError., You
can subscribe to Router.events for tracking navigation.
Router imports?
+
To use routing, import:, RouterModule, Routes from
@angular/router, Then
configure routes using RouterModule.forRoot(routes) or
forChild(routes).
Router links?
+
[routerLink] is used for navigation without page reload.,
Example: Home,
It generates URLs based on route configuration.
Router outlet?
+
is a placeholder where routed components are displayed., The
router
dynamically injects the matched component here., Only one per
view or
multiple for nested routes.
Router state?
+
Router state represents the current tree of activated routes.,
Provides
access to route parameters, query parameters, and data., Useful
for
inspecting the current route in the app.
Router state?
+
Router state represents current route information., Contains
URL,
params, queryParams, and component data., Accessible via Router
or
ActivatedRoute service.
RouterModule in Angular?
+
RouterModule provides services and directives for configuring
routing.
Routing in Angular?
+
Routing enables navigation between different views in a
single-page
application.
Rule in Schematics?
+
A rule defines transformations on a project tree., It decides
how files
are created, modified, or deleted., Rules are building blocks of
schematics.
Run Bazel directly?
+
Use Bazel CLI commands: bazel build //src:app or bazel test
//src:app.,
It executes targets defined in BUILD files., Helps in running
incremental builds independently of Angular CLI.
RxJS in Angular?
+
RxJS is a reactive programming library for handling asynchronous
data
streams using Observables.
RxJS in Angular?
+
RxJS is a library for reactive programming., Used with
observables to
handle async data, events, and streams., Provides operators like
map,
filter, and debounceTime.
RxJS Subject in Angular?
+
Subject is an observable that multicasts values to multiple
observers.,
It can act as both an observer and observable., Used for
communication
between components or services.
RxJS?
+
RxJS (Reactive Extensions for JavaScript) is a library for
reactive
programming., Provides observables, operators, and subjects.,
Used for
async tasks and event handling in Angular.
safe navigation operator?
+
?. operator prevents null or undefined errors in templates.,
Example:
user?.name returns undefined if user is null.
Sanitization? Does Angular support it?
+
Sanitization cleans untrusted input to prevent code injection.,
Angular
provides built-in DomSanitizer for HTML, styles, URLs, and
scripts.
Schematic?
+
Schematics are code generators for Angular projects., They
automate
creation of components, services, modules, or custom templates.,
Used
with Angular CLI.
Schematics CLI?
+
Command-line tool to run, test, and create schematics., Example:
schematics blank --name=my-schematic., Helps automate repetitive
tasks
in Angular projects.
Scope hierarchy in Angular
+
Angular components have isolated scopes with hierarchical
injectors.,
Child components inherit parent services via DI.
Scope in Angular
+
Scope is the binding context between controller and view., Used
in
AngularJS; replaced by Component class properties in Angular.
Security principles in Angular
+
Follow XSS prevention, CSRF protection, input validation, and
sanitization., Avoid direct DOM manipulation and unsafe URL
usage., Use
Angular built-in sanitizers and HttpClient.
Select an element in component template?
+
Use template reference variables or @ViewChild() decorator.,
Example:
@ViewChild('myDiv') myDivElement: ElementRef;., This allows
accessing
DOM elements or child components from the component class.
Select an element within a component
template?
+
Use @ViewChild() or @ViewChildren() decorators., Example:
@ViewChild('myDiv') div: ElementRef;, Allows access to DOM
elements or
child components in TS code.
select ICU expression
+
Used for conditional translations based on variable values.,
Example:
gender-based messages: {gender, select, male {...} female {...}
other
{...}}
Server-side XSS protection in Angular
+
Validate and sanitize inputs before sending to client., Use CSP
headers,
HTTPS, and server-side escaping., Combine with Angular
client-side
protections.
Service in Angular?
+
Service is a class that provides shared functionality across
components.
Service Worker and its role in Angular?
+
Service Worker is a background script that intercepts network
requests.,
It enables offline caching, push notifications, and performance
improvements., Angular supports Service Worker via @angular/pwa
package.
Service?
+
Service is a class that holds business logic or shared data.,
Injected
into components using Dependency Injection., Promotes code
reusability
across components.
Services in Angular?
+
Reusable classes that hold business logic or shared data.,
Injected into
components via DI., Helps separate UI and logic.
Set ngFor and ngIf on same element
+
Use :,
Share data between components in Angular?
+
Parent-to-child: @Input(), Child-to-parent: @Output() with
EventEmitter,
Service with BehaviorSubject or Subject for unrelated components
Share services using modules?
+
Yes, but use Core module or providedIn: 'root'., Avoid providing
in
Shared module to prevent multiple instances.
Shared module
+
A module containing reusable components, directives, pipes, and
services., Imported by other modules to reduce code
duplication.,
Typically does not provide singleton services.
Shorthand notation for subscribe method
+
Instead of an observer object, use separate callbacks:,
observable.subscribe(val => console.log(val), err =>
console.log(err),
() => console.log('complete'));
Single Page Applications (SPA)
+
SPA loads one HTML page and dynamically updates content.,
Routing is
handled on the client side., Improves speed and reduces server
load.
Slice pipe?
+
Slice pipe extracts a subset of array or string., Example: {{
items |
slice:0:3 }} shows first 3 items., Useful for pagination or
previews.
Some features of Angular
+
Component-based architecture., Two-way data binding and
dependency
injection., Directives, services, and RxJS support., Powerful
CLI for
project scaffolding.
SPA? (Single Page Application)
+
A SPA loads a single HTML page and dynamically updates content
using
JavaScript without full page reloads. Unlike traditional
websites where
each action loads a new page, SPAs improve speed, user
experience, and
reduce server load.
Special configuration for Angular 9?
+
Angular 9 uses Ivy compiler by default., No additional
configuration is
needed for most apps.
Specify Angular template compiler options?
+
Template compiler options are specified in tsconfig.json or
angular.json., You can enable strict type checking, full
template type
checking, and other options., Example: "angularCompilerOptions":
{
"strictTemplates": true }., It helps catch template errors at
compile
time.
Standalone component?
+
A component that does not require a module., Can be used
independently
with its own imports, providers, and declarations.
State CSS classes provided by ngModel
+
ng-valid, ng-invalid, ng-dirty, ng-pristine, ng-touched,
ng-untouched,
Helps style form validation states.
State function?
+
state() defines a named state for an animation., It specifies
styles
associated with that state., Used in combination with
transition() to
animate between states.
Steps to use animation module
+
1. Install @angular/animations., 2. Import
BrowserAnimationsModule in
the root module., 3. Use trigger, state, style, animate, and
transition
in components., 4. Bind animations to templates using [
@triggerName ].
Steps to use declaration elements
+
1. Declare component, directive, or pipe in NgModule., 2. Export
if
needed for other modules., 3. Import module in consuming
module., 4. Use
element in template.
string interpolation and property binding.
+
String interpolation: {{ value }} inserts data into templates.,
Property
binding: [property]="value" binds data to element properties.,
Both keep
view and data synchronized.
String interpolation in Angular?
+
Binding data from component to template using {{ value }}.,
Automatically updates the DOM when the component value changes.
Style function?
+
style() defines CSS styles to apply in a particular state or
keyframe.,
Used inside state(), transition(), or animate()., Example:
style({
opacity: 0, transform: 'translateX(-100%)' }).
Subject in Angular?
+
Subject is an Observable that allows multicasting to multiple
subscribers.
Subscribing?
+
Subscribing is listening to an observable., Example:
.subscribe(data =>
console.log(data));, Triggers execution and receives emitted
values.
Template expressions?
+
Template expressions are evaluated inside interpolation or
binding., Can
include properties, methods, operators., Cannot contain
statements like
loops or conditionals.
Template statements?
+
Template statements handle events like (click) or (change).,
Invoke
component methods in response to user actions., Example: Click
Template?
+
Template is the HTML view of a component., It defines structure,
layout,
and binds data using Angular syntax., Can include directives,
bindings,
and pipes.
Template-driven forms
+
Forms defined directly in HTML template using ngModel., Less
control but
simpler for small forms.
Templates in Angular
+
Templates define the HTML view of a component., They can contain
Angular
directives, bindings, and expressions., Templates are combined
with
component logic to render the UI.
Templates in Angular?
+
HTML with Angular directives, bindings, and components., Defines
the
view for a component.
Test Angular application using CLI?
+
Use ng test to run unit tests with Karma and Jasmine., Use ng
e2e for
end-to-end testing with Protractor or Cypress., CLI manages
configurations and test runner setup automatically.
TestBed?
+
TestBed is Angular’s unit testing utility for configuring and
initializing environment., It allows creating components,
services, and
modules in isolation., Used with Karma or Jasmine to run tests.
Three phases of AOT
+
1. Metadata analysis: Parse decorators and template metadata.,
2.
Template compilation: Convert templates to TypeScript code., 3.
Code
generation: Emit optimized JavaScript for the browser.
Transfer components to custom elements
+
Use createCustomElement(Component, { injector }), Register via
customElements.define('tag-name', element).
Transition function?
+
transition() defines how animations move between states., It
specifies
conditions, duration, and easing for the animation., Example:
transition('open => closed', animate('300ms ease-in')).
Translate an attribute
+
Add i18n-attribute to mark element attributes: Welcome,
Translate text without creating an element
+
Use i18n attribute on existing elements or directives., Angular
supports
inline translations for text content.
Transpiling in Angular?
+
Transpiling converts TypeScript or modern JavaScript into plain
JavaScript., This ensures compatibility with browsers., Angular
uses the
TypeScript compiler (tsc) for this process., It helps leverage
ES6+
features safely in older browsers.
Trigger an animation
+
Use Angular Animation API: trigger, state, transition, animate.,
Call
animation in template with [@animationName]., Can also trigger
via
component methods.
Two-way binding in Angular?
+
Two-way binding synchronizes data between component and template
using
[(ngModel)].
Two-way data binding
+
Updates component model when view changes and vice versa.,
Implemented
using [(ngModel)]., Simplifies form handling.
Type narrowing?
+
Type narrowing is the process of refining a variable’s type.,
TypeScript
uses control flow analysis like if, typeof, or instanceof.,
Example: if
(typeof x === "string") { x.toUpperCase(); }
Types of data binding in Angular?
+
Interpolation, Property Binding, Event Binding, Two-way Binding
([(ngModel)]).
Types of directives in Angular?
+
Components, Structural Directives (e.g., *ngIf, *ngFor), and
Attribute
Directives (e.g., ngClass, ngStyle).
Types of feature modules
+
Eager-loaded modules: Loaded at app startup., Lazy-loaded
modules:
Loaded on demand via routing., Shared modules: Contain reusable
components, directives, pipes., Core module: Provides singleton
services.
Types of filters in AngularJS.
+
Filters format data displayed in the UI. Common filters
include:, ✓
currency (formats currency), ✓ date (formats date), ✓ filter
(filters
arrays), ✓ uppercase/lowercase, ✓ orderBy (sorts collections),
Types of injector hierarchies
+
Root injector, Module-level injector, Component-level injector,
Child
injectors inherit from parent injector.
Types of validator functions
+
Synchronous validators (Validators.required,
Validators.minLength),
Asynchronous validators (HTTP-based or custom async checks)
Type-safe TestBed API changes in Angular 9
+
TestBed APIs now return strongly typed component and fixture
instances.,
Improves type checking in unit tests.
TypeScript class with constructor and
function
+
class Person {, constructor(public name: string) {}, greet() {
console.log(`Hello ${this.name}`); }, }, let p = new
Person("John");,
p.greet();
TypeScript?
+
TypeScript is a superset of JavaScript that adds static typing.,
It
compiles down to plain JavaScript for browser compatibility.,
Provides
features like classes, interfaces, and type checking., Used
extensively
in Angular for better maintainability and scalability.
Update specific properties of a form model
+
Use patchValue() for partial updates., setValue() requires all
properties to be updated., Example: form.patchValue({ name:
'John' }).
Upgrade Angular version?
+
Use ng update @angular/core @angular/cli., Follow migration
guides for
breaking changes., CLI updates dependencies, TypeScript, and
configuration automatically.
Upgrade location service of AngularJS?
+
Migrate $location service to Angular’s Router module., Update
code to
use Router.navigate() or ActivatedRoute., Ensures smooth URL and
state
management in Angular.
Use any JavaScript feature in expression
syntax for AOT?
+
No, only static and serializable expressions are allowed.,
Dynamic or
runtime JavaScript features are rejected.
Use AOT compilation with Ivy?
+
Yes, Ivy fully supports AOT (Ahead-of-Time) compilation., It
improves
startup performance and catches template errors at compile time.
Use arrow functions in AOT?
+
No, arrow functions are not allowed in decorators or metadata.,
AOT
requires static, serializable expressions.
Use Bazel with Angular CLI?
+
Install Bazel schematics: ng add @angular/bazel., Build or test
projects
using Bazel commands: ng build --bazel., It replaces default
Webpack
builder for performance optimization.
Use HttpClient with an example
+
Inject HttpClient in a service:, this.http.get
('api/users').subscribe(data => console.log(data));, Use .get,
.post,
.put, .delete for REST calls., Returns observable streams.
Use interceptor for entire application
+
Provide it in AppModule providers:, providers: [{ provide:
HTTP_INTERCEPTORS, useClass: MyInterceptor, multi: true }],
Ensures all
HTTP requests pass through it.
Use jQuery in Angular?
+
Install jQuery via npm: npm install jquery., Import it in
angular.json
scripts or component: import * as $ from 'jquery';., Use
carefully;
prefer Angular templates over direct DOM manipulation.
Use polyfills in Angular application?
+
Modify polyfills.ts file to enable browser compatibility.,
Includes
support for older browsers (IE, Edge)., Polyfills ensure Angular
features work across different platforms.
Use SASS in Angular project?
+
Set --style=scss when creating project: ng new app
--style=scss., Or
change file extensions to .scss and configure angular.json.,
Angular CLI
automatically compiles SASS to CSS.
Utility functions provided by RxJS
+
Functions like of, from, interval, timer, throwError, and
fromEvent.,
Used to create or manipulate observables.
Various kinds of directives
+
Structural: *ngIf, *ngFor - modify DOM structure, Attribute:
[ngStyle],
[ngClass] - change element behavior/appearance, Custom
directives:
User-defined behaviors
Various security contexts in Angular
+
HTML (content in templates), Style (CSS binding), Script
(JavaScript
context), URL (resource links), Resource URL (external
resources)
Verify model changes in forms
+
Subscribe to valueChanges or statusChanges on form or controls.,
Example: form.valueChanges.subscribe(val => console.log(val)).
view encapsulation in Angular?
+
Controls CSS scope in components., Types: Emulated (default),
None,
Shadow DOM., Prevents styles from leaking or being overridden.
ViewEncapsulation? Types?
+
ViewEncapsulation controls styling scope in Angular components.,
It has
three modes:, · Emulated (default, scoped styles), · None
(global
styles), · ShadowDom (real Shadow DOM isolation)
Ways to control AOT compilation
+
Enable/disable in angular.json using "aot": true/false., Use CLI
commands: ng build --aot., Manage template metadata and
decorators
carefully.
Ways to remove duplicate service
registration
+
Provide service only in root., Avoid lazy-loaded module
providers for
shared services., Use forRoot pattern for modules with services.
Ways to trigger change detection in
Angular
+
User events (click, input) automatically trigger detection.,
ChangeDetectorRef.detectChanges() manually triggers detection.,
NgZone.run() executes code inside Angular zone., Async
operations via
Observables or Promises also trigger it.
Workspace APIs?
+
Workspace APIs allow managing Angular projects
programmatically., Used
for creating, modifying, or generating projects and
configurations.,
Part of Angular DevKit (@angular-devkit/core).
Zone context
+
The environment that monitors async operations., Angular uses it
to know
when to run change detection.
Zone?
+
Zone.js is a library used by Angular to detect asynchronous
operations.,
It helps Angular trigger change detection automatically., All
async
tasks like setTimeout, promises, and HTTP requests are tracked.
:host property in CSS
+
:host targets the component’s root element from within its CSS.,
Allows
styling the host without affecting other components.
Activated route?
+
ActivatedRoute provides info about the current route., Access
route
params, query params, fragments, and data., Injected into
components via
constructor.
Active router links?
+
Active links are highlighted when the route matches the current
URL.,
Use routerLinkActive directive:, Home, This helps in UI feedback
for
navigation.
Add web workers in your application?
+
Use Angular CLI: ng generate web-worker ., Update angular.json
and
enable TypeScript worker configuration., Offloads heavy
computation to
background threads for performance.
Advantages and disadvantages of Angular
+
Advantages: Component-based, TypeScript, SPA support, tooling.,
Disadvantages: Steep learning curve, larger bundle size, complex
for
small apps.
Advantages of Angular over other
frameworks
+
Two-way data binding reduces boilerplate code., Dependency
injection
improves modularity., Rich ecosystem, TypeScript support, and
reusable
components.
Advantages of Angular over other
frameworks
+
Strong TypeScript support., Declarative templates with data
binding.,
Rich ecosystem and official libraries (Material, Forms, RxJS).,
Modular,
testable, and maintainable code.
Advantages of Angular over React
+
Angular is a full-fledged framework, React is a library.,
Built-in
support for forms, routing, and HTTP., Strong TypeScript
integration for
better type safety.
Advantages of Angular?
+
Two-way data binding, modularity, dependency injection,
TypeScript
support, and powerful CLI.
Advantages of AOT
+
Faster app startup., Smaller bundle size., Detects template
errors at
build time., Better security by compiling templates ahead of
time.
Advantages of Bazel tool
+
Faster builds with caching, Parallel execution,
Language-agnostic
support, Scales well for monorepos
Angular Animation?
+
Angular Animation allows creating smooth UI animations in
components.,
Built on Web Animations API with @angular/animations., Supports
transitions, keyframes, triggers, and states for dynamic
effects.
Angular application work?
+
Angular apps run in the browser., Templates define UI,
components handle
logic, and services manage data., Data binding updates the view
dynamically when the model changes.
Angular Architecture Diagram
+
Angular architecture includes:, Modules (NgModule), Components
(UI +
logic), Templates (HTML), Directives (behavior), Services
(business
logic), Dependency Injection and Routing
Angular Authentication and Authorization
+
Authentication: Verify user identity (login, JWT).,
Authorization:
Control access to resources/routes based on roles., Implemented
using
guards, tokens, and HttpInterceptors.
Angular CLI Builder?
+
Angular CLI Builder is a customizable build pipeline tool., It
allows
modifying build, serve, and test processes., Used to extend or
replace
default Angular CLI behavior.
Angular CLI?
+
Angular CLI is a command-line tool to scaffold, build, and
maintain
Angular applications.
Angular CLI?
+
Angular CLI is a command-line tool for Angular projects., Used
to
generate components, modules, services, and run builds.,
Simplifies
scaffolding and deployment tasks.
Angular compiler?
+
Transforms Angular TypeScript and templates into JavaScript.,
Includes
AOT and JIT compilers., Generates code for change detection and
view
rendering.
Angular DSL?
+
DSL (Domain-Specific Language) in Angular refers to template
syntax., It
allows declarative UI using HTML with Angular directives.,
Includes
*ngIf, *ngFor, interpolation, and bindings.
Angular Elements
+
Angular Components packaged as custom HTML elements., Can be
used
outside Angular apps., Supports inputs, outputs, and
encapsulation.
Angular expressions vs JavaScript
expressions
+
Angular expressions are evaluated in the scope context and are
safe., No
loops, conditionals, or global access., JS expressions can
access any
variable or perform complex operations.
Angular finds components, directives, and
pipes
+
Compiler scans NgModule declarations., Generates factories and
resolves
templates and dependencies.
Angular Framework?
+
Angular is a TypeScript-based front-end framework for building
dynamic
single-page applications (SPAs)., It provides features like
components,
data binding, dependency injection, and routing., Maintains a
modular
architecture and encourages reusable code., It supports both
client-side
rendering and progressive web apps.
Angular introduced as a client-side
framework?
+
To create dynamic SPAs with fast user interactions., Reduces
server load
by rendering templates on the client., Provides data binding,
modularity, and reusable components.
Angular Ivy?
+
Ivy is the new rendering engine in Angular., It improves build
size,
speed, and runtime performance., Supports AOT compilation,
better
debugging, and improved type checking.
Angular Language Service?
+
Provides editor support like autocomplete, type checking, and
error
detection for Angular templates., Helps developers write Angular
code
faster and with fewer mistakes.
Angular library
+
Reusable module/package with components, directives, services.,
Can be
published and shared via npm.
Angular Material mean?
+
Angular Material is a UI component library implementing Google’s
Material Design., Provides pre-built components like buttons,
tables,
forms, and dialogs., Enhances UI consistency and responsiveness.
Angular Material?
+
A UI component library for Angular apps., Provides pre-built,
responsive, and accessible components., Includes buttons, forms,
tables,
navigation, and themes.
Angular Material?
+
Official UI component library for Angular., Provides modern,
accessible,
and responsive UI components.
Angular render on server-side?
+
Yes, using Angular Universal., Enables SSR for SEO and faster
initial
load.
Angular Router?
+
Angular Router allows navigation between views/components., It
maps URLs
to components., Supports nested routes, lazy loading, and route
guards.,
Enables single-page application (SPA) behavior.
Angular security model for preventing XSS
attacks
+
Angular automatically escapes interpolated content., Sanitizes
URLs,
HTML, and styles in templates., Prevents injection attacks on
the DOM.
Angular Signals with an example
+
import { signal } from '@angular/core';, const count =
signal(0);,
count.set(5); // Updates reactive value, count.subscribe(val =>
console.log(val));, When count changes, subscribed components
update
automatically.
Angular Signals?
+
Signals are reactive primitives to track state changes., They
allow
automatic UI updates when values change.
Angular simplifies Internationalization
(i18n)
+
Provides built-in i18n support, translation files, and pipes.,
Supports
pluralization, locale formatting, and dynamic translations., CLI
helps
extract and compile translations.
Angular Universal?
+
Angular Universal enables server-side rendering for SEO and
faster load
times.
Angular Universal?
+
Angular Universal enables server-side rendering (SSR) of Angular
apps.,
Improves SEO and performance., Pre-renders HTML on the server
before
sending to client.
Angular uses client-side rendering by
default
+
True. Angular renders templates in the browser using
JavaScript.,
Server-side rendering (Angular Universal) is optional.
Angular?
+
Angular is a platform and framework for building single-page
client
applications using HTML and TypeScript.
Angular?
+
Angular is a TypeScript-based front-end framework., Used to
build
single-page applications (SPAs)., Supports components, modules,
services, and reactive programming.
Annotations in Angular
+
Older term for decorators in AngularJS., Used to attach metadata
to
classes or functions., Helps framework know how to process the
component.
AOT Compilation and advantages
+
Compiles templates during build time., Catches template errors
early,
reduces bundle size, improves performance.
AOT compilation? Advantages?
+
AOT (Ahead-of-Time) compiles Angular templates during build
time.,
Advantages: Faster rendering, smaller bundle size, early error
detection, and better security.
AOT compiler
+
Ahead-of-Time compiler compiles templates during build, not
runtime.,
Reduces bundle size, improves performance, and catches template
errors
early.
AOT?
+
AOT compiles Angular templates during build., Generates
optimized
JavaScript before the app loads., Improves performance and
reduces
runtime errors.
Applications of HTTP interceptors
+
Add authentication tokens, logging, error handling, caching.,
Modify
request/response globally., Handle API versioning or header
manipulation.
Are all components generated in production
build?
+
Only components referenced or reachable from templates and
routes are
included., Unused components are tree-shaken.
Are multiple interceptors supported in
Angular?
+
Yes, interceptors are executed in the order provided., Each can
pass
control to the next using next.handle().
AsyncPipe in Angular?
+
AsyncPipe subscribes to Observables/Promises in templates and
handles
unsubscription automatically.
Bazel tool?
+
Bazel is a build and test tool developed by Google., It handles
large-scale projects efficiently., Supports incremental builds
and
caching.
BehaviorSubject in Angular?
+
BehaviorSubject stores current value and emits it to new
subscribers.
Benefit of Automatic Inlining of Fonts
+
Embeds fonts directly into CSS to reduce network requests.,
Improves
page load speed and performance., Enhances First Contentful
Paint (FCP)
metrics.
Best practices for security in Angular
+
Use sanitization, HttpClient, and Angular templates safely.,
Avoid
innerHTML for untrusted content., Enable Content Security Policy
(CSP)
and HTTPS.
Bootstrapped component?
+
Root component loaded by Angular to start the application.,
Declared in
bootstrap array of AppModule.
Bootstrapping module?
+
The bootstrapping module initializes the Angular application.,
It is
usually the root module (AppModule) loaded by main.ts., It sets
up the
root component and starts the application., It imports other
modules
required for app startup.
Bootstrapping module?
+
It is the root Angular module that launches the application.,
Defined
with @NgModule and bootstrap array., Typically called AppModule.
Browser support for Angular
+
Supports latest Chrome, Firefox, Edge, Safari., IE11 support is
deprecated in recent Angular versions., Modern Angular relies on
evergreen browsers for features.
Browser support of Angular Elements
+
Supported in all modern browsers (Chrome, Firefox, Edge,
Safari).,
Polyfills may be needed for IE11.
Builder?
+
A Builder is a class or script that executes a specific task in
Angular
CLI., It can run builds, tests, linting, or deploy tasks.,
Provides
flexibility to customize CLI workflows.
Building blocks of Angular?
+
Angular is built using several key components: Components (UI
control),
Modules (grouping functionality), Templates (HTML with Angular
bindings), Services (business logic), and Dependency Injection.
These
work together to build scalable single-page applications.
Can you read full response?
+
Use { observe: 'response' } with HttpClient:,
this.http.get('api/users',
{ observe: 'response' }).subscribe(resp =>
console.log(resp.status,
resp.body));, It returns headers, status, and body.
Case types in Angular?
+
Angular uses naming conventions:, camelCase for variables and
functions,
PascalCase for classes and components, kebab-case for selectors
and
filenames, This ensures consistency and readability.
Categorize data binding types?
+
One-way binding: Interpolation, property, event, Two-way
binding:
[(ngModel)], Enables dynamic updates between component and view.
Chain pipes?
+
Multiple pipes can be applied sequentially using |., Example: {{
name |
uppercase | slice:0:5 }}, Output is passed from one pipe to the
next.
Change Detection and how does it work?
+
Change Detection tracks updates in component data and updates
the view.,
Angular checks the component tree for changes automatically., It
works
via Zones and triggers re-rendering when a model changes., Helps
keep UI
and data synchronized.
Change detection in Angular?
+
Change detection tracks changes in application state and updates
the DOM
accordingly.
Change settings of zone.js
+
Configure zone.js flags before import in polyfills:, (window as
any).__Zone_disable_X = true;, Controls patching of timers,
events, or
async operations.
Choose an element from a component
template?
+
Use ViewChild or ViewChildren decorators., Example:
@ViewChild('myElement') element: ElementRef;, Access DOM
elements
directly in component class.
Class decorators in Angular?
+
Class decorators attach metadata to a class., Common ones:
@Component,
@Directive, @Injectable, @NgModule., They define how the class
behaves
in Angular’s DI and rendering system.
Class decorators?
+
Class decorators define metadata for classes., Example:
@Injectable()
marks a class for dependency injection.
Class field decorators?
+
Class field decorators annotate properties of a class.,
Examples:
@Input(), @Output(), @ViewChild()., They help Angular bind data,
access
DOM, or communicate between components.
Classes that should not be added to
declarations
+
Services, Modules, Non-Angular classes, Declarations should
include
components, directives, and pipes only.
Client-side frameworks like Angular were
introduced?
+
To create dynamic, responsive web apps without reloading pages.,
They
handle data binding, DOM manipulation, and routing on the client
side.,
Improves performance and user experience.
Code for creating a decorator.
+
A basic Angular decorator example:, function Log(target, key) {,
console.log(`Property ${key} was accessed`);, }, Decorators
enhance or
modify class behavior during runtime.
Codelyzer?
+
Codelyzer is a static analysis tool for Angular projects., It
checks for
coding style, best practices, and template errors., Used with
TSLint for
linting Angular apps.
Collection?
+
In Angular, a collection is a group of objects like arrays,
sets, or
maps., Used to store and iterate over data in templates using
ngFor.
Compare service() and factory() functions.
+
service() returns an instantiated singleton object and is
created using
a constructor function. factory() allows returning a custom
object,
function, or primitive and provides more flexibility. Both are
used for
sharing reusable logic across components.
Compilation process?
+
Transforms Angular templates and metadata into efficient
JavaScript.,
Ensures type safety and detects template errors., Optimizes the
app for
performance.
Component Decorator?
+
@Component defines a class as an Angular component., Specifies
metadata
like selector, template, and styles., Registers the component
with
Angular’s module system.
Component Test Harnesses?
+
A test API for Angular Material components., Allows interacting
with
components in tests without relying on DOM selectors., Provides
a clean
and maintainable way to write unit tests.
Components in Angular?
+
Components are building blocks of Angular applications that
control a
part of the UI.
Components, Modules, and Services in
Angular
+
Component: UI + logic., Module: Groups components, directives,
and
services., Service: Provides reusable business logic, injected
via
dependency injection.
Components?
+
Components are building blocks of Angular apps., They contain
template,
class (logic), and metadata., Responsible for rendering views
and
handling user interaction.
Concept of Dependency Injection (DI).
+
DI provides class dependencies automatically via Angular’s
injector.,
Reduces manual instantiation and promotes testability., Example:
Injecting a service into a component constructor.
Configure injectors with providers at
different levels
+
Root injector: App-wide singleton (providedIn: 'root')., Module
injector: Module-specific., Component injector: Scoped to
component and
children.
Content projection?
+
Mechanism to pass content from parent to child component.,
Allows child
components to display dynamic content from parent templates.
Create a standalone component manually
+
Set standalone: true in the component decorator:, @Component({,
selector: 'app-my-component',, standalone: true,, templateUrl:
'./my-component.html', }), export class MyComponent {}
Create a standalone component using CLI
+
Run: ng generate component my-component --standalone., Generates
a
component without declaring it in a module.
Create an app shell in Angular?
+
Use Angular CLI command: ng add @angular/pwa to enable PWA
features.,
Then run ng generate app-shell --client-project ., It generates
server-side rendered shell for faster initial load., App shell
improves
performance and perceived loading speed.
Create directives using CLI
+
Run:, ng generate directive myDirective, Generates directive
file with
@Directive decorator ready to use.
Create displayBlock components
+
Use display: block in component CSS or
Create schematics for libraries?
+
Use Angular CLI command: ng generate schematic , Define rules to
create
components or modules in the library., Automates repetitive
tasks in
library development.
Custom elements
+
Custom elements are browser-native HTML elements defined by
developers.,
They encapsulate functionality and can be reused like standard
tags.
Custom elements work internally
+
Angular wraps a component in custom element class., Manages
inputs/outputs, change detection, and lifecycle hooks., Element
behaves
like a standard HTML tag.
Custom pipe?
+
Custom pipe is a user-defined pipe to transform data., Created
using
@Pipe decorator and implementing PipeTransform., Useful for
app-specific
formatting or logic.
Data binding in Angular
+
Synchronizes data between component and template., Can be
one-way or
two-way., Reduces manual DOM manipulation.
Data binding in Angular?
+
Data binding synchronizes data between the component class and
template.
Data binding?
+
Data binding connects component class with template/view., Types
include
one-way (interpolation, property, event) and two-way binding.,
Enables
dynamic UI updates.
Data Binding? In how many ways can it be
executed?
+
Data binding connects data between the component and the UI.
Angular
supports four main types: Interpolation ({{ }}), Property
Binding ([ ]),
Event Binding (( )), and Two-way Binding ([( )]) using ngModel.
Deal with errors in observables?
+
Use the catchError operator in RxJS., Handle errors inside
subscribe via
error callback., Example:, observable.pipe(catchError(err =>
of([]))).subscribe(...)
Declarable in Angular?
+
Declarable refers to classes that can be declared in an
NgModule.,
Includes Components, Directives, and Pipes., They define UI
behavior or
transformations in templates.
Decorator in Angular?
+
Decorator is a function that adds metadata to classes, e.g.,
@Component,
@Injectable.
Decorators in Angular
+
Decorators provide metadata to classes, methods, or properties.,
Types:
@Component, @Injectable, @Directive, @Pipe., They enable Angular
features like dependency injection and templates.
Define routes?
+
Routes are defined using a Routes array:, const routes: Routes =
[, {
path: 'home', component: HomeComponent },, { path: 'about',
component:
AboutComponent }, ];, Configured via
RouterModule.forRoot(routes).
Define the ng-content Directive
+
Allows content projection into a child component., Acts as a
placeholder
for parent-provided HTML content.
Define typings for custom elements
+
Create a .d.ts file declaring:, interface HTMLElementTagNameMap
{
'my-element': MyComponentElement; }, Ensures TypeScript type
checking.
Dependency Hierarchy formed?
+
Angular forms a tree hierarchy of injectors., Root injector
provides
global services., Child components can have component-level
injectors.,
Services are resolved from closest injector upwards.
Dependency Injection
+
DI is a design pattern to inject dependencies into
components/services.,
Promotes loose coupling and testability., Angular has a built-in
DI
system.
Dependency injection in Angular?
+
DI is a design pattern where a class receives its dependencies
from an
external source rather than creating them.
Dependency injection in Angular?
+
Dependency Injection (DI) provides services or objects to
components
automatically., Avoids manual creation of service instances.,
Promotes
modularity and testability.
Dependency injection tree in Angular?
+
Hierarchy of injectors controlling service scope and lifetime.
Describe the MVVM architecture
+
Model-View-ViewModel separates data, UI, and logic., Angular
components
act as ViewModel, templates as View, services/models as Model.
Describe various dependencies in Angular
application?
+
Dependencies are described using constructor injection in
services or
components., Decorators like @Injectable() and @Inject() define
provider
rules., Angular’s DI system manages the lifecycle and resolution
of
dependencies.
Design goals of Service Workers
+
Offline-first experience, Background sync and push
notifications,
Improved performance and caching strategies, Enhancing
reliability and
responsiveness
Detect route change in Angular?
+
Subscribe to Router events:, this.router.events.subscribe(event
=> { /*
handle NavigationEnd */ });, You can use ActivatedRoute to
detect
parameter changes., Useful for executing logic on route
transitions.
DI token?
+
DI token is a key used to inject a dependency in Angular’s DI
system.,
Can be a type, string, or InjectionToken., Helps Angular locate
and
provide the correct service or value.
DifBet ActivatedRoute and Router?
+
ActivatedRoute provides info about current route; Router is used
to
navigate programmatically.
DifBet Angular Elements and Angular
Components?
+
Angular Elements are Angular components packaged as custom
elements to
use in non-Angular apps.
DifBet Angular Material and Bootstrap?
+
Angular Material provides Angular components with Material
Design;
Bootstrap is CSS framework.
DifBet Angular service and singleton
service?
+
Service is reusable class; singleton ensures a single instance
application-wide using providedIn: 'root'.
DifBet Angular Service Worker and Service
Worker API?
+
Angular Service Worker integrates with Angular for PWA features;
Service
Worker API is native browser API.
DifBet AngularJS and Angular?
+
AngularJS is based on JavaScript (v1.x); Angular (v2+) is based
on
TypeScript and component-based architecture.
DifBet CanActivate and CanDeactivate
guards?
+
CanActivate controls route access; CanDeactivate controls
leaving a
route.
DifBet catchError and retry operators in
RxJS?
+
catchError handles errors; retry retries failed requests a
specified
number of times.
DifBet Content Projection and ViewChild?
+
Content Projection inserts external content into component;
ViewChild
accesses component's template elements.
DifBet debounceTime() and throttleTime()?
+
debounceTime waits until silence; throttleTime emits at most
once in
time interval.
DifBet declarations and imports in
NgModule?
+
Declarations define components, directives, pipes within module;
imports
bring in other modules.
DifBet eagerly loaded and lazy loaded
modules?
+
Eager modules load at app startup; lazy modules load on demand.
DifBet FormControl, FormGroup, and
FormArray?
+
FormControl represents a single input; FormGroup groups
controls;
FormArray is a dynamic array of controls.
DifBet forwardRef and Injector in Angular?
+
forwardRef allows referencing classes before declaration;
Injector
provides DI manually.
DifBet HttpClientModule and HttpModule?
+
HttpModule is deprecated; HttpClientModule is modern and
supports typed
responses and interceptors.
DifBet map() and switchMap()?
+
map transforms values; switchMap cancels previous inner
observable and
switches to new observable.
DifBet NgFor and NgForOf?
+
NgFor is the structural directive; NgForOf is the underlying
implementation for iterables.
DifBet ngIf else and ngSwitch?
+
ngIf else conditionally renders templates; ngSwitch selects
among
multiple templates.
DifBet ngOnChanges and ngDoCheck?
+
ngOnChanges is triggered by input property changes; ngDoCheck is
called
on every change detection cycle.
DifBet ng-template and ng-container?
+
ng-template defines reusable template; ng-container is a logical
container that doesn't render in DOM.
DifBet NgZone and ChangeDetectorRef?
+
NgZone manages async operations and triggers change detection;
ChangeDetectorRef manually triggers change detection.
DifBet OnPush and Default change detection
strategy?
+
Default checks all components every cycle; OnPush checks only
when input
reference changes.
DifBet OnPush and Default change
detection?
+
OnPush runs only when inputs change; Default runs on every
change
detection cycle.
DifBet Promise and Observable in Angular?
+
Promise handles single async value; Observable handles multiple
values
over time with operators.
DifBet providedIn: 'root' and providedIn:
'any'?
+
'root' provides singleton service globally; 'any' provides
separate
instances for lazy-loaded modules.
DifBet providers and imports in NgModule?
+
Providers register services with DI; imports bring in other
modules.
DifBet pure and impure pipes?
+
Pure pipes are executed only when input changes; impure pipes
run on
every change detection cycle.
DifBet PurePipe and ImpurePipe?
+
PurePipe executes only when input changes; ImpurePipe executes
every
change detection.
DifBet Renderer and Renderer2?
+
Renderer2 is the updated, safer API for DOM manipulation in
Angular 4+.
DifBet Renderer2 and ElementRef?
+
Renderer2 provides safe DOM manipulation; ElementRef directly
accesses
native element (less safe).
DifBet resolvers and guards?
+
Resolvers fetch data before route activation; guards determine
access.
DifBet routerLink and href?
+
routerLink navigates without page reload using Angular router;
href
reloads the page.
DifBet static and dynamic components?
+
Static components are declared in template; dynamic components
are
created programmatically using ComponentFactoryResolver.
DifBet structural and attribute
directives?
+
Structural changes DOM layout; attribute changes element
behavior or
style.
DifBet Subject and EventEmitter?
+
EventEmitter extends Subject and is used for @Output in
components.
DifBet template-driven and reactive forms
in
terms of validation?
+
Template-driven uses directives and template validation;
Reactive uses
form controls and programmatic validation.
DifBet template-driven and reactive forms?
+
Template-driven forms are simple and rely on directives;
reactive forms
are more powerful, programmatically created, and use
FormBuilder.
DifBet templateRef and viewContainerRef?
+
TemplateRef represents embedded template; ViewContainerRef
represents
container to insert views.
DifBet ViewChild and ContentChild?
+
ViewChild references elements/components in template;
ContentChild
references projected content.
DifBet ViewEncapsulation.None, Emulated,
and
ShadowDom?
+
None: no encapsulation; Emulated: scoped styles; ShadowDom: uses
native
shadow DOM.
DifBet window.history and Angular Router?
+
window.history manipulates browser history; Angular Router
manages SPA
routes without full page reload.
DiffBet Angular and AngularJS
+
AngularJS (1.x) uses JavaScript and MVC., Angular (2+) uses
TypeScript,
components, and modules., Angular is faster, modular, and
supports Ivy
compiler.
DiffBet Angular and Backbone.js
+
Angular: MVVM, components, DI, two-way binding., Backbone.js:
Lightweight, MVC, manual DOM manipulation., Angular offers more
structured development and tooling.
DiffBet Angular and jQuery
+
Angular: Full SPA framework, two-way binding, MVVM., jQuery: DOM
manipulation library, no architecture.
DiffBet Angular expressions and JavaScript
expressions
+
Angular expressions are safe and auto-sanitized., Run within
Angular
context and cannot use loops or exceptions.
DiffBet AngularJS and Angular?
+
AngularJS is JavaScript-based and uses MVC architecture.,
Angular (2+)
is TypeScript-based, faster, modular, and uses components.,
Angular
supports mobile development and modern tooling., Angular has
better
performance, AOT compilation, and enhanced dependency injection.
DiffBet Annotation and Decorator
+
Annotation: Metadata in older frameworks., Decorator (Angular):
Adds
metadata and behavior to classes, properties, or methods.
DiffBet Component and Directive
+
Component: Has template + logic, renders UI., Directive: No
template,
modifies DOM behavior., Component is a type of directive with a
view.
DiffBet constructor and ngOnInit
+
constructor: Instantiates the class, used for dependency
injection.,
ngOnInit: Lifecycle hook, executes after inputs are
initialized., Use
ngOnInit for initialization logic instead of constructor.
DiffBet interpolated content and innerHTML
+
Interpolation ({{ }}) is automatically sanitized by Angular.,
innerHTML
can bypass sanitization if used with untrusted content.,
Interpolation
is safer for user-generated content.
DiffBet ngIf and hidden property
+
ngIf adds/removes element from DOM., [hidden] hides element but
keeps it
in DOM., Use ngIf for conditional rendering and hidden for
styling.
DiffBet NgModule and JavaScript module
+
NgModule defines Angular metadata (components, directives,
services).,
JavaScript module only exports/imports variables or classes.
DiffBet promise and observable
+
Promise: Handles single async value; executes immediately.,
Observable:
Can emit multiple values over time; lazy execution., Observable
supports
operators, cancellation, and chaining.
DiffBet pure and impure pipe
+
Pure Pipe: Executes only when input changes; optimized for
performance.,
Impure Pipe: Executes on every change detection; can handle
complex
scenarios., Impure pipes can cause performance overhead.
Differences between AngularJS and Angular
+
AngularJS: JS-based, uses MVC, two-way binding., Angular:
TypeScript-based, component-driven, improved performance.,
Angular has
better mobile support and modular architecture.
Differences between AngularJS and Angular
for DI
+
AngularJS uses function-based injection with $inject., Angular
uses
class-based injection with @Injectable() decorators., Angular DI
supports hierarchical injectors and tree-shakable services.
Differences between reactive and
template-driven forms
+
Reactive: Model-driven, synchronous, testable., Template-driven:
Template-driven, simpler, less scalable., Reactive supports
dynamic
controls; template-driven does not.
Differences between various versions of
Angular
+
AngularJS (1.x) is JavaScript-based and uses MVC., Angular 2+ is
TypeScript-based, component-driven, modular, and faster., Later
versions
added Ivy compiler, CLI improvements, RxJS updates, and stricter
type
checking., Each version focuses on performance, security, and
tooling
enhancements.
Different types of compilation in Angular
+
JIT (Just-in-Time): Compiles in the browser at runtime., AOT
(Ahead-of-Time): Compiles at build time.
Different ways to group form controls
+
FormGroup: Groups multiple controls logically., FormArray:
Groups
controls dynamically as an array., Nested FormGroups for
hierarchical
structures.
Digest cycle in AngularJS.
+
The digest cycle is the internal process where AngularJS checks
for
model changes and updates the view. It compares current and
previous
values in watchers and continues until all bindings stabilize.
It runs
automatically during events handled by Angular.
Directive in Angular?
+
Directive is a class that can modify DOM behavior or structure.
Directives in Angular
+
Directives are instructions for the DOM., Types: Attribute,
Structural
(*ngIf, *ngFor), and Custom directives., They modify the
behavior or
appearance of elements.
Directives in Angular?
+
Instructions to manipulate DOM., Types: Structural (*ngIf,
*ngFor) and
Attribute ([ngClass], [ngStyle]).
Directives?
+
Directives are instructions in templates to manipulate DOM.,
Types:
Structural (*ngIf, *ngFor) and Attribute ([ngClass])., They
modify
appearance, behavior, or layout of elements.
Do I need a Routing Module always?
+
Not strictly, but recommended for modularity., Helps separate
route
configuration from main app module., Improves maintainability
and
scalability.
Do I need to bootstrap custom elements?
+
No, Angular Elements are self-bootstrapped using
createCustomElement().
Do I still need entryComponents in Angular
9?
+
No, Ivy compiler handles dynamic and bootstrapped components
automatically.
Do you perform error handling?
+
Use RxJS catchError or pipe with tap:,
this.http.get('api').pipe(catchError(err => of([])));, Allows
graceful
fallback or logging.
Does Angular prevent HTTP-level
vulnerabilities?
+
Angular provides HttpClient with built-in CSRF/XSRF support.,
Prevents
common HTTP attacks if configured correctly., Additional
server-side
measures may still be required.
Does Angular support dynamic imports?
+
Yes, using import() syntax for lazy-loaded modules., Enables
code
splitting and reduces initial bundle size., Works seamlessly
with
Angular CLI and Webpack.
DOM sanitizer?
+
Service that cleans untrusted content before rendering., Used
for HTML,
styles, URLs, and resource URLs., Prevents script execution in
Angular
apps.
Dynamic components
+
Components created programmatically at runtime., Use
ComponentFactoryResolver or ViewContainerRef.createComponent(),
Useful
for modals, tabs, or runtime content.
Dynamic forms
+
Forms created programmatically at runtime., Useful when form
structure
is not known at compile-time., Built using FormBuilder or
reactive APIs.
Eager and Lazy loading?
+
Eager loading: Loads all modules at app startup., Lazy loading:
Loads
modules on demand, improving initial load time.
Editor support for Angular Language
Service
+
Supported in VS Code, WebStorm, Sublime, and Atom., Provides
autocompletion, quick info, error detection, and navigation in
templates.
Enable binding expression validation?
+
Enable it via "strictTemplates": true in
angularCompilerOptions., It
validates property and event bindings in templates., Prevents
runtime
template errors and improves type safety.
Entry component?
+
Component instantiated dynamically, not referenced in template.,
Used in
modals, dialogs, or dynamically created components.
EntryComponents array not necessary every
time?
+
Angular 9+ uses Ivy compiler, which automatically detects
required
components., No manual entryComponents needed for dynamic
components.
Event binding in Angular?
+
Event binding binds events from DOM elements to component
methods using
(event) syntax.
Exactly is a parameterized pipe?
+
A pipe that accepts arguments to modify output., Example: {{
birthday |
date:'shortDate' }} where 'shortDate' is a parameter.
Exactly is the router state?
+
Router state is the current configuration and URL state of the
Angular
router., Includes active routes, parameters, query parameters,
and route
data.
Example of built-in validators
+
name: new FormControl('', [Validators.required,
Validators.minLength(3)]), Applies required and minimum length
validation.
Example of few metadata errors
+
Using arrow functions in decorators., Dynamic expressions in
@Input()
default values., Referencing non-static properties in metadata.
Examples of NgModules
+
BrowserModule, FormsModule, HttpClientModule, RouterModule
Feature modules?
+
NgModules created for specific functionality of an app., Helps
in lazy
loading, code organization, and reusability.
Features included in Ivy preview
+
Tree-shakable components, Faster compilation, Improved type
checking in
templates, Better build size optimization
Features of Angular 7
+
CLI prompts, virtual scrolling, drag & drop., Improved
performance,
updated RxJS 6.3., Better accessibility and dependency updates.
Features provided by Angular Language
Service
+
Autocomplete for directives, components, and inputs, Error
checking in
templates, Quick info on variables and types, Navigation to
component
and template definitions
Find Angular CLI version
+
Run command: ng version or ng v in terminal., It shows Angular
CLI,
framework, and Node versions.
Folding?
+
Folding is the process of resolving expressions at compile
time., Helps
AOT replace constants and simplify templates.
forRoot helps avoid duplicate router
instances
+
forRoot() ensures singleton services in shared modules.,
Lazy-loaded
modules can use forChild() without duplicating router.
Four phases of template translation
+
1. Extraction - extract translatable strings., 2. Translation -
provide
translated text., 3. Merging - merge translations with
templates., 4.
Rendering - compile translated templates.
Generate a class in Angular 7 using CLI
+
Command: ng generate class my-class, Creates a TypeScript class
file in
project structure.
Get current direction for locales
+
Use Directionality service: dir.value returns 'ltr' or 'rtl'.,
Useful
for layout adjustments in RTL languages.
Get the current route?
+
Use Angular ActivatedRoute or Router service., Example:
this.route.snapshot.url or this.router.url., It provides access
to route
parameters, query params, and path info.
Give an example of attribute directives
+
Attribute directives change the appearance or behavior of DOM
elements.,
Example:,
Give an example of custom pipe
+
A custom pipe transforms data in templates., Example:,
@Pipe({name:
'reverse'}), export class ReversePipe implements PipeTransform
{,
transform(value: string) { return
value.split('').reverse().join(''); },
}, Usage: {{ 'Angular' | reverse }} → ralugnA.
Guard in Angular?
+
Guard is a service to control access to routes, e.g.,
CanActivate,
CanDeactivate.
Happens if custom id is not unique
+
Angular may overwrite translations or throw errors., Unique IDs
prevent
conflicts and ensure correct mapping.
Happens if I import the same module twice?
+
Angular does not create duplicate services if a module is
imported
multiple times., Components and directives are available where
declared., Providers are instantiated only once at root level.
Happens if you do not supply handler for
the
observer
+
No callback is executed; observable executes but subscriber
ignores
emitted values., No error or complete handling occurs.
Happens if you use script tag inside
template?
+
Angular does not execute script tags in templates for security.,
Scripts
are ignored to prevent XSS attacks., Use services or component
logic
instead.
Happens if you use the script tag within a
template?
+
Scripts in Angular templates do not execute for security reasons
(DOM
sanitization)., Use external scripts or component logic instead.
HTTP interceptors?
+
HTTP interceptors are used to intercept HTTP requests and
responses.,
They can modify headers, add tokens, or handle errors globally.,
Registered in Angular’s dependency injection system., Useful for
logging, caching, and authentication.
Http Interceptors?
+
Classes that intercept HTTP requests and responses globally.,
Can modify
headers, log activity, or handle errors., Implemented via
HTTP_INTERCEPTORS token.
HttpClient and its benefits?
+
HttpClient is Angular’s service for HTTP communication.,
Supports typed
responses, interceptors, and observables., Simplifies REST API
calls
with automatic JSON parsing.
HttpInterceptor in Angular?
+
Interceptor is a service to modify HTTP requests or responses
globally.
Hydration?
+
Hydration converts server-rendered HTML into a fully interactive
client
app., Used in Angular Universal for SSR (Server-Side Rendering).
If BrowserModule used in feature module?
+
Error occurs: BrowserModule should only be imported in
AppModule.,
Feature modules should use CommonModule instead.
Imported modules in CLI-generated feature
modules
+
CommonModule for common directives., FormsModule if forms are
used.,
RouterModule for routing inside the feature module.
Impure Pipes
+
Impure pipes may return different output even if input is same.,
Executed on every change detection cycle., Useful for dynamic or
async
data transformations.
Include SASS into an Angular project?
+
Install node-sass or use Angular CLI:, ng config
schematics.@schematics/angular:component.style scss, Rename .css
files
to .scss., Angular compiles SASS into CSS automatically.
Index property in ngFor directive
+
let i = index gives the current iteration index., Can be used
for
numbering items or conditionally styling elements.
Inject dynamic script in Angular?
+
Use Renderer2 or document.createElement('script') in a
component., Set
src and append it to document.body., Ensure scripts are loaded
after
component initialization.
Install Angular Language Service in a
project?
+
Use NPM: npm install @angular/language-service --save-dev.,
Also, enable
it in your IDE (VS Code, WebStorm) for Angular templates.
Interpolation in Angular?
+
Interpolation allows embedding expressions in HTML using {{
expression
}} syntax.
Interpolation?
+
Interpolation binds component data to HTML view using {{ }}.,
Example:
Invoke a builder?
+
In Angular, a builder is invoked via angular.json or the CLI.,
Use
commands like ng build or ng run :., Builders handle tasks like
building, serving, or testing projects., They are customizable
via
options in the angular.json configuration.
Is aliasing possible for inputs and
outputs?
+
Yes, using @Input('aliasName') or @Output('aliasName')., Allows
different property names externally vs internally.
Is bootstrapped component required to be
entry component?
+
Yes, it must be included in entryComponents in Angular versions
<9., In Angular 9+ (Ivy), entryComponents array is no longer
needed.
Is it mandatory to use @Injectable on
every service?
+
Only required if the service has dependencies injected.,
Recommended
for consistency and AOT compatibility.
Is it safe to use direct DOM API
methods?
+
No, direct DOM manipulation may bypass Angular security., It
can
introduce XSS risks., Prefer Angular templates, bindings, or
Renderer2.
Is static flag mandatory for
ViewChild?
+
static: true/false required when accessing child elements in
ngOnInit vs ngAfterViewInit., true for early access, false
for later
lifecycle access.
It helps determine what component
should
be displayed.
+
Router links?, Router links ([routerLink]) are Angular
directives to
navigate between routes., Example: Home.
JIT?
+
JIT compiles Angular templates in the browser at runtime.,
Faster
builds but slower app startup., Used mainly during
development.
Key components of Angular
+
Component: UI + logic, Directive: Behavior or DOM
manipulation,
Module: Organizes components, Service: Shared logic/data,
Pipe: Data
transformation, Routing: Navigation between views
Lazy loading in Angular?
+
Lazy loading loads modules only when needed, improving
performance.
Lazy loading?
+
Lazy loading loads modules only when needed., Reduces
initial load
time and improves performance., Configured in the routing
module
using loadChildren.
Lifecycle hooks available
+
Common hooks:, ngOnInit - after component initialization,
ngOnChanges - on input property change, ngDoCheck - custom
change
detection, ngOnDestroy - cleanup before component removal
lifecycle hooks in Angular?
+
Lifecycle hooks are methods called at specific points in a
component's life, e.g., ngOnInit, ngOnDestroy.
Lifecycle hooks in Angular? Examples?
+
Lifecycle hooks allow execution of logic at specific
component
stages. Common hooks include:, · ngOnInit() -
initialization, ·
ngOnChanges() - when input properties change, ·
ngOnDestroy() -
cleanup before removal, · ngAfterViewInit() - when view
loads
Lifecycle hooks of a zone
+
onStable: triggered when zone has no pending tasks.,
onUnstable:
triggered when async tasks start., onMicrotaskEmpty: after
microtasks complete.
lifecycle hooks? Explain a few.
+
Lifecycle hooks are methods called at specific component
stages.,
Examples:, ngOnInit: Initialization, ngOnChanges: Detect
input
changes, ngOnDestroy: Cleanup before destruction, They help
manage
component behavior.
Limitations with web workers
+
Cannot access DOM directly, Limited access to window or
document
objects, Cannot use Angular services directly, Communication
is via
messages only
List of template expression operators
+
+ - * / %, comparison (<>
<=>= == !=), logical (&& || !), ternary (? :), nullish
(?.)
operators.
List pluralization categories
+
Angular supports: zero, one, two, few, many, other., Used in
ICU
plural expressions.
Macros?
+
Macros are predefined expressions or reusable snippets in
Angular
compilation., Used to simplify repeated patterns in metadata
or
templates.
Manually bootstrap an application
+
Use platformBrowserDynamic().bootstrapModule(AppModule) in
main.ts.,
Starts Angular without relying on automatic bootstrapping.
Manually register locale data
+
Import locale from @angular/common and register:, import {
registerLocaleData } from '@angular/common';, import
localeFr from
'@angular/common/locales/fr';, registerLocaleData(localeFr);
Mapping rules between Angular
component
and custom element
+
Component inputs → element attributes/properties, Component
outputs
→ DOM events, Lifecycle hooks are preserved automatically
Metadata rewriting?
+
Metadata rewriting updates compiled metadata JSON files for
AOT.,
Allows Angular to optimize templates and components at build
time.
Metadata?
+
Metadata provides additional info about classes to Angular.,
Used
via decorators like @Component and @NgModule., Tells Angular
how to
process a class.
Method decorators?
+
Decorators applied to methods to modify or enhance
behavior.,
Example: @HostListener listens to events on host elements.
Methods of NgZone to control change
detection
+
run(): execute inside Angular zone (triggers detection).,
runOutsideAngular(): execute outside detection., onStable,
onUnstable for subscriptions.
Module in Angular?
+
Modules group components, directives, pipes, and services
into
cohesive blocks of functionality.
Module?
+
Module (NgModule) organizes components, directives, and
services.,
Every Angular app has a root module (AppModule)., Modules
help in
lazy loading and modular development.
Multicasting?
+
Multicasting allows sharing a single observable execution
among
multiple subscribers., Achieved using Subject or share()
operator.,
Reduces unnecessary API calls or processing.
MVVM Architecture
+
Model-View-ViewModel separates UI, logic, and data., Model:
Data and
business logic., View: User interface., ViewModel: Mediator
between
view and model, handles commands and data binding., Promotes
testability and clean separation of concerns.
Navigating between routes in Angular
+
Use RouterLink or Router service:, Home, Or
programmatically:
this.router.navigate(['/home']);
NgAfterContentInit in Angular?
+
ngAfterContentInit is called after content projected into
component
is initialized.
NgAfterViewInit in Angular?
+
ngAfterViewInit is called after component's view and child
views are
initialized.
Ngcc
+
Angular Compatibility Compiler converts node_modules
packages
compiled with View Engine to Ivy., Ensures libraries are
compatible
with Angular Ivy compiler.
Ng-content and its purpose?
+
is a placeholder in a component template., Used for content
projection, letting parent content be rendered in child
components.
NgModule in Angular?
+
NgModule is a decorator that defines a module and its
metadata, like
declarations, imports, providers, and bootstrap.
NgOnDestroy in Angular?
+
ngOnDestroy is called just before component destruction to
clean up
resources.
NgOnInit in Angular?
+
ngOnInit is called once after component initialization.
NgOnInit?
+
ngOnInit is a lifecycle hook called after Angular
initializes a
component., Used to perform component initialization and
fetch
data., Runs once per component instantiation.
NgRx?
+
NgRx is a state management library for Angular., Based on
Redux
pattern, uses actions, reducers, and store., Helps manage
complex
application state predictably.
NgUpgrade?
+
NgUpgrade allows hybrid apps running AngularJS and Angular
together., Facilitates incremental migration from AngularJS
to
Angular., Supports components, services, and routing
interoperability.
NgZone
+
NgZone is a service that manages Angular’s change detection
context., It runs code inside or outside Angular zone to
control
updates efficiently.
Non-null type assertion operator?
+
The ! operator asserts that a value is not null or
undefined.,
Example: value!.length tells TypeScript the variable is
safe., Used
to prevent compiler errors when you know the value exists.
NoopZone
+
A no-operation zone that disables automatic change
detection.,
Useful for performance optimization in large apps.
Observable creation functions
+
of() - emits given values, from() - converts array, promise
to
observable, interval() - emits sequence periodically,
fromEvent() -
listens to DOM events
Observable in Angular?
+
Observable represents a stream of asynchronous data that can
be
subscribed to.
Observable?
+
Observable is a stream of data over time., It can emit next,
error,
and complete notifications., Used for HTTP, events, and
async tasks.
Observables different from promises?
+
Observables can emit multiple values over time, promises
only one.,
Observables are lazy and cancellable., Promises are eager
and
simpler., Observables support operators for transformation
and
filtering.
Observables vs Promises
+
Observables: Multiple values over time, cancellable, lazy
evaluation., Promises: Single value, eager, not
cancellable.,
Observables are used with RxJS in Angular.
observables?
+
Observables are data streams that emit values over time.,
They allow
asynchronous operations like HTTP requests or events.,
Provided by
RxJS in Angular.
Observer?
+
An observer is an object that listens to an observable., It
has
methods: next, error, and complete., Example: { next: x =>
console.log(x), error: e => console.log(e) }.
Operators in RxJS?
+
Operators are functions to transform, filter, or combine
Observables, e.g., map, filter, mergeMap.
Optimize performance of async
validators
+
Use debounceTime to reduce API calls., Use
distinctUntilChanged for
unique inputs., Avoid heavy computation inside validator
function.
Option to choose between inline and
external template file
+
In @Component decorator:, template - inline HTML,
templateUrl -
external HTML file, Choice depends on component size and
readability., *21. Purpose of ngFor directive, *ngFor is
used to
loop over a collection and render elements., Syntax:
*ngFor="let
item of items"., Useful for dynamic lists and tables., *22.
Purpose
of ngIf directive, *ngIf conditionally renders elements
based on
boolean expression., Removes or adds elements from the DOM.,
Helps
control UI dynamically.
Optional dependency
+
A dependency that may or may not be provided., Use
@Optional()
decorator in constructor injection.
Parameterized pipe?
+
Pipes that accept arguments to modify output., Example: {{
amount |
currency:'USD':true }}, Allows flexible data formatting in
templates.
Parent to Child data sharing example
+
Parent Component:, , Child Component:, @Input() childData:
string;,
This passes parentData from parent to child.
Pass headers for HTTP client?
+
Use HttpHeaders in Angular’s HttpClient., Example:,
this.http.get(url, { headers: new
HttpHeaders({'Auth':'token'}) }),
Allows sending authentication, content-type, or custom
headers.
Perform error handling in observables?
+
Use catchError operator inside .pipe()., Example:
observable.pipe(catchError(err => of(defaultValue))), Can
also use
retry() to retry failed requests.
Pipe in Angular?
+
Pipe transforms data in templates, e.g., date, currency,
custom
pipes.
Pipes in Angular?
+
Pipes transform data before displaying in a template.,
Example: {{
name | uppercase }} converts text to uppercase., Can be
built-in or
custom.
Pipes?
+
Pipes transform data in the template without changing the
component., Example: {{date | date:'short'}}, Angular has
built-in
pipes like DatePipe, UpperCasePipe, CurrencyPipe.
PipeTransform Interface
+
Interface that custom pipes must implement., Defines the
transform()
method for input-to-output transformation., Enables reusable
data
formatting.
platform in Angular?
+
Platform provides runtime context for Angular applications.,
Examples: platformBrowser(), platformServer()., It
bootstraps the
Angular application on the respective environment.
Possible data update scenarios for
change detection
+
Model updates via property binding, User input in forms,
Async
operations like HTTP requests, timers, Manual triggering
using
ChangeDetectorRef
Possible errors with declarations
+
Declaring a component twice in different modules, Declaring
non-component classes, Missing component import in module
Precedence between pipe and ternary
operators
+
Ternary operators have higher precedence., Pipe (|) executes
after
ternary expression evaluates.
Prevent automatic sanitization
+
Use Angular DomSanitizer to mark content as trusted:,
bypassSecurityTrustHtml, bypassSecurityTrustUrl, etc., Use
carefully
to avoid XSS vulnerabilities.
Prioritize TypeScript over JavaScript
in
Angular?
+
TypeScript provides strong typing, classes, interfaces, and
compile-time checks., Improves developer productivity and
maintainability.
Property binding in Angular?
+
Property binding binds component properties to HTML element
properties using [property] syntax.
Property decorators?
+
Decorators that enhance class properties with Angular
features.,
Example: @Input() for parent-to-child binding, @Output() for
event
emission.
Protractor?
+
Protractor is an end-to-end testing framework for Angular
apps., It
runs tests in real browsers and integrates with Selenium.,
It
understands Angular-specific elements like ng-model and
ng-repeat.
Provide a singleton service
+
Use @Injectable({ providedIn: 'root' })., Angular injects
one
instance app-wide., Do not redeclare in feature modules to
avoid
duplicates.
Provide build configuration for
multiple
locales
+
Use angular.json configurations:, "locales": { "fr":
"src/locale/messages.fr.xlf" }, Build with: ng build
--localize.
Provide configuration inheritance?
+
Angular modules can extend or import other modules., Child
modules
inherit providers, declarations, and configurations from
parent
modules., Helps maintain shared settings across the app.
Provider?
+
A provider tells Angular how to create a service., It
defines the
dependency injection configuration., Declared in modules,
components, or services.
Pure Pipes
+
Pure pipes return same output for same input., Executed only
when
input changes., Used for performance optimization.
Purpose of tag
+
Specifies the base path for relative URLs in an Angular
app., Helps
router resolve paths correctly., Placed in the section of
index.html., Example: .
Purpose of animate function
+
animate() specifies duration, timing, and styles for
transitions.,
It animates the element from one style to another., Used
inside
transition() to control animation flow.
Purpose of any type cast function?
+
The any type allows bypassing TypeScript type checking., It
is used
to temporarily cast a variable when type is unknown., Useful
during
migration or working with dynamic data.
Purpose of async pipe
+
async pipe automatically subscribes to Observable or
Promise., It
updates the template with emitted values., Handles
subscription and
unsubscription automatically.
Purpose of CommonModule?
+
CommonModule provides common directives like ngIf and
ngFor., It is
imported in feature modules to use standard Angular
directives.,
Helps avoid reimplementing basic functionality.
Purpose of custom id
+
Assigns a unique identifier to a translatable string., Helps
maintain consistent translations across builds.
Purpose of differential loading in CLI
+
Generates two bundles: modern ES2015+ for new browsers, ES5
for old
browsers., Reduces payload for modern browsers., Improves
performance and load time.
Purpose of FormBuilder
+
Simplifies creation of FormGroup, FormControl, and
FormArray.,
Reduces boilerplate code for reactive forms.
Purpose of hidden property
+
[hidden] toggles visibility of an element using CSS display:
none.,
Unlike ngIf, it does not remove the element from the DOM.
Purpose of i18n attribute
+
Marks an element or text for translation., Angular extracts
these
for generating translation files.
Purpose of innerHTML
+
innerHTML sets or gets the HTML content of an element., Used
for
dynamic HTML rendering in the DOM.
Purpose of metadata JSON files
+
Store compiled metadata about components, directives, and
modules.,
Used by AOT compiler for dependency injection and code
generation.
Purpose of ngFor trackBy
+
trackBy improves performance by tracking items using unique
identifier., Prevents unnecessary DOM re-rendering when
lists
change.
Purpose of ngSwitch directive
+
ngSwitch conditionally displays elements based on expression
value.,
ngSwitchCase and ngSwitchDefault define cases and default
view.
Purpose of Wildcard route
+
Wildcard route (**) catches all undefined routes., Typically
used
for 404 pages., Example: { path: '**', component:
PageNotFoundComponent }.
Reactive forms
+
Form model is defined in component class using FormControl,
FormGroup., Provides predictable, programmatic control and
validators.
Reason for No provider for HTTP
exception
+
Occurs when HttpClientModule is not imported in AppModule.,
Add
HttpClientModule to imports to resolve dependency injection
errors.
Reason to deprecate Web Tracing
Framework
+
It was browser-dependent and complex., Angular adopted
modern
debugging tools and console-based tracing., Simplifies
performance
monitoring and reduces maintenance.
Reason to deprecate web worker
packages
+
Native Web Worker APIs became standardized., Angular moved
to
simpler, built-in worker support., External packages were
redundant
and increased bundle size.
Recommendation for provider scope
+
Provide services in root for singleton usage., Avoid
multiple
registrations in lazy-loaded modules unless necessary., Use
feature
module providers for module-scoped instances.
ReplaySubject in Angular?
+
ReplaySubject emits a specified number of previous values to
new
subscribers.
Report missing translations
+
Angular logs missing translations in console during
compilation.,
Use tools or custom loaders to handle untranslated keys.
Reset the form
+
Use form.reset() to reset values and validation state.,
Optionally,
pass default values: form.reset({ name: 'John' }).
Restrict provider scope to a module
+
Declare the provider in the providers array of the module.,
Avoid
providedIn: 'root' in @Injectable()., This creates a
module-specific
instance.
Restrictions of metadata
+
Cannot use dynamic expressions in decorators., Arrow
functions or
complex expressions are not allowed., Only static,
serializable
values are permitted.
Restrictions on declarable classes
+
Declarables cannot be services or modules., They must be
declared in
exactly one NgModule., Cannot be imported multiple times
across
modules.
Role of ngModule metadata in
compilation
process
+
Defines components, directives, pipes, and services., Helps
compiler
resolve dependencies and build module graph.
Role of template compiler for XSS
prevention
+
The compiler escapes unsafe content during template
rendering.,
Ensures dynamic content does not execute scripts., Acts as a
first-line defense against XSS.
Root module in Angular?
+
The AppModule is the root module bootstrapped to launch the
application.
Route Parameters?
+
Data passed through URLs to routes., Path parameters:
/user/:id,
Query parameters: /user?id=1, Fragment: #section1, Matrix
parameters: /user;id=1
Routed entry component?
+
Component loaded via router dynamically, not referenced in
template., Needs to be known to Angular compiler to generate
factory.
Router events?
+
Router events are lifecycle events during navigation.,
Examples:
NavigationStart, RoutesRecognized, NavigationEnd,
NavigationError.,
You can subscribe to Router.events for tracking navigation.
Router imports?
+
To use routing, import:, RouterModule, Routes from
@angular/router,
Then configure routes using RouterModule.forRoot(routes) or
forChild(routes).
Router links?
+
[routerLink] is used for navigation without page reload.,
Example:
Home, It generates URLs based on route configuration.
Router outlet?
+
is a placeholder where routed components are displayed., The
router
dynamically injects the matched component here., Only one
per view
or multiple for nested routes.
Router state?
+
Router state represents the current tree of activated
routes.,
Provides access to route parameters, query parameters, and
data.,
Useful for inspecting the current route in the app.
Router state?
+
Router state represents current route information., Contains
URL,
params, queryParams, and component data., Accessible via
Router or
ActivatedRoute service.
RouterModule in Angular?
+
RouterModule provides services and directives for
configuring
routing.
Routing in Angular?
+
Routing enables navigation between different views in a
single-page
application.
Rule in Schematics?
+
A rule defines transformations on a project tree., It
decides how
files are created, modified, or deleted., Rules are building
blocks
of schematics.
Run Bazel directly?
+
Use Bazel CLI commands: bazel build //src:app or bazel test
//src:app., It executes targets defined in BUILD files.,
Helps in
running incremental builds independently of Angular CLI.
RxJS in Angular?
+
RxJS is a reactive programming library for handling
asynchronous
data streams using Observables.
RxJS in Angular?
+
RxJS is a library for reactive programming., Used with
observables
to handle async data, events, and streams., Provides
operators like
map, filter, and debounceTime.
RxJS Subject in Angular?
+
Subject is an observable that multicasts values to multiple
observers., It can act as both an observer and observable.,
Used for
communication between components or services.
RxJS?
+
RxJS (Reactive Extensions for JavaScript) is a library for
reactive
programming., Provides observables, operators, and
subjects., Used
for async tasks and event handling in Angular.
safe navigation operator?
+
?. operator prevents null or undefined errors in templates.,
Example: user?.name returns undefined if user is null.
Sanitization? Does Angular support it?
+
Sanitization cleans untrusted input to prevent code
injection.,
Angular provides built-in DomSanitizer for HTML, styles,
URLs, and
scripts.
Schematic?
+
Schematics are code generators for Angular projects., They
automate
creation of components, services, modules, or custom
templates.,
Used with Angular CLI.
Schematics CLI?
+
Command-line tool to run, test, and create schematics.,
Example:
schematics blank --name=my-schematic., Helps automate
repetitive
tasks in Angular projects.
Scope hierarchy in Angular
+
Angular components have isolated scopes with hierarchical
injectors., Child components inherit parent services via DI.
Scope in Angular
+
Scope is the binding context between controller and view.,
Used in
AngularJS; replaced by Component class properties in
Angular.
Security principles in Angular
+
Follow XSS prevention, CSRF protection, input validation,
and
sanitization., Avoid direct DOM manipulation and unsafe URL
usage.,
Use Angular built-in sanitizers and HttpClient.
Select an element in component
template?
+
Use template reference variables or @ViewChild() decorator.,
Example: @ViewChild('myDiv') myDivElement: ElementRef;.,
This allows
accessing DOM elements or child components from the
component class.
Select an element within a component
template?
+
Use @ViewChild() or @ViewChildren() decorators., Example:
@ViewChild('myDiv') div: ElementRef;, Allows access to DOM
elements
or child components in TS code.
select ICU expression
+
Used for conditional translations based on variable values.,
Example: gender-based messages: {gender, select, male {...}
female
{...} other {...}}
Server-side XSS protection in Angular
+
Validate and sanitize inputs before sending to client., Use
CSP
headers, HTTPS, and server-side escaping., Combine with
Angular
client-side protections.
Service in Angular?
+
Service is a class that provides shared functionality across
components.
Service Worker and its role in
Angular?
+
Service Worker is a background script that intercepts
network
requests., It enables offline caching, push notifications,
and
performance improvements., Angular supports Service Worker
via
@angular/pwa package.
Service?
+
Service is a class that holds business logic or shared
data.,
Injected into components using Dependency Injection.,
Promotes code
reusability across components.
Services in Angular?
+
Reusable classes that hold business logic or shared data.,
Injected
into components via DI., Helps separate UI and logic.
Set ngFor and ngIf on same element
+
Use :,
Share data between components in
Angular?
+
Parent-to-child: @Input(), Child-to-parent: @Output() with
EventEmitter, Service with BehaviorSubject or Subject for
unrelated
components
Share services using modules?
+
Yes, but use Core module or providedIn: 'root'., Avoid
providing in
Shared module to prevent multiple instances.
Shared module
+
A module containing reusable components, directives, pipes,
and
services., Imported by other modules to reduce code
duplication.,
Typically does not provide singleton services.
Shorthand notation for subscribe
method
+
Instead of an observer object, use separate callbacks:,
observable.subscribe(val => console.log(val), err =>
console.log(err), () => console.log('complete'));
Single Page Applications (SPA)
+
SPA loads one HTML page and dynamically updates content.,
Routing is
handled on the client side., Improves speed and reduces
server load.
Slice pipe?
+
Slice pipe extracts a subset of array or string., Example:
{{ items
| slice:0:3 }} shows first 3 items., Useful for pagination
or
previews.
Some features of Angular
+
Component-based architecture., Two-way data binding and
dependency
injection., Directives, services, and RxJS support.,
Powerful CLI
for project scaffolding.
SPA? (Single Page Application)
+
A SPA loads a single HTML page and dynamically updates
content using
JavaScript without full page reloads. Unlike traditional
websites
where each action loads a new page, SPAs improve speed, user
experience, and reduce server load.
Special configuration for Angular 9?
+
Angular 9 uses Ivy compiler by default., No additional
configuration
is needed for most apps.
Specify Angular template compiler
options?
+
Template compiler options are specified in tsconfig.json or
angular.json., You can enable strict type checking, full
template
type checking, and other options., Example:
"angularCompilerOptions": { "strictTemplates": true }., It
helps
catch template errors at compile time.
Standalone component?
+
A component that does not require a module., Can be used
independently with its own imports, providers, and
declarations.
State CSS classes provided by ngModel
+
ng-valid, ng-invalid, ng-dirty, ng-pristine, ng-touched,
ng-untouched, Helps style form validation states.
State function?
+
state() defines a named state for an animation., It
specifies styles
associated with that state., Used in combination with
transition()
to animate between states.
Steps to use animation module
+
1. Install @angular/animations., 2. Import
BrowserAnimationsModule
in the root module., 3. Use trigger, state, style, animate,
and
transition in components., 4. Bind animations to templates
using [
@triggerName ].
Steps to use declaration elements
+
1. Declare component, directive, or pipe in NgModule., 2.
Export if
needed for other modules., 3. Import module in consuming
module., 4.
Use element in template.
string interpolation and property
binding.
+
String interpolation: {{ value }} inserts data into
templates.,
Property binding: [property]="value" binds data to element
properties., Both keep view and data synchronized.
String interpolation in Angular?
+
Binding data from component to template using {{ value }}.,
Automatically updates the DOM when the component value
changes.
Style function?
+
style() defines CSS styles to apply in a particular state or
keyframe., Used inside state(), transition(), or animate().,
Example: style({ opacity: 0, transform: 'translateX(-100%)'
}).
Subject in Angular?
+
Subject is an Observable that allows multicasting to
multiple
subscribers.
Subscribing?
+
Subscribing is listening to an observable., Example:
.subscribe(data
=> console.log(data));, Triggers execution and receives
emitted
values.
Template expressions?
+
Template expressions are evaluated inside interpolation or
binding.,
Can include properties, methods, operators., Cannot contain
statements like loops or conditionals.
Template statements?
+
Template statements handle events like (click) or (change).,
Invoke
component methods in response to user actions., Example:
Click
Template?
+
Template is the HTML view of a component., It defines
structure,
layout, and binds data using Angular syntax., Can include
directives, bindings, and pipes.
Template-driven forms
+
Forms defined directly in HTML template using ngModel., Less
control
but simpler for small forms.
Templates in Angular
+
Templates define the HTML view of a component., They can
contain
Angular directives, bindings, and expressions., Templates
are
combined with component logic to render the UI.
Templates in Angular?
+
HTML with Angular directives, bindings, and components.,
Defines the
view for a component.
Test Angular application using CLI?
+
Use ng test to run unit tests with Karma and Jasmine., Use
ng e2e
for end-to-end testing with Protractor or Cypress., CLI
manages
configurations and test runner setup automatically.
TestBed?
+
TestBed is Angular’s unit testing utility for configuring
and
initializing environment., It allows creating components,
services,
and modules in isolation., Used with Karma or Jasmine to run
tests.
Three phases of AOT
+
1. Metadata analysis: Parse decorators and template
metadata., 2.
Template compilation: Convert templates to TypeScript code.,
3. Code
generation: Emit optimized JavaScript for the browser.
Transfer components to custom elements
+
Use createCustomElement(Component, { injector }), Register
via
customElements.define('tag-name', element).
Transition function?
+
transition() defines how animations move between states., It
specifies conditions, duration, and easing for the
animation.,
Example: transition('open => closed', animate('300ms
ease-in')).
Translate an attribute
+
Add i18n-attribute to mark element attributes: Welcome,
Translate text without creating an
element
+
Use i18n attribute on existing elements or directives.,
Angular
supports inline translations for text content.
Transpiling in Angular?
+
Transpiling converts TypeScript or modern JavaScript into
plain
JavaScript., This ensures compatibility with browsers.,
Angular uses
the TypeScript compiler (tsc) for this process., It helps
leverage
ES6+ features safely in older browsers.
Trigger an animation
+
Use Angular Animation API: trigger, state, transition,
animate.,
Call animation in template with [@animationName]., Can also
trigger
via component methods.
Two-way binding in Angular?
+
Two-way binding synchronizes data between component and
template
using [(ngModel)].
Two-way data binding
+
Updates component model when view changes and vice versa.,
Implemented using [(ngModel)]., Simplifies form handling.
Type narrowing?
+
Type narrowing is the process of refining a variable’s
type.,
TypeScript uses control flow analysis like if, typeof, or
instanceof., Example: if (typeof x === "string") {
x.toUpperCase();
}
Types of data binding in Angular?
+
Interpolation, Property Binding, Event Binding, Two-way
Binding
([(ngModel)]).
Types of directives in Angular?
+
Components, Structural Directives (e.g., *ngIf, *ngFor), and
Attribute Directives (e.g., ngClass, ngStyle).
Types of feature modules
+
Eager-loaded modules: Loaded at app startup., Lazy-loaded
modules:
Loaded on demand via routing., Shared modules: Contain
reusable
components, directives, pipes., Core module: Provides
singleton
services.
Types of filters in AngularJS.
+
Filters format data displayed in the UI. Common filters
include:, ✓
currency (formats currency), ✓ date (formats date), ✓ filter
(filters arrays), ✓ uppercase/lowercase, ✓ orderBy (sorts
collections),
Types of injector hierarchies
+
Root injector, Module-level injector, Component-level
injector,
Child injectors inherit from parent injector.
Types of validator functions
+
Synchronous validators (Validators.required,
Validators.minLength),
Asynchronous validators (HTTP-based or custom async checks)
Type-safe TestBed API changes in
Angular
9
+
TestBed APIs now return strongly typed component and fixture
instances., Improves type checking in unit tests.
TypeScript class with constructor and
function
+
class Person {, constructor(public name: string) {}, greet()
{
console.log(`Hello ${this.name}`); }, }, let p = new
Person("John");, p.greet();
TypeScript?
+
TypeScript is a superset of JavaScript that adds static
typing., It
compiles down to plain JavaScript for browser
compatibility.,
Provides features like classes, interfaces, and type
checking., Used
extensively in Angular for better maintainability and
scalability.
Update specific properties of a form
model
+
Use patchValue() for partial updates., setValue() requires
all
properties to be updated., Example: form.patchValue({ name:
'John'
}).
Upgrade Angular version?
+
Use ng update @angular/core @angular/cli., Follow migration
guides
for breaking changes., CLI updates dependencies, TypeScript,
and
configuration automatically.
Upgrade location service of AngularJS?
+
Migrate $location service to Angular’s Router module.,
Update code
to use Router.navigate() or ActivatedRoute., Ensures smooth
URL and
state management in Angular.
Use any JavaScript feature in
expression
syntax for AOT?
+
No, only static and serializable expressions are allowed.,
Dynamic
or runtime JavaScript features are rejected.
Use AOT compilation with Ivy?
+
Yes, Ivy fully supports AOT (Ahead-of-Time) compilation., It
improves startup performance and catches template errors at
compile
time.
Use arrow functions in AOT?
+
No, arrow functions are not allowed in decorators or
metadata., AOT
requires static, serializable expressions.
Use Bazel with Angular CLI?
+
Install Bazel schematics: ng add @angular/bazel., Build or
test
projects using Bazel commands: ng build --bazel., It
replaces
default Webpack builder for performance optimization.
Use HttpClient with an example
+
Inject HttpClient in a service:, this.http.get
('api/users').subscribe(data => console.log(data));, Use
.get,
.post, .put, .delete for REST calls., Returns observable
streams.
Use interceptor for entire application
+
Provide it in AppModule providers:, providers: [{ provide:
HTTP_INTERCEPTORS, useClass: MyInterceptor, multi: true }],
Ensures
all HTTP requests pass through it.
Use jQuery in Angular?
+
Install jQuery via npm: npm install jquery., Import it in
angular.json scripts or component: import * as $ from
'jquery';.,
Use carefully; prefer Angular templates over direct DOM
manipulation.
Use polyfills in Angular application?
+
Modify polyfills.ts file to enable browser compatibility.,
Includes
support for older browsers (IE, Edge)., Polyfills ensure
Angular
features work across different platforms.
Use SASS in Angular project?
+
Set --style=scss when creating project: ng new app
--style=scss., Or
change file extensions to .scss and configure angular.json.,
Angular
CLI automatically compiles SASS to CSS.
Utility functions provided by RxJS
+
Functions like of, from, interval, timer, throwError, and
fromEvent., Used to create or manipulate observables.
Various kinds of directives
+
Structural: *ngIf, *ngFor - modify DOM structure, Attribute:
[ngStyle], [ngClass] - change element behavior/appearance,
Custom
directives: User-defined behaviors
Various security contexts in Angular
+
HTML (content in templates), Style (CSS binding), Script
(JavaScript
context), URL (resource links), Resource URL (external
resources)
Verify model changes in forms
+
Subscribe to valueChanges or statusChanges on form or
controls.,
Example: form.valueChanges.subscribe(val =>
console.log(val)).
view encapsulation in Angular?
+
Controls CSS scope in components., Types: Emulated
(default), None,
Shadow DOM., Prevents styles from leaking or being
overridden.
ViewEncapsulation? Types?
+
ViewEncapsulation controls styling scope in Angular
components., It
has three modes:, · Emulated (default, scoped styles), ·
None
(global styles), · ShadowDom (real Shadow DOM isolation)
Ways to control AOT compilation
+
Enable/disable in angular.json using "aot": true/false., Use
CLI
commands: ng build --aot., Manage template metadata and
decorators
carefully.
Ways to remove duplicate service
registration
+
Provide service only in root., Avoid lazy-loaded module
providers
for shared services., Use forRoot pattern for modules with
services.
Ways to trigger change detection in
Angular
+
User events (click, input) automatically trigger detection.,
ChangeDetectorRef.detectChanges() manually triggers
detection.,
NgZone.run() executes code inside Angular zone., Async
operations
via Observables or Promises also trigger it.
Workspace APIs?
+
Workspace APIs allow managing Angular projects
programmatically.,
Used for creating, modifying, or generating projects and
configurations., Part of Angular DevKit
(@angular-devkit/core).
Zone context
+
The environment that monitors async operations., Angular
uses it to
know when to run change detection.
Zone?
+
Zone.js is a library used by Angular to detect asynchronous
operations., It helps Angular trigger change detection
automatically., All async tasks like setTimeout, promises,
and HTTP
requests are tracked.
What is Angular?
+
Angular is a TypeScript-based front-end framework for
building
single-page applications.
Is Angular a framework or library?
+
Angular is a full-fledged framework.
Why was Angular introduced?
+
To build dynamic, fast, client-side single-page
applications.
What type of applications does Angular
build?
+
Single Page Applications (SPAs).
What language is Angular written in?
+
Angular is written in TypeScript.
What is the Angular architecture?
+
Modules, Components, Templates, Directives, Services,
Dependency
Injection, and Routing.
What is a component in Angular?
+
A component controls a part of the UI with logic, template,
and
styles.
What is a template in Angular?
+
HTML view that defines the UI for a component.
What is a module in Angular?
+
A module groups related components, directives, pipes, and
services.
What is a service in Angular?
+
A reusable class that contains business logic or shared
data.
What is dependency injection in
Angular?
+
A design pattern where dependencies are provided instead of
created
manually.
What is data binding in Angular?
+
Synchronization of data between component and template.
What types of data binding does
Angular
support?
+
Interpolation, property binding, event binding, and two-way
binding.
What is Angular CLI?
+
A command-line tool to scaffold, build, test, and deploy
Angular
apps.
What is Angular Ivy?
+
Angular’s rendering engine that improves performance and
build size.
What is Angular Universal?
+
Angular Universal enables server-side rendering (SSR).
Does Angular use client-side rendering
by default?
+
Yes, Angular uses client-side rendering by default.
What is SPA?
+
An application that loads a single HTML page and updates
content
dynamically.
What browsers does Angular support?
+
Modern evergreen browsers like Chrome, Edge, Firefox, and
Safari.
What is Angular Language Service?
+
A tool that provides autocomplete and error checking for
Angular
templates.
What is an Angular component?
+
A component is a class that controls a portion of the UI
with a
template and styles.
What are the main parts of a
component?
+
Component class, template, metadata, and styles.
What is a component decorator?
+
A decorator that provides metadata to define a component.
What is @Component decorator?
+
It marks a class as an Angular component and supplies
configuration
metadata.
What properties are defined in
@Component?
+
selector, templateUrl, styleUrls, and providers.
What is a selector in Angular?
+
A CSS selector that identifies where the component is used.
What is templateUrl?
+
It points to the external HTML file of a component.
What is styleUrls?
+
It defines CSS files applied to the component.
What is an inline template?
+
A template defined directly inside the component decorator.
What is an inline style?
+
CSS styles defined directly inside the component decorator.
What is a template in Angular?
+
An HTML view that renders component data.
What is interpolation in templates?
+
Displaying component data using {{ }} syntax.
What is property binding?
+
Binding component properties to HTML element properties.
What is event binding?
+
Binding DOM events to component methods.
What is two-way data binding?
+
Synchronizing data between component and view using ngModel.
What is ngModel?
+
A directive used for two-way data binding in forms.
What is template reference variable?
+
A variable that references a DOM element or directive.
What is view encapsulation?
+
A mechanism to scope component styles.
What are view encapsulation types?
+
Emulated, ShadowDom, and None.
What is change detection?
+
A process that updates the view when data changes.
What is a directive in Angular?
+
A directive is a class that modifies the behavior or
appearance of
DOM elements.
What are the types of directives in
Angular?
+
Component, Structural, and Attribute directives.
What is a structural directive?
+
A directive that changes the DOM layout by adding or
removing
elements.
What are common structural directives?
+
*ngIf, *ngFor, and *ngSwitch.
What is an attribute directive?
+
A directive that changes the appearance or behavior of an
element.
What are common attribute directives?
+
ngClass and ngStyle.
What does ngClass do?
+
Dynamically adds or removes CSS classes.
What does ngStyle do?
+
Dynamically applies inline styles.
What is a custom directive?
+
A user-defined directive to extend HTML behavior.
What decorator is used to create a
directive?
+
@Directive decorator.
What is a pipe in Angular?
+
A pipe transforms data for display in templates.
What is pipe syntax?
+
Using the pipe symbol (|) in templates.
What are built-in pipes in Angular?
+
Date, UpperCase, LowerCase, Currency, Decimal, and Percent.
What is a custom pipe?
+
A user-defined pipe for custom data transformation.
What decorator is used to create a
pipe?
+
@Pipe decorator.
What is a pure pipe?
+
A pipe that runs only when input data changes.
What is an impure pipe?
+
A pipe that runs on every change detection cycle.
What is a service in Angular?
+
A service is a class that contains reusable business logic
or shared
data.
Why are services used in Angular?
+
To separate business logic from UI components.
What is dependency injection in
Angular?
+
A mechanism to provide required dependencies to a class
automatically.
What is Angular injector?
+
A system that creates and manages service instances.
What decorator is used to create a
service?
+
@Injectable decorator.
What does providedIn property do?
+
Specifies where the service is provided in the application.
What is providedIn: 'root'?
+
Registers the service as a singleton at the application
root.
What is a provider in Angular?
+
A configuration that tells Angular how to create a service.
Where can providers be registered?
+
Root module, component, or module level.
What is hierarchical dependency
injection?
+
A tree-based injector structure allowing scoped services.
What is singleton service?
+
A service with only one instance across the application.
What is scoped service?
+
A service instance limited to a specific module or
component.
What is constructor injection?
+
Injecting dependencies through a class constructor.
What is useClass provider?
+
Provides a class as a dependency.
What is useValue provider?
+
Provides a static value as a dependency.
What is useFactory provider?
+
Provides a dependency using a factory function.
What is useExisting provider?
+
Aliases one provider to another.
What is dependency injection token?
+
A unique identifier for non-class dependencies.
What is InjectionToken?
+
A token used for injecting values that are not classes.
What is tree-shakable service?
+
A service removed from build output if unused.
What is Angular routing?
+
Angular routing enables navigation between different views
in a
single-page application.
What module is used for routing?
+
RouterModule.
What is Routes in Angular?
+
A configuration array that defines application routes.
What is a route?
+
A mapping between a URL path and a component.
What is RouterOutlet?
+
A directive that displays routed components.
What is routerLink?
+
A directive used to navigate between routes declaratively.
What is programmatic navigation?
+
Navigation performed using the Router service.
What is ActivatedRoute?
+
A service that provides information about the current route.
What are route parameters?
+
Dynamic values passed through the URL.
What is snapshot in ActivatedRoute?
+
A static representation of route data at a moment in time.
What is query parameter?
+
Optional parameters appended to the URL.
What is route guard?
+
A mechanism to control access to routes.
What are the types of route guards?
+
CanActivate, CanDeactivate, CanLoad, Resolve, and
CanActivateChild.
What does CanActivate guard do?
+
Determines whether a route can be activated.
What does CanDeactivate guard do?
+
Determines whether a user can leave a route.
What is Resolve guard?
+
Preloads data before route activation.
What is lazy loading?
+
Loading feature modules only when needed.
Why is lazy loading used?
+
To improve application performance and load time.
What is wildcard route?
+
A route used to handle unknown paths.
What is router events?
+
Events emitted during the routing lifecycle.
What are forms in Angular?
+
Forms are used to capture and validate user input.
What types of forms does Angular
support?
+
Template-driven forms and Reactive forms.
What is a template-driven form?
+
A form defined primarily in the HTML template.
Which module is required for
template-driven forms?
+
FormsModule.
What directive is used for
template-driven forms?
+
ngModel.
What is two-way binding in forms?
+
Synchronizing form input with component data using ngModel.
How is validation done in
template-driven forms?
+
Using HTML validation attributes and Angular directives.
What is a reactive form?
+
A form defined and managed in the component class.
Which module is required for reactive
forms?
+
ReactiveFormsModule.
What is FormGroup?
+
A collection of form controls tracked as a group.
What is FormControl?
+
An object that tracks value and validation state of an
input.
What is FormArray?
+
A collection of FormControl or FormGroup instances.
What is form validation?
+
Ensuring form input meets defined rules.
What are built-in validators?
+
Validators.required, minLength, maxLength, and pattern.
What is custom validation?
+
User-defined validation logic.
What is synchronous validation?
+
Validation executed immediately.
What is asynchronous validation?
+
Validation executed asynchronously, often using HTTP calls.
What is form submission?
+
Handling user input when the form is submitted.
What is form state?
+
Status like valid, invalid, touched, or dirty.
What is reset() in forms?
+
Clears form values and resets state.
What is HttpClient in Angular?
+
HttpClient is a service used to communicate with backend
APIs over
HTTP.
Which module provides HttpClient?
+
HttpClientModule.
What HTTP methods does HttpClient
support?
+
GET, POST, PUT, PATCH, DELETE, and OPTIONS.
What does http.get() do?
+
Retrieves data from a server.
What does http.post() do?
+
Sends data to create a new resource.
What does http.put() do?
+
Updates an existing resource completely.
What does http.patch() do?
+
Partially updates an existing resource.
What does http.delete() do?
+
Deletes a resource on the server.
What is an Observable?
+
An Observable represents a stream of asynchronous data.
What library provides Observables in
Angular?
+
RxJS.
What is subscribe()?
+
A method used to consume Observable data.
What is RxJS?
+
A library for reactive programming using Observables.
What are RxJS operators?
+
Functions that transform or manipulate Observable streams.
What are common RxJS operators?
+
map, filter, tap, mergeMap, switchMap, and catchError.
What is pipe() in RxJS?
+
A method to combine multiple operators.
What is error handling in HttpClient?
+
Handling HTTP errors using RxJS operators.
What is catchError()?
+
An operator used to handle errors in Observables.
What is HttpInterceptor?
+
A service that intercepts HTTP requests and responses.
Why are interceptors used?
+
For logging, authentication headers, and error handling.
What is async pipe?
+
A pipe that subscribes and unsubscribes to Observables
automatically.
What is state in Angular?
+
State represents application data that affects the UI and
behavior.
What is state management?
+
Managing and synchronizing application state consistently.
Why is state management important?
+
It improves predictability, scalability, and
maintainability.
What is component state?
+
State managed locally within a component.
What is shared state?
+
State shared across multiple components.
How is shared state managed in
Angular?
+
Using services with dependency injection.
What is NgRx?
+
A Redux-inspired state management library for Angular.
What are NgRx store components?
+
Store, Actions, Reducers, Selectors, and Effects.
What is an action in NgRx?
+
An object describing a state change event.
What is a reducer?
+
A pure function that updates state based on actions.
What is a selector?
+
A function that selects slices of state.
What is effect in NgRx?
+
Handles side effects like API calls.
What is change detection?
+
The process of updating the view when data changes.
What triggers change detection?
+
Events, async operations, and data binding changes.
What is Default change detection
strategy?
+
Checks all components for changes.
What is OnPush change detection?
+
Checks component only when input references change.
How does OnPush improve performance?
+
By reducing unnecessary change detection cycles.
What is trackBy in ngFor?
+
Optimizes rendering by tracking item identity.
What is lazy loading for performance?
+
Loading modules only when required.
What is Angular performance
optimization?
+
Techniques to improve speed and responsiveness.
What is testing in Angular?
+
Testing verifies correctness and reliability of Angular
applications.
What types of testing are used in
Angular?
+
Unit testing, integration testing, and end-to-end testing.
What is unit testing in Angular?
+
Testing individual components, services, or pipes in
isolation.
What framework is commonly used for
Angular unit testing?
+
Jasmine.
What is Karma?
+
A test runner used to execute Angular unit tests.
What is TestBed?
+
A utility to configure and create Angular testing modules.
What is ComponentFixture?
+
A wrapper that provides access to a component instance and
DOM.
What is mocking in Angular testing?
+
Replacing real dependencies with fake ones.
What is a spy in Jasmine?
+
A function that tracks calls and arguments.
What is end-to-end testing?
+
Testing the entire application flow from user perspective.
What tool is used for Angular E2E
testing?
+
Protractor or Cypress.
What is debugging in Angular?
+
Identifying and fixing application issues.
What are common debugging tools?
+
Browser DevTools and Angular DevTools.
What is console logging?
+
Using console methods to inspect runtime values.
What is error handling in Angular?
+
Managing runtime and HTTP errors gracefully.
What is ErrorHandler class?
+
A global error handling service in Angular.
What is try-catch used for?
+
Handling synchronous runtime errors.
What is HTTP error handling?
+
Handling backend API errors using HttpClient.
What is global error handling?
+
Centralized handling of application errors.
Why is proper error handling
important?
+
It improves application stability and user experience.
What is Angular build process?
+
The process of compiling and bundling Angular application
files.
What tool is used to build Angular
applications?
+
Angular CLI.
What is ng build?
+
A command that builds the Angular application.
What is production build?
+
A build optimized for performance and size.
What does --prod flag do?
+
Enables production optimizations like minification and tree
shaking.
What is Ahead-of-Time (AOT)
compilation?
+
Compiling templates during build time.
What is Just-in-Time (JIT)
compilation?
+
Compiling templates at runtime.
What is tree shaking?
+
Removing unused code from the final bundle.
What is code splitting?
+
Dividing code into smaller chunks for lazy loading.
What is lazy loading in production?
+
Loading feature modules only when required.
What is environment configuration?
+
Using environment-specific settings for builds.
What is environment.ts?
+
A file storing environment-specific variables.
What is deployment in Angular?
+
Publishing the built application to a server.
Where can Angular apps be deployed?
+
Web servers, cloud platforms, or CDNs.
What is CI/CD in Angular?
+
Automated build, test, and deployment pipelines.
What is Angular Universal in
production?
+
Using server-side rendering for better performance and SEO.
What is bundle optimization?
+
Reducing bundle size for faster loading.
What is caching strategy?
+
Storing static assets for faster access.
What is performance budget?
+
Limits set on bundle size and load time.
What is production monitoring?
+
Tracking errors and performance in live applications.
:host property in CSS
+
:host targets the component’s root element from within its
CSS.,
Allows styling the host without affecting other components.
Activated route?
+
ActivatedRoute provides info about the current route.,
Access route
params, query params, fragments, and data., Injected into
components
via constructor.
Active router links?
+
Active links are highlighted when the route matches the
current
URL., Use routerLinkActive directive:, Home, This helps in
UI
feedback for navigation.
Add web workers in your application?
+
Use Angular CLI: ng generate web-worker ., Update
angular.json and
enable TypeScript worker configuration., Offloads heavy
computation
to background threads for performance.
Advantages and disadvantages of
Angular
+
Advantages: Component-based, TypeScript, SPA support,
tooling.,
Disadvantages: Steep learning curve, larger bundle size,
complex for
small apps.
Advantages of Angular over other
frameworks
+
Two-way data binding reduces boilerplate code., Dependency
injection
improves modularity., Rich ecosystem, TypeScript support,
and
reusable components.
Advantages of Angular over other
frameworks
+
Strong TypeScript support., Declarative templates with data
binding., Rich ecosystem and official libraries (Material,
Forms,
RxJS)., Modular, testable, and maintainable code.
Advantages of Angular over React
+
Angular is a full-fledged framework, React is a library.,
Built-in
support for forms, routing, and HTTP., Strong TypeScript
integration
for better type safety.
Advantages of Angular?
+
Two-way data binding, modularity, dependency injection,
TypeScript
support, and powerful CLI.
Advantages of AOT
+
Faster app startup., Smaller bundle size., Detects template
errors
at build time., Better security by compiling templates ahead
of
time.
Advantages of Bazel tool
+
Faster builds with caching, Parallel execution,
Language-agnostic
support, Scales well for monorepos
Angular Animation?
+
Angular Animation allows creating smooth UI animations in
components., Built on Web Animations API with
@angular/animations.,
Supports transitions, keyframes, triggers, and states for
dynamic
effects.
Angular application work?
+
Angular apps run in the browser., Templates define UI,
components
handle logic, and services manage data., Data binding
updates the
view dynamically when the model changes.
Angular Architecture Diagram
+
Angular architecture includes:, Modules (NgModule),
Components (UI +
logic), Templates (HTML), Directives (behavior), Services
(business
logic), Dependency Injection and Routing
Angular Authentication and
Authorization
+
Authentication: Verify user identity (login, JWT).,
Authorization:
Control access to resources/routes based on roles.,
Implemented
using guards, tokens, and HttpInterceptors.
Angular CLI Builder?
+
Angular CLI Builder is a customizable build pipeline tool.,
It
allows modifying build, serve, and test processes., Used to
extend
or replace default Angular CLI behavior.
Angular CLI?
+
Angular CLI is a command-line tool to scaffold, build, and
maintain
Angular applications.
Angular CLI?
+
Angular CLI is a command-line tool for Angular projects.,
Used to
generate components, modules, services, and run builds.,
Simplifies
scaffolding and deployment tasks.
Angular compiler?
+
Transforms Angular TypeScript and templates into
JavaScript.,
Includes AOT and JIT compilers., Generates code for change
detection
and view rendering.
Angular DSL?
+
DSL (Domain-Specific Language) in Angular refers to template
syntax., It allows declarative UI using HTML with Angular
directives., Includes *ngIf, *ngFor, interpolation, and
bindings.
Angular Elements
+
Angular Components packaged as custom HTML elements., Can be
used
outside Angular apps., Supports inputs, outputs, and
encapsulation.
Angular expressions vs JavaScript
expressions
+
Angular expressions are evaluated in the scope context and
are
safe., No loops, conditionals, or global access., JS
expressions can
access any variable or perform complex operations.
Angular finds components, directives,
and pipes
+
Compiler scans NgModule declarations., Generates factories
and
resolves templates and dependencies.
Angular Framework?
+
Angular is a TypeScript-based front-end framework for
building
dynamic single-page applications (SPAs)., It provides
features like
components, data binding, dependency injection, and
routing.,
Maintains a modular architecture and encourages reusable
code., It
supports both client-side rendering and progressive web
apps.
Angular introduced as a client-side
framework?
+
To create dynamic SPAs with fast user interactions., Reduces
server
load by rendering templates on the client., Provides data
binding,
modularity, and reusable components.
Angular Ivy?
+
Ivy is the new rendering engine in Angular., It improves
build size,
speed, and runtime performance., Supports AOT compilation,
better
debugging, and improved type checking.
Angular Language Service?
+
Provides editor support like autocomplete, type checking,
and error
detection for Angular templates., Helps developers write
Angular
code faster and with fewer mistakes.
Angular library
+
Reusable module/package with components, directives,
services., Can
be published and shared via npm.
Angular Material mean?
+
Angular Material is a UI component library implementing
Google’s
Material Design., Provides pre-built components like
buttons,
tables, forms, and dialogs., Enhances UI consistency and
responsiveness.
Angular Material?
+
A UI component library for Angular apps., Provides
pre-built,
responsive, and accessible components., Includes buttons,
forms,
tables, navigation, and themes.
Angular Material?
+
Official UI component library for Angular., Provides modern,
accessible, and responsive UI components.
Angular render on server-side?
+
Yes, using Angular Universal., Enables SSR for SEO and
faster
initial load.
Angular Router?
+
Angular Router allows navigation between views/components.,
It maps
URLs to components., Supports nested routes, lazy loading,
and route
guards., Enables single-page application (SPA) behavior.
Angular security model for preventing
XSS attacks
+
Angular automatically escapes interpolated content.,
Sanitizes URLs,
HTML, and styles in templates., Prevents injection attacks
on the
DOM.
Angular Signals with an example
+
import { signal } from '@angular/core';, const count =
signal(0);,
count.set(5); // Updates reactive value, count.subscribe(val
=>
console.log(val));, When count changes, subscribed
components update
automatically.
Angular Signals?
+
Signals are reactive primitives to track state changes.,
They allow
automatic UI updates when values change.
Angular simplifies
Internationalization
(i18n)
+
Provides built-in i18n support, translation files, and
pipes.,
Supports pluralization, locale formatting, and dynamic
translations., CLI helps extract and compile translations.
Angular Universal?
+
Angular Universal enables server-side rendering for SEO and
faster
load times.
Angular Universal?
+
Angular Universal enables server-side rendering (SSR) of
Angular
apps., Improves SEO and performance., Pre-renders HTML on
the server
before sending to client.
Angular uses client-side rendering by
default
+
True. Angular renders templates in the browser using
JavaScript.,
Server-side rendering (Angular Universal) is optional.
Angular?
+
Angular is a platform and framework for building single-page
client
applications using HTML and TypeScript.
Angular?
+
Angular is a TypeScript-based front-end framework., Used to
build
single-page applications (SPAs)., Supports components,
modules,
services, and reactive programming.
Annotations in Angular
+
Older term for decorators in AngularJS., Used to attach
metadata to
classes or functions., Helps framework know how to process
the
component.
AOT Compilation and advantages
+
Compiles templates during build time., Catches template
errors
early, reduces bundle size, improves performance.
AOT compilation? Advantages?
+
AOT (Ahead-of-Time) compiles Angular templates during build
time.,
Advantages: Faster rendering, smaller bundle size, early
error
detection, and better security.
AOT compiler
+
Ahead-of-Time compiler compiles templates during build, not
runtime., Reduces bundle size, improves performance, and
catches
template errors early.
AOT?
+
AOT compiles Angular templates during build., Generates
optimized
JavaScript before the app loads., Improves performance and
reduces
runtime errors.
Applications of HTTP interceptors
+
Add authentication tokens, logging, error handling,
caching., Modify
request/response globally., Handle API versioning or header
manipulation.
Are all components generated in
production build?
+
Only components referenced or reachable from templates and
routes
are included., Unused components are tree-shaken.
Are multiple interceptors supported in
Angular?
+
Yes, interceptors are executed in the order provided., Each
can pass
control to the next using next.handle().
AsyncPipe in Angular?
+
AsyncPipe subscribes to Observables/Promises in templates
and
handles unsubscription automatically.
Bazel tool?
+
Bazel is a build and test tool developed by Google., It
handles
large-scale projects efficiently., Supports incremental
builds and
caching.
BehaviorSubject in Angular?
+
BehaviorSubject stores current value and emits it to new
subscribers.
Benefit of Automatic Inlining of Fonts
+
Embeds fonts directly into CSS to reduce network requests.,
Improves
page load speed and performance., Enhances First Contentful
Paint
(FCP) metrics.
Best practices for security in Angular
+
Use sanitization, HttpClient, and Angular templates safely.,
Avoid
innerHTML for untrusted content., Enable Content Security
Policy
(CSP) and HTTPS.
Bootstrapped component?
+
Root component loaded by Angular to start the application.,
Declared
in bootstrap array of AppModule.
Bootstrapping module?
+
The bootstrapping module initializes the Angular
application., It is
usually the root module (AppModule) loaded by main.ts., It
sets up
the root component and starts the application., It imports
other
modules required for app startup.
Bootstrapping module?
+
It is the root Angular module that launches the
application.,
Defined with @NgModule and bootstrap array., Typically
called
AppModule.
Browser support for Angular
+
Supports latest Chrome, Firefox, Edge, Safari., IE11 support
is
deprecated in recent Angular versions., Modern Angular
relies on
evergreen browsers for features.
Browser support of Angular Elements
+
Supported in all modern browsers (Chrome, Firefox, Edge,
Safari).,
Polyfills may be needed for IE11.
Builder?
+
A Builder is a class or script that executes a specific task
in
Angular CLI., It can run builds, tests, linting, or deploy
tasks.,
Provides flexibility to customize CLI workflows.
Building blocks of Angular?
+
Angular is built using several key components: Components
(UI
control), Modules (grouping functionality), Templates (HTML
with
Angular bindings), Services (business logic), and Dependency
Injection. These work together to build scalable single-page
applications.
Can you read full response?
+
Use { observe: 'response' } with HttpClient:,
this.http.get('api/users', { observe: 'response'
}).subscribe(resp
=> console.log(resp.status, resp.body));, It returns
headers,
status, and body.
Case types in Angular?
+
Angular uses naming conventions:, camelCase for variables
and
functions, PascalCase for classes and components, kebab-case
for
selectors and filenames, This ensures consistency and
readability.
Categorize data binding types?
+
One-way binding: Interpolation, property, event, Two-way
binding:
[(ngModel)], Enables dynamic updates between component and
view.
Chain pipes?
+
Multiple pipes can be applied sequentially using |.,
Example: {{
name | uppercase | slice:0:5 }}, Output is passed from one
pipe to
the next.
Change Detection and how does it work?
+
Change Detection tracks updates in component data and
updates the
view., Angular checks the component tree for changes
automatically.,
It works via Zones and triggers re-rendering when a model
changes.,
Helps keep UI and data synchronized.
Change detection in Angular?
+
Change detection tracks changes in application state and
updates the
DOM accordingly.
Change settings of zone.js
+
Configure zone.js flags before import in polyfills:, (window
as
any).__Zone_disable_X = true;, Controls patching of timers,
events,
or async operations.
Choose an element from a component
template?
+
Use ViewChild or ViewChildren decorators., Example:
@ViewChild('myElement') element: ElementRef;, Access DOM
elements
directly in component class.
Class decorators in Angular?
+
Class decorators attach metadata to a class., Common ones:
@Component, @Directive, @Injectable, @NgModule., They define
how the
class behaves in Angular’s DI and rendering system.
Class decorators?
+
Class decorators define metadata for classes., Example:
@Injectable() marks a class for dependency injection.
Class field decorators?
+
Class field decorators annotate properties of a class.,
Examples:
@Input(), @Output(), @ViewChild()., They help Angular bind
data,
access DOM, or communicate between components.
Classes that should not be added to
declarations
+
Services, Modules, Non-Angular classes, Declarations should
include
components, directives, and pipes only.
Client-side frameworks like Angular
were
introduced?
+
To create dynamic, responsive web apps without reloading
pages.,
They handle data binding, DOM manipulation, and routing on
the
client side., Improves performance and user experience.
Code for creating a decorator.
+
A basic Angular decorator example:, function Log(target,
key) {,
console.log(`Property ${key} was accessed`);, }, Decorators
enhance
or modify class behavior during runtime.
Codelyzer?
+
Codelyzer is a static analysis tool for Angular projects.,
It checks
for coding style, best practices, and template errors., Used
with
TSLint for linting Angular apps.
Collection?
+
In Angular, a collection is a group of objects like arrays,
sets, or
maps., Used to store and iterate over data in templates
using ngFor.
Compare service() and factory()
functions.
+
service() returns an instantiated singleton object and is
created
using a constructor function. factory() allows returning a
custom
object, function, or primitive and provides more
flexibility. Both
are used for sharing reusable logic across components.
Compilation process?
+
Transforms Angular templates and metadata into efficient
JavaScript., Ensures type safety and detects template
errors.,
Optimizes the app for performance.
Component Decorator?
+
@Component defines a class as an Angular component.,
Specifies
metadata like selector, template, and styles., Registers the
component with Angular’s module system.
Component Test Harnesses?
+
A test API for Angular Material components., Allows
interacting with
components in tests without relying on DOM selectors.,
Provides a
clean and maintainable way to write unit tests.
Components in Angular?
+
Components are building blocks of Angular applications that
control
a part of the UI.
Components, Modules, and Services in
Angular
+
Component: UI + logic., Module: Groups components,
directives, and
services., Service: Provides reusable business logic,
injected via
dependency injection.
Components?
+
Components are building blocks of Angular apps., They
contain
template, class (logic), and metadata., Responsible for
rendering
views and handling user interaction.
Concept of Dependency Injection (DI).
+
DI provides class dependencies automatically via Angular’s
injector., Reduces manual instantiation and promotes
testability.,
Example: Injecting a service into a component constructor.
Configure injectors with providers at
different levels
+
Root injector: App-wide singleton (providedIn: 'root').,
Module
injector: Module-specific., Component injector: Scoped to
component
and children.
Content projection?
+
Mechanism to pass content from parent to child component.,
Allows
child components to display dynamic content from parent
templates.
Create a standalone component manually
+
Set standalone: true in the component decorator:,
@Component({,
selector: 'app-my-component',, standalone: true,,
templateUrl:
'./my-component.html', }), export class MyComponent {}
Create a standalone component using
CLI
+
Run: ng generate component my-component --standalone.,
Generates a
component without declaring it in a module.
Create an app shell in Angular?
+
Use Angular CLI command: ng add @angular/pwa to enable PWA
features., Then run ng generate app-shell --client-project
., It
generates server-side rendered shell for faster initial
load., App
shell improves performance and perceived loading speed.
Create directives using CLI
+
Run:, ng generate directive myDirective, Generates directive
file
with @Directive decorator ready to use.
Create displayBlock components
+
Use display: block in component CSS or
Create schematics for libraries?
+
Use Angular CLI command: ng generate schematic , Define
rules to
create components or modules in the library., Automates
repetitive
tasks in library development.
Custom elements
+
Custom elements are browser-native HTML elements defined by
developers., They encapsulate functionality and can be
reused like
standard tags.
Custom elements work internally
+
Angular wraps a component in custom element class., Manages
inputs/outputs, change detection, and lifecycle hooks.,
Element
behaves like a standard HTML tag.
Custom pipe?
+
Custom pipe is a user-defined pipe to transform data.,
Created using
@Pipe decorator and implementing PipeTransform., Useful for
app-specific formatting or logic.
Data binding in Angular
+
Synchronizes data between component and template., Can be
one-way or
two-way., Reduces manual DOM manipulation.
Data binding in Angular?
+
Data binding synchronizes data between the component class
and
template.
Data binding?
+
Data binding connects component class with template/view.,
Types
include one-way (interpolation, property, event) and two-way
binding., Enables dynamic UI updates.
Data Binding? In how many ways can it
be
executed?
+
Data binding connects data between the component and the UI.
Angular
supports four main types: Interpolation ({{ }}), Property
Binding ([
]), Event Binding (( )), and Two-way Binding ([( )]) using
ngModel.
Deal with errors in observables?
+
Use the catchError operator in RxJS., Handle errors inside
subscribe
via error callback., Example:,
observable.pipe(catchError(err =>
of([]))).subscribe(...)
Declarable in Angular?
+
Declarable refers to classes that can be declared in an
NgModule.,
Includes Components, Directives, and Pipes., They define UI
behavior
or transformations in templates.
Decorator in Angular?
+
Decorator is a function that adds metadata to classes, e.g.,
@Component, @Injectable.
Decorators in Angular
+
Decorators provide metadata to classes, methods, or
properties.,
Types: @Component, @Injectable, @Directive, @Pipe., They
enable
Angular features like dependency injection and templates.
Define routes?
+
Routes are defined using a Routes array:, const routes:
Routes = [,
{ path: 'home', component: HomeComponent },, { path:
'about',
component: AboutComponent }, ];, Configured via
RouterModule.forRoot(routes).
Define the ng-content Directive
+
Allows content projection into a child component., Acts as a
placeholder for parent-provided HTML content.
Define typings for custom elements
+
Create a .d.ts file declaring:, interface
HTMLElementTagNameMap {
'my-element': MyComponentElement; }, Ensures TypeScript type
checking.
Dependency Hierarchy formed?
+
Angular forms a tree hierarchy of injectors., Root injector
provides
global services., Child components can have component-level
injectors., Services are resolved from closest injector
upwards.
Dependency Injection
+
DI is a design pattern to inject dependencies into
components/services., Promotes loose coupling and
testability.,
Angular has a built-in DI system.
Dependency injection in Angular?
+
DI is a design pattern where a class receives its
dependencies from
an external source rather than creating them.
Dependency injection in Angular?
+
Dependency Injection (DI) provides services or objects to
components
automatically., Avoids manual creation of service
instances.,
Promotes modularity and testability.
Dependency injection tree in Angular?
+
Hierarchy of injectors controlling service scope and
lifetime.
Describe the MVVM architecture
+
Model-View-ViewModel separates data, UI, and logic., Angular
components act as ViewModel, templates as View,
services/models as
Model.
Describe various dependencies in
Angular
application?
+
Dependencies are described using constructor injection in
services
or components., Decorators like @Injectable() and @Inject()
define
provider rules., Angular’s DI system manages the lifecycle
and
resolution of dependencies.
Design goals of Service Workers
+
Offline-first experience, Background sync and push
notifications,
Improved performance and caching strategies, Enhancing
reliability
and responsiveness
Detect route change in Angular?
+
Subscribe to Router events:,
this.router.events.subscribe(event => {
/* handle NavigationEnd */ });, You can use ActivatedRoute
to detect
parameter changes., Useful for executing logic on route
transitions.
DI token?
+
DI token is a key used to inject a dependency in Angular’s
DI
system., Can be a type, string, or InjectionToken., Helps
Angular
locate and provide the correct service or value.
DifBet ActivatedRoute and Router?
+
ActivatedRoute provides info about current route; Router is
used to
navigate programmatically.
DifBet Angular Elements and Angular
Components?
+
Angular Elements are Angular components packaged as custom
elements
to use in non-Angular apps.
DifBet Angular Material and Bootstrap?
+
Angular Material provides Angular components with Material
Design;
Bootstrap is CSS framework.
DifBet Angular service and singleton
service?
+
Service is reusable class; singleton ensures a single
instance
application-wide using providedIn: 'root'.
DifBet Angular Service Worker and
Service Worker API?
+
Angular Service Worker integrates with Angular for PWA
features;
Service Worker API is native browser API.
DifBet AngularJS and Angular?
+
AngularJS is based on JavaScript (v1.x); Angular (v2+) is
based on
TypeScript and component-based architecture.
DifBet CanActivate and CanDeactivate
guards?
+
CanActivate controls route access; CanDeactivate controls
leaving a
route.
DifBet catchError and retry operators
in
RxJS?
+
catchError handles errors; retry retries failed requests a
specified
number of times.
DifBet Content Projection and
ViewChild?
+
Content Projection inserts external content into component;
ViewChild accesses component's template elements.
DifBet debounceTime() and
throttleTime()?
+
debounceTime waits until silence; throttleTime emits at most
once in
time interval.
DifBet declarations and imports in
NgModule?
+
Declarations define components, directives, pipes within
module;
imports bring in other modules.
DifBet eagerly loaded and lazy loaded
modules?
+
Eager modules load at app startup; lazy modules load on
demand.
DifBet FormControl, FormGroup, and
FormArray?
+
FormControl represents a single input; FormGroup groups
controls;
FormArray is a dynamic array of controls.
DifBet forwardRef and Injector in
Angular?
+
forwardRef allows referencing classes before declaration;
Injector
provides DI manually.
DifBet HttpClientModule and
HttpModule?
+
HttpModule is deprecated; HttpClientModule is modern and
supports
typed responses and interceptors.
DifBet map() and switchMap()?
+
map transforms values; switchMap cancels previous inner
observable
and switches to new observable.
DifBet NgFor and NgForOf?
+
NgFor is the structural directive; NgForOf is the underlying
implementation for iterables.
DifBet ngIf else and ngSwitch?
+
ngIf else conditionally renders templates; ngSwitch selects
among
multiple templates.
DifBet ngOnChanges and ngDoCheck?
+
ngOnChanges is triggered by input property changes;
ngDoCheck is
called on every change detection cycle.
DifBet ng-template and ng-container?
+
ng-template defines reusable template; ng-container is a
logical
container that doesn't render in DOM.
DifBet NgZone and ChangeDetectorRef?
+
NgZone manages async operations and triggers change
detection;
ChangeDetectorRef manually triggers change detection.
DifBet OnPush and Default change
detection strategy?
+
Default checks all components every cycle; OnPush checks
only when
input reference changes.
DifBet OnPush and Default change
detection?
+
OnPush runs only when inputs change; Default runs on every
change
detection cycle.
DifBet Promise and Observable in
Angular?
+
Promise handles single async value; Observable handles
multiple
values over time with operators.
DifBet providedIn: 'root' and
providedIn: 'any'?
+
'root' provides singleton service globally; 'any' provides
separate
instances for lazy-loaded modules.
DifBet providers and imports in
NgModule?
+
Providers register services with DI; imports bring in other
modules.
DifBet pure and impure pipes?
+
Pure pipes are executed only when input changes; impure
pipes run on
every change detection cycle.
DifBet PurePipe and ImpurePipe?
+
PurePipe executes only when input changes; ImpurePipe
executes every
change detection.
DifBet Renderer and Renderer2?
+
Renderer2 is the updated, safer API for DOM manipulation in
Angular
4+.
DifBet Renderer2 and ElementRef?
+
Renderer2 provides safe DOM manipulation; ElementRef
directly
accesses native element (less safe).
DifBet resolvers and guards?
+
Resolvers fetch data before route activation; guards
determine
access.
DifBet routerLink and href?
+
routerLink navigates without page reload using Angular
router; href
reloads the page.
DifBet static and dynamic components?
+
Static components are declared in template; dynamic
components are
created programmatically using ComponentFactoryResolver.
DifBet structural and attribute
directives?
+
Structural changes DOM layout; attribute changes element
behavior or
style.
DifBet Subject and EventEmitter?
+
EventEmitter extends Subject and is used for @Output in
components.
DifBet template-driven and reactive
forms in terms of validation?
+
Template-driven uses directives and template validation;
Reactive
uses form controls and programmatic validation.
DifBet template-driven and reactive
forms?
+
Template-driven forms are simple and rely on directives;
reactive
forms are more powerful, programmatically created, and use
FormBuilder.
DifBet templateRef and
viewContainerRef?
+
TemplateRef represents embedded template; ViewContainerRef
represents container to insert views.
DifBet ViewChild and ContentChild?
+
ViewChild references elements/components in template;
ContentChild
references projected content.
DifBet ViewEncapsulation.None,
Emulated,
and ShadowDom?
+
None: no encapsulation; Emulated: scoped styles; ShadowDom:
uses
native shadow DOM.
DifBet window.history and Angular
Router?
+
window.history manipulates browser history; Angular Router
manages
SPA routes without full page reload.
DiffBet Angular and AngularJS
+
AngularJS (1.x) uses JavaScript and MVC., Angular (2+) uses
TypeScript, components, and modules., Angular is faster,
modular,
and supports Ivy compiler.
DiffBet Angular and Backbone.js
+
Angular: MVVM, components, DI, two-way binding.,
Backbone.js:
Lightweight, MVC, manual DOM manipulation., Angular offers
more
structured development and tooling.
DiffBet Angular and jQuery
+
Angular: Full SPA framework, two-way binding, MVVM., jQuery:
DOM
manipulation library, no architecture.
DiffBet Angular expressions and
JavaScript expressions
+
Angular expressions are safe and auto-sanitized., Run within
Angular
context and cannot use loops or exceptions.
DiffBet AngularJS and Angular?
+
AngularJS is JavaScript-based and uses MVC architecture.,
Angular
(2+) is TypeScript-based, faster, modular, and uses
components.,
Angular supports mobile development and modern tooling.,
Angular has
better performance, AOT compilation, and enhanced dependency
injection.
DiffBet Annotation and Decorator
+
Annotation: Metadata in older frameworks., Decorator
(Angular): Adds
metadata and behavior to classes, properties, or methods.
DiffBet Component and Directive
+
Component: Has template + logic, renders UI., Directive: No
template, modifies DOM behavior., Component is a type of
directive
with a view.
DiffBet constructor and ngOnInit
+
constructor: Instantiates the class, used for dependency
injection.,
ngOnInit: Lifecycle hook, executes after inputs are
initialized.,
Use ngOnInit for initialization logic instead of
constructor.
DiffBet interpolated content and
innerHTML
+
Interpolation ({{ }}) is automatically sanitized by
Angular.,
innerHTML can bypass sanitization if used with untrusted
content.,
Interpolation is safer for user-generated content.
DiffBet ngIf and hidden property
+
ngIf adds/removes element from DOM., [hidden] hides element
but
keeps it in DOM., Use ngIf for conditional rendering and
hidden for
styling.
DiffBet NgModule and JavaScript module
+
NgModule defines Angular metadata (components, directives,
services)., JavaScript module only exports/imports variables
or
classes.
DiffBet promise and observable
+
Promise: Handles single async value; executes immediately.,
Observable: Can emit multiple values over time; lazy
execution.,
Observable supports operators, cancellation, and chaining.
DiffBet pure and impure pipe
+
Pure Pipe: Executes only when input changes; optimized for
performance., Impure Pipe: Executes on every change
detection; can
handle complex scenarios., Impure pipes can cause
performance
overhead.
Differences between AngularJS and
Angular
+
AngularJS: JS-based, uses MVC, two-way binding., Angular:
TypeScript-based, component-driven, improved performance.,
Angular
has better mobile support and modular architecture.
Differences between AngularJS and
Angular for DI
+
AngularJS uses function-based injection with $inject.,
Angular uses
class-based injection with @Injectable() decorators.,
Angular DI
supports hierarchical injectors and tree-shakable services.
Differences between reactive and
template-driven forms
+
Reactive: Model-driven, synchronous, testable.,
Template-driven:
Template-driven, simpler, less scalable., Reactive supports
dynamic
controls; template-driven does not.
Differences between various versions
of
Angular
+
AngularJS (1.x) is JavaScript-based and uses MVC., Angular
2+ is
TypeScript-based, component-driven, modular, and faster.,
Later
versions added Ivy compiler, CLI improvements, RxJS updates,
and
stricter type checking., Each version focuses on
performance,
security, and tooling enhancements.
Different types of compilation in
Angular
+
JIT (Just-in-Time): Compiles in the browser at runtime., AOT
(Ahead-of-Time): Compiles at build time.
Different ways to group form controls
+
FormGroup: Groups multiple controls logically., FormArray:
Groups
controls dynamically as an array., Nested FormGroups for
hierarchical structures.
Digest cycle in AngularJS.
+
The digest cycle is the internal process where AngularJS
checks for
model changes and updates the view. It compares current and
previous
values in watchers and continues until all bindings
stabilize. It
runs automatically during events handled by Angular.
Directive in Angular?
+
Directive is a class that can modify DOM behavior or
structure.
Directives in Angular
+
Directives are instructions for the DOM., Types: Attribute,
Structural (*ngIf, *ngFor), and Custom directives., They
modify the
behavior or appearance of elements.
Directives in Angular?
+
Instructions to manipulate DOM., Types: Structural (*ngIf,
*ngFor)
and Attribute ([ngClass], [ngStyle]).
Directives?
+
Directives are instructions in templates to manipulate DOM.,
Types:
Structural (*ngIf, *ngFor) and Attribute ([ngClass])., They
modify
appearance, behavior, or layout of elements.
Do I need a Routing Module always?
+
Not strictly, but recommended for modularity., Helps
separate route
configuration from main app module., Improves
maintainability and
scalability.
Do I need to bootstrap custom
elements?
+
No, Angular Elements are self-bootstrapped using
createCustomElement().
Do I still need entryComponents in
Angular 9?
+
No, Ivy compiler handles dynamic and bootstrapped components
automatically.
Do you perform error handling?
+
Use RxJS catchError or pipe with tap:,
this.http.get('api').pipe(catchError(err => of([])));,
Allows
graceful fallback or logging.
Does Angular prevent HTTP-level
vulnerabilities?
+
Angular provides HttpClient with built-in CSRF/XSRF
support.,
Prevents common HTTP attacks if configured correctly.,
Additional
server-side measures may still be required.
Does Angular support dynamic imports?
+
Yes, using import() syntax for lazy-loaded modules., Enables
code
splitting and reduces initial bundle size., Works seamlessly
with
Angular CLI and Webpack.
DOM sanitizer?
+
Service that cleans untrusted content before rendering.,
Used for
HTML, styles, URLs, and resource URLs., Prevents script
execution in
Angular apps.
Dynamic components
+
Components created programmatically at runtime., Use
ComponentFactoryResolver or
ViewContainerRef.createComponent(),
Useful for modals, tabs, or runtime content.
Dynamic forms
+
Forms created programmatically at runtime., Useful when form
structure is not known at compile-time., Built using
FormBuilder or
reactive APIs.
Eager and Lazy loading?
+
Eager loading: Loads all modules at app startup., Lazy
loading:
Loads modules on demand, improving initial load time.
Editor support for Angular Language
Service
+
Supported in VS Code, WebStorm, Sublime, and Atom., Provides
autocompletion, quick info, error detection, and navigation
in
templates.
Enable binding expression validation?
+
Enable it via "strictTemplates": true in
angularCompilerOptions., It
validates property and event bindings in templates.,
Prevents
runtime template errors and improves type safety.
Entry component?
+
Component instantiated dynamically, not referenced in
template.,
Used in modals, dialogs, or dynamically created components.
EntryComponents array not necessary
every time?
+
Angular 9+ uses Ivy compiler, which automatically detects
required
components., No manual entryComponents needed for dynamic
components.
Event binding in Angular?
+
Event binding binds events from DOM elements to component
methods
using (event) syntax.
Exactly is a parameterized pipe?
+
A pipe that accepts arguments to modify output., Example: {{
birthday | date:'shortDate' }} where 'shortDate' is a
parameter.
Exactly is the router state?
+
Router state is the current configuration and URL state of
the
Angular router., Includes active routes, parameters, query
parameters, and route data.
Example of built-in validators
+
name: new FormControl('', [Validators.required,
Validators.minLength(3)]), Applies required and minimum
length
validation.
Example of few metadata errors
+
Using arrow functions in decorators., Dynamic expressions in
@Input() default values., Referencing non-static properties
in
metadata.
Examples of NgModules
+
BrowserModule, FormsModule, HttpClientModule, RouterModule
Feature modules?
+
NgModules created for specific functionality of an app.,
Helps in
lazy loading, code organization, and reusability.
Features included in Ivy preview
+
Tree-shakable components, Faster compilation, Improved type
checking
in templates, Better build size optimization
Features of Angular 7
+
CLI prompts, virtual scrolling, drag & drop., Improved
performance,
updated RxJS 6.3., Better accessibility and dependency
updates.
Features provided by Angular Language
Service
+
Autocomplete for directives, components, and inputs, Error
checking
in templates, Quick info on variables and types, Navigation
to
component and template definitions
Find Angular CLI version
+
Run command: ng version or ng v in terminal., It shows
Angular CLI,
framework, and Node versions.
Folding?
+
Folding is the process of resolving expressions at compile
time.,
Helps AOT replace constants and simplify templates.
forRoot helps avoid duplicate router
instances
+
forRoot() ensures singleton services in shared modules.,
Lazy-loaded
modules can use forChild() without duplicating router.
Four phases of template translation
+
1. Extraction - extract translatable strings., 2.
Translation -
provide translated text., 3. Merging - merge translations
with
templates., 4. Rendering - compile translated templates.
Generate a class in Angular 7 using
CLI
+
Command: ng generate class my-class, Creates a TypeScript
class file
in project structure.
Get current direction for locales
+
Use Directionality service: dir.value returns 'ltr' or
'rtl'.,
Useful for layout adjustments in RTL languages.
Get the current route?
+
Use Angular ActivatedRoute or Router service., Example:
this.route.snapshot.url or this.router.url., It provides
access to
route parameters, query params, and path info.
Give an example of attribute
directives
+
Attribute directives change the appearance or behavior of
DOM
elements., Example:,
Give an example of custom pipe
+
A custom pipe transforms data in templates., Example:,
@Pipe({name:
'reverse'}), export class ReversePipe implements
PipeTransform {,
transform(value: string) { return
value.split('').reverse().join(''); }, }, Usage: {{
'Angular' |
reverse }} → ralugnA.
Guard in Angular?
+
Guard is a service to control access to routes, e.g.,
CanActivate,
CanDeactivate.
Happens if custom id is not unique
+
Angular may overwrite translations or throw errors., Unique
IDs
prevent conflicts and ensure correct mapping.
Happens if I import the same module
twice?
+
Angular does not create duplicate services if a module is
imported
multiple times., Components and directives are available
where
declared., Providers are instantiated only once at root
level.
Happens if you do not supply handler
for
the observer
+
No callback is executed; observable executes but subscriber
ignores
emitted values., No error or complete handling occurs.
Happens if you use script tag inside
template?
+
Angular does not execute script tags in templates for
security.,
Scripts are ignored to prevent XSS attacks., Use services or
component logic instead.
Happens if you use the script tag
within
a template?
+
Scripts in Angular templates do not execute for security
reasons
(DOM sanitization)., Use external scripts or component logic
instead.
HTTP interceptors?
+
HTTP interceptors are used to intercept HTTP requests and
responses., They can modify headers, add tokens, or handle
errors
globally., Registered in Angular’s dependency injection
system.,
Useful for logging, caching, and authentication.
Http Interceptors?
+
Classes that intercept HTTP requests and responses
globally., Can
modify headers, log activity, or handle errors., Implemented
via
HTTP_INTERCEPTORS token.
HttpClient and its benefits?
+
HttpClient is Angular’s service for HTTP communication.,
Supports
typed responses, interceptors, and observables., Simplifies
REST API
calls with automatic JSON parsing.
HttpInterceptor in Angular?
+
Interceptor is a service to modify HTTP requests or
responses
globally.
Hydration?
+
Hydration converts server-rendered HTML into a fully
interactive
client app., Used in Angular Universal for SSR (Server-Side
Rendering).
If BrowserModule used in feature
module?
+
Error occurs: BrowserModule should only be imported in
AppModule.,
Feature modules should use CommonModule instead.
Imported modules in CLI-generated
feature modules
+
CommonModule for common directives., FormsModule if forms
are used.,
RouterModule for routing inside the feature module.
Impure Pipes
+
Impure pipes may return different output even if input is
same.,
Executed on every change detection cycle., Useful for
dynamic or
async data transformations.
Include SASS into an Angular project?
+
Install node-sass or use Angular CLI:, ng config
schematics.@schematics/angular:component.style scss, Rename
.css
files to .scss., Angular compiles SASS into CSS
automatically.
Index property in ngFor directive
+
let i = index gives the current iteration index., Can be
used for
numbering items or conditionally styling elements.
Inject dynamic script in Angular?
+
Use Renderer2 or document.createElement('script') in a
component.,
Set src and append it to document.body., Ensure scripts are
loaded
after component initialization.
Install Angular Language Service in a
project?
+
Use NPM: npm install @angular/language-service --save-dev.,
Also,
enable it in your IDE (VS Code, WebStorm) for Angular
templates.
Interpolation in Angular?
+
Interpolation allows embedding expressions in HTML using {{
expression }} syntax.
Interpolation?
+
Interpolation binds component data to HTML view using {{
}}.,
Example:
Invoke a builder?
+
In Angular, a builder is invoked via angular.json or the
CLI., Use
commands like ng build or ng run :., Builders handle tasks
like
building, serving, or testing projects., They are
customizable via
options in the angular.json configuration.
Is aliasing possible for inputs and
outputs?
+
Yes, using @Input('aliasName') or @Output('aliasName').,
Allows
different property names externally vs internally.
Is bootstrapped component required to
be
entry component?
+
Yes, it must be included in entryComponents in Angular
versions <9., In Angular 9+ (Ivy), entryComponents array is
no longer needed.
Is it mandatory to use @Injectable
on every service?
+
Only required if the service has dependencies injected.,
Recommended for consistency and AOT compatibility.
Is it safe to use direct DOM API
methods?
+
No, direct DOM manipulation may bypass Angular
security., It can
introduce XSS risks., Prefer Angular templates,
bindings, or
Renderer2.
Is static flag mandatory for
ViewChild?
+
static: true/false required when accessing child
elements in
ngOnInit vs ngAfterViewInit., true for early access,
false for
later lifecycle access.
It helps determine what component
should be displayed.
+
Router links?, Router links ([routerLink]) are Angular
directives to navigate between routes., Example: Home.
JIT?
+
JIT compiles Angular templates in the browser at
runtime.,
Faster builds but slower app startup., Used mainly
during
development.
Key components of Angular
+
Component: UI + logic, Directive: Behavior or DOM
manipulation,
Module: Organizes components, Service: Shared
logic/data, Pipe:
Data transformation, Routing: Navigation between views
Lazy loading in Angular?
+
Lazy loading loads modules only when needed, improving
performance.
Lazy loading?
+
Lazy loading loads modules only when needed., Reduces
initial
load time and improves performance., Configured in the
routing
module using loadChildren.
Lifecycle hooks available
+
Common hooks:, ngOnInit - after component
initialization,
ngOnChanges - on input property change, ngDoCheck -
custom
change detection, ngOnDestroy - cleanup before component
removal
lifecycle hooks in Angular?
+
Lifecycle hooks are methods called at specific points in
a
component's life, e.g., ngOnInit, ngOnDestroy.
Lifecycle hooks in Angular?
Examples?
+
Lifecycle hooks allow execution of logic at specific
component
stages. Common hooks include:, · ngOnInit() -
initialization, ·
ngOnChanges() - when input properties change, ·
ngOnDestroy() -
cleanup before removal, · ngAfterViewInit() - when view
loads
Lifecycle hooks of a zone
+
onStable: triggered when zone has no pending tasks.,
onUnstable:
triggered when async tasks start., onMicrotaskEmpty:
after
microtasks complete.
lifecycle hooks? Explain a few.
+
Lifecycle hooks are methods called at specific component
stages., Examples:, ngOnInit: Initialization,
ngOnChanges:
Detect input changes, ngOnDestroy: Cleanup before
destruction,
They help manage component behavior.
Limitations with web workers
+
Cannot access DOM directly, Limited access to window or
document
objects, Cannot use Angular services directly,
Communication is
via messages only
List of template expression
operators
+
+ - * / %, comparison (<>
<=>= == !=), logical (&& || !), ternary (? :),
nullish (?.)
operators.
List pluralization categories
+
Angular supports: zero, one, two, few, many, other.,
Used in ICU
plural expressions.
Macros?
+
Macros are predefined expressions or reusable snippets
in
Angular compilation., Used to simplify repeated patterns
in
metadata or templates.
Manually bootstrap an application
+
Use platformBrowserDynamic().bootstrapModule(AppModule)
in
main.ts., Starts Angular without relying on automatic
bootstrapping.
Manually register locale data
+
Import locale from @angular/common and register:, import
{
registerLocaleData } from '@angular/common';, import
localeFr
from '@angular/common/locales/fr';,
registerLocaleData(localeFr);
Mapping rules between Angular
component and custom element
+
Component inputs → element attributes/properties,
Component
outputs → DOM events, Lifecycle hooks are preserved
automatically
Metadata rewriting?
+
Metadata rewriting updates compiled metadata JSON files
for
AOT., Allows Angular to optimize templates and
components at
build time.
Metadata?
+
Metadata provides additional info about classes to
Angular.,
Used via decorators like @Component and @NgModule.,
Tells
Angular how to process a class.
Method decorators?
+
Decorators applied to methods to modify or enhance
behavior.,
Example: @HostListener listens to events on host
elements.
Methods of NgZone to control
change
detection
+
run(): execute inside Angular zone (triggers
detection).,
runOutsideAngular(): execute outside detection.,
onStable,
onUnstable for subscriptions.
Module in Angular?
+
Modules group components, directives, pipes, and
services into
cohesive blocks of functionality.
Module?
+
Module (NgModule) organizes components, directives, and
services., Every Angular app has a root module
(AppModule).,
Modules help in lazy loading and modular development.
Multicasting?
+
Multicasting allows sharing a single observable
execution among
multiple subscribers., Achieved using Subject or share()
operator., Reduces unnecessary API calls or processing.
MVVM Architecture
+
Model-View-ViewModel separates UI, logic, and data.,
Model: Data
and business logic., View: User interface., ViewModel:
Mediator
between view and model, handles commands and data
binding.,
Promotes testability and clean separation of concerns.
Navigating between routes in
Angular
+
Use RouterLink or Router service:, Home, Or
programmatically:
this.router.navigate(['/home']);
NgAfterContentInit in Angular?
+
ngAfterContentInit is called after content projected
into
component is initialized.
NgAfterViewInit in Angular?
+
ngAfterViewInit is called after component's view and
child views
are initialized.
Ngcc
+
Angular Compatibility Compiler converts node_modules
packages
compiled with View Engine to Ivy., Ensures libraries are
compatible with Angular Ivy compiler.
Ng-content and its purpose?
+
is a placeholder in a component template., Used for
content
projection, letting parent content be rendered in child
components.
NgModule in Angular?
+
NgModule is a decorator that defines a module and its
metadata,
like declarations, imports, providers, and bootstrap.
NgOnDestroy in Angular?
+
ngOnDestroy is called just before component destruction
to clean
up resources.
NgOnInit in Angular?
+
ngOnInit is called once after component initialization.
NgOnInit?
+
ngOnInit is a lifecycle hook called after Angular
initializes a
component., Used to perform component initialization and
fetch
data., Runs once per component instantiation.
NgRx?
+
NgRx is a state management library for Angular., Based
on Redux
pattern, uses actions, reducers, and store., Helps
manage
complex application state predictably.
NgUpgrade?
+
NgUpgrade allows hybrid apps running AngularJS and
Angular
together., Facilitates incremental migration from
AngularJS to
Angular., Supports components, services, and routing
interoperability.
NgZone
+
NgZone is a service that manages Angular’s change
detection
context., It runs code inside or outside Angular zone to
control
updates efficiently.
Non-null type assertion operator?
+
The ! operator asserts that a value is not null or
undefined.,
Example: value!.length tells TypeScript the variable is
safe.,
Used to prevent compiler errors when you know the value
exists.
NoopZone
+
A no-operation zone that disables automatic change
detection.,
Useful for performance optimization in large apps.
Observable creation functions
+
of() - emits given values, from() - converts array,
promise to
observable, interval() - emits sequence periodically,
fromEvent() - listens to DOM events
Observable in Angular?
+
Observable represents a stream of asynchronous data that
can be
subscribed to.
Observable?
+
Observable is a stream of data over time., It can emit
next,
error, and complete notifications., Used for HTTP,
events, and
async tasks.
Observables different from
promises?
+
Observables can emit multiple values over time, promises
only
one., Observables are lazy and cancellable., Promises
are eager
and simpler., Observables support operators for
transformation
and filtering.
Observables vs Promises
+
Observables: Multiple values over time, cancellable,
lazy
evaluation., Promises: Single value, eager, not
cancellable.,
Observables are used with RxJS in Angular.
observables?
+
Observables are data streams that emit values over
time., They
allow asynchronous operations like HTTP requests or
events.,
Provided by RxJS in Angular.
Observer?
+
An observer is an object that listens to an observable.,
It has
methods: next, error, and complete., Example: { next: x
=>
console.log(x), error: e => console.log(e) }.
Operators in RxJS?
+
Operators are functions to transform, filter, or combine
Observables, e.g., map, filter, mergeMap.
Optimize performance of async
validators
+
Use debounceTime to reduce API calls., Use
distinctUntilChanged
for unique inputs., Avoid heavy computation inside
validator
function.
Option to choose between inline
and
external template file
+
In @Component decorator:, template - inline HTML,
templateUrl -
external HTML file, Choice depends on component size and
readability., *21. Purpose of ngFor directive, *ngFor is
used to
loop over a collection and render elements., Syntax:
*ngFor="let
item of items"., Useful for dynamic lists and tables.,
*22.
Purpose of ngIf directive, *ngIf conditionally renders
elements
based on boolean expression., Removes or adds elements
from the
DOM., Helps control UI dynamically.
Optional dependency
+
A dependency that may or may not be provided., Use
@Optional()
decorator in constructor injection.
Parameterized pipe?
+
Pipes that accept arguments to modify output., Example:
{{
amount | currency:'USD':true }}, Allows flexible data
formatting
in templates.
Parent to Child data sharing
example
+
Parent Component:, , Child Component:, @Input()
childData:
string;, This passes parentData from parent to child.
Pass headers for HTTP client?
+
Use HttpHeaders in Angular’s HttpClient., Example:,
this.http.get(url, { headers: new
HttpHeaders({'Auth':'token'})
}), Allows sending authentication, content-type, or
custom
headers.
Perform error handling in
observables?
+
Use catchError operator inside .pipe()., Example:
observable.pipe(catchError(err => of(defaultValue))),
Can also
use retry() to retry failed requests.
Pipe in Angular?
+
Pipe transforms data in templates, e.g., date, currency,
custom
pipes.
Pipes in Angular?
+
Pipes transform data before displaying in a template.,
Example:
{{ name | uppercase }} converts text to uppercase., Can
be
built-in or custom.
Pipes?
+
Pipes transform data in the template without changing
the
component., Example: {{date | date:'short'}}, Angular
has
built-in pipes like DatePipe, UpperCasePipe,
CurrencyPipe.
PipeTransform Interface
+
Interface that custom pipes must implement., Defines the
transform() method for input-to-output transformation.,
Enables
reusable data formatting.
platform in Angular?
+
Platform provides runtime context for Angular
applications.,
Examples: platformBrowser(), platformServer()., It
bootstraps
the Angular application on the respective environment.
Possible data update scenarios for
change detection
+
Model updates via property binding, User input in forms,
Async
operations like HTTP requests, timers, Manual triggering
using
ChangeDetectorRef
Possible errors with declarations
+
Declaring a component twice in different modules,
Declaring
non-component classes, Missing component import in
module
Precedence between pipe and
ternary
operators
+
Ternary operators have higher precedence., Pipe (|)
executes
after ternary expression evaluates.
Prevent automatic sanitization
+
Use Angular DomSanitizer to mark content as trusted:,
bypassSecurityTrustHtml, bypassSecurityTrustUrl, etc.,
Use
carefully to avoid XSS vulnerabilities.
Prioritize TypeScript over
JavaScript in Angular?
+
TypeScript provides strong typing, classes, interfaces,
and
compile-time checks., Improves developer productivity
and
maintainability.
Property binding in Angular?
+
Property binding binds component properties to HTML
element
properties using [property] syntax.
Property decorators?
+
Decorators that enhance class properties with Angular
features.,
Example: @Input() for parent-to-child binding, @Output()
for
event emission.
Protractor?
+
Protractor is an end-to-end testing framework for
Angular apps.,
It runs tests in real browsers and integrates with
Selenium., It
understands Angular-specific elements like ng-model and
ng-repeat.
Provide a singleton service
+
Use @Injectable({ providedIn: 'root' })., Angular
injects one
instance app-wide., Do not redeclare in feature modules
to avoid
duplicates.
Provide build configuration for
multiple locales
+
Use angular.json configurations:, "locales": { "fr":
"src/locale/messages.fr.xlf" }, Build with: ng build
--localize.
Provide configuration inheritance?
+
Angular modules can extend or import other modules.,
Child
modules inherit providers, declarations, and
configurations from
parent modules., Helps maintain shared settings across
the app.
Provider?
+
A provider tells Angular how to create a service., It
defines
the dependency injection configuration., Declared in
modules,
components, or services.
Pure Pipes
+
Pure pipes return same output for same input., Executed
only
when input changes., Used for performance optimization.
Purpose of tag
+
Specifies the base path for relative URLs in an Angular
app.,
Helps router resolve paths correctly., Placed in the
section of
index.html., Example: .
Purpose of animate function
+
animate() specifies duration, timing, and styles for
transitions., It animates the element from one style to
another., Used inside transition() to control animation
flow.
Purpose of any type cast function?
+
The any type allows bypassing TypeScript type checking.,
It is
used to temporarily cast a variable when type is
unknown.,
Useful during migration or working with dynamic data.
Purpose of async pipe
+
async pipe automatically subscribes to Observable or
Promise.,
It updates the template with emitted values., Handles
subscription and unsubscription automatically.
Purpose of CommonModule?
+
CommonModule provides common directives like ngIf and
ngFor., It
is imported in feature modules to use standard Angular
directives., Helps avoid reimplementing basic
functionality.
Purpose of custom id
+
Assigns a unique identifier to a translatable string.,
Helps
maintain consistent translations across builds.
Purpose of differential loading in
CLI
+
Generates two bundles: modern ES2015+ for new browsers,
ES5 for
old browsers., Reduces payload for modern browsers.,
Improves
performance and load time.
Purpose of FormBuilder
+
Simplifies creation of FormGroup, FormControl, and
FormArray.,
Reduces boilerplate code for reactive forms.
Purpose of hidden property
+
[hidden] toggles visibility of an element using CSS
display:
none., Unlike ngIf, it does not remove the element from
the DOM.
Purpose of i18n attribute
+
Marks an element or text for translation., Angular
extracts
these for generating translation files.
Purpose of innerHTML
+
innerHTML sets or gets the HTML content of an element.,
Used for
dynamic HTML rendering in the DOM.
Purpose of metadata JSON files
+
Store compiled metadata about components, directives,
and
modules., Used by AOT compiler for dependency injection
and code
generation.
Purpose of ngFor trackBy
+
trackBy improves performance by tracking items using
unique
identifier., Prevents unnecessary DOM re-rendering when
lists
change.
Purpose of ngSwitch directive
+
ngSwitch conditionally displays elements based on
expression
value., ngSwitchCase and ngSwitchDefault define cases
and
default view.
Purpose of Wildcard route
+
Wildcard route (**) catches all undefined routes.,
Typically
used for 404 pages., Example: { path: '**', component:
PageNotFoundComponent }.
Reactive forms
+
Form model is defined in component class using
FormControl,
FormGroup., Provides predictable, programmatic control
and
validators.
Reason for No provider for HTTP
exception
+
Occurs when HttpClientModule is not imported in
AppModule., Add
HttpClientModule to imports to resolve dependency
injection
errors.
Reason to deprecate Web Tracing
Framework
+
It was browser-dependent and complex., Angular adopted
modern
debugging tools and console-based tracing., Simplifies
performance monitoring and reduces maintenance.
Reason to deprecate web worker
packages
+
Native Web Worker APIs became standardized., Angular
moved to
simpler, built-in worker support., External packages
were
redundant and increased bundle size.
Recommendation for provider scope
+
Provide services in root for singleton usage., Avoid
multiple
registrations in lazy-loaded modules unless necessary.,
Use
feature module providers for module-scoped instances.
ReplaySubject in Angular?
+
ReplaySubject emits a specified number of previous
values to new
subscribers.
Report missing translations
+
Angular logs missing translations in console during
compilation., Use tools or custom loaders to handle
untranslated
keys.
Reset the form
+
Use form.reset() to reset values and validation state.,
Optionally, pass default values: form.reset({ name:
'John' }).
Restrict provider scope to a
module
+
Declare the provider in the providers array of the
module.,
Avoid providedIn: 'root' in @Injectable()., This creates
a
module-specific instance.
Restrictions of metadata
+
Cannot use dynamic expressions in decorators., Arrow
functions
or complex expressions are not allowed., Only static,
serializable values are permitted.
Restrictions on declarable classes
+
Declarables cannot be services or modules., They must be
declared in exactly one NgModule., Cannot be imported
multiple
times across modules.
Role of ngModule metadata in
compilation process
+
Defines components, directives, pipes, and services.,
Helps
compiler resolve dependencies and build module graph.
Role of template compiler for XSS
prevention
+
The compiler escapes unsafe content during template
rendering.,
Ensures dynamic content does not execute scripts., Acts
as a
first-line defense against XSS.
Root module in Angular?
+
The AppModule is the root module bootstrapped to launch
the
application.
Route Parameters?
+
Data passed through URLs to routes., Path parameters:
/user/:id,
Query parameters: /user?id=1, Fragment: #section1,
Matrix
parameters: /user;id=1
Routed entry component?
+
Component loaded via router dynamically, not referenced
in
template., Needs to be known to Angular compiler to
generate
factory.
Router events?
+
Router events are lifecycle events during navigation.,
Examples:
NavigationStart, RoutesRecognized, NavigationEnd,
NavigationError., You can subscribe to Router.events for
tracking navigation.
Router imports?
+
To use routing, import:, RouterModule, Routes from
@angular/router, Then configure routes using
RouterModule.forRoot(routes) or forChild(routes).
Router links?
+
[routerLink] is used for navigation without page
reload.,
Example: Home, It generates URLs based on route
configuration.
Router outlet?
+
is a placeholder where routed components are displayed.,
The
router dynamically injects the matched component here.,
Only one
per view or multiple for nested routes.
Router state?
+
Router state represents the current tree of activated
routes.,
Provides access to route parameters, query parameters,
and
data., Useful for inspecting the current route in the
app.
Router state?
+
Router state represents current route information.,
Contains
URL, params, queryParams, and component data.,
Accessible via
Router or ActivatedRoute service.
RouterModule in Angular?
+
RouterModule provides services and directives for
configuring
routing.
Routing in Angular?
+
Routing enables navigation between different views in a
single-page application.
Rule in Schematics?
+
A rule defines transformations on a project tree., It
decides
how files are created, modified, or deleted., Rules are
building
blocks of schematics.
Run Bazel directly?
+
Use Bazel CLI commands: bazel build //src:app or bazel
test
//src:app., It executes targets defined in BUILD files.,
Helps
in running incremental builds independently of Angular
CLI.
RxJS in Angular?
+
RxJS is a reactive programming library for handling
asynchronous
data streams using Observables.
RxJS in Angular?
+
RxJS is a library for reactive programming., Used with
observables to handle async data, events, and streams.,
Provides
operators like map, filter, and debounceTime.
RxJS Subject in Angular?
+
Subject is an observable that multicasts values to
multiple
observers., It can act as both an observer and
observable., Used
for communication between components or services.
RxJS?
+
RxJS (Reactive Extensions for JavaScript) is a library
for
reactive programming., Provides observables, operators,
and
subjects., Used for async tasks and event handling in
Angular.
safe navigation operator?
+
?. operator prevents null or undefined errors in
templates.,
Example: user?.name returns undefined if user is null.
Sanitization? Does Angular support
it?
+
Sanitization cleans untrusted input to prevent code
injection.,
Angular provides built-in DomSanitizer for HTML, styles,
URLs,
and scripts.
Schematic?
+
Schematics are code generators for Angular projects.,
They
automate creation of components, services, modules, or
custom
templates., Used with Angular CLI.
Schematics CLI?
+
Command-line tool to run, test, and create schematics.,
Example:
schematics blank --name=my-schematic., Helps automate
repetitive
tasks in Angular projects.
Scope hierarchy in Angular
+
Angular components have isolated scopes with
hierarchical
injectors., Child components inherit parent services via
DI.
Scope in Angular
+
Scope is the binding context between controller and
view., Used
in AngularJS; replaced by Component class properties in
Angular.
Security principles in Angular
+
Follow XSS prevention, CSRF protection, input
validation, and
sanitization., Avoid direct DOM manipulation and unsafe
URL
usage., Use Angular built-in sanitizers and HttpClient.
Select an element in component
template?
+
Use template reference variables or @ViewChild()
decorator.,
Example: @ViewChild('myDiv') myDivElement: ElementRef;.,
This
allows accessing DOM elements or child components from
the
component class.
Select an element within a
component
template?
+
Use @ViewChild() or @ViewChildren() decorators.,
Example:
@ViewChild('myDiv') div: ElementRef;, Allows access to
DOM
elements or child components in TS code.
select ICU expression
+
Used for conditional translations based on variable
values.,
Example: gender-based messages: {gender, select, male
{...}
female {...} other {...}}
Server-side XSS protection in
Angular
+
Validate and sanitize inputs before sending to client.,
Use CSP
headers, HTTPS, and server-side escaping., Combine with
Angular
client-side protections.
Service in Angular?
+
Service is a class that provides shared functionality
across
components.
Service Worker and its role in
Angular?
+
Service Worker is a background script that intercepts
network
requests., It enables offline caching, push
notifications, and
performance improvements., Angular supports Service
Worker via
@angular/pwa package.
Service?
+
Service is a class that holds business logic or shared
data.,
Injected into components using Dependency Injection.,
Promotes
code reusability across components.
Services in Angular?
+
Reusable classes that hold business logic or shared
data.,
Injected into components via DI., Helps separate UI and
logic.
Set ngFor and ngIf on same element
+
Use :,
Share data between components in
Angular?
+
Parent-to-child: @Input(), Child-to-parent: @Output()
with
EventEmitter, Service with BehaviorSubject or Subject
for
unrelated components
Share services using modules?
+
Yes, but use Core module or providedIn: 'root'., Avoid
providing
in Shared module to prevent multiple instances.
Shared module
+
A module containing reusable components, directives,
pipes, and
services., Imported by other modules to reduce code
duplication., Typically does not provide singleton
services.
Shorthand notation for subscribe
method
+
Instead of an observer object, use separate callbacks:,
observable.subscribe(val => console.log(val), err =>
console.log(err), () => console.log('complete'));
Single Page Applications (SPA)
+
SPA loads one HTML page and dynamically updates
content.,
Routing is handled on the client side., Improves speed
and
reduces server load.
Slice pipe?
+
Slice pipe extracts a subset of array or string.,
Example: {{
items | slice:0:3 }} shows first 3 items., Useful for
pagination
or previews.
Some features of Angular
+
Component-based architecture., Two-way data binding and
dependency injection., Directives, services, and RxJS
support.,
Powerful CLI for project scaffolding.
SPA? (Single Page Application)
+
A SPA loads a single HTML page and dynamically updates
content
using JavaScript without full page reloads. Unlike
traditional
websites where each action loads a new page, SPAs
improve speed,
user experience, and reduce server load.
Special configuration for Angular
9?
+
Angular 9 uses Ivy compiler by default., No additional
configuration is needed for most apps.
Specify Angular template compiler
options?
+
Template compiler options are specified in tsconfig.json
or
angular.json., You can enable strict type checking, full
template type checking, and other options., Example:
"angularCompilerOptions": { "strictTemplates": true }.,
It helps
catch template errors at compile time.
Standalone component?
+
A component that does not require a module., Can be used
independently with its own imports, providers, and
declarations.
State CSS classes provided by
ngModel
+
ng-valid, ng-invalid, ng-dirty, ng-pristine, ng-touched,
ng-untouched, Helps style form validation states.
State function?
+
state() defines a named state for an animation., It
specifies
styles associated with that state., Used in combination
with
transition() to animate between states.
Steps to use animation module
+
1. Install @angular/animations., 2. Import
BrowserAnimationsModule in the root module., 3. Use
trigger,
state, style, animate, and transition in components., 4.
Bind
animations to templates using [ @triggerName ].
Steps to use declaration elements
+
1. Declare component, directive, or pipe in NgModule.,
2. Export
if needed for other modules., 3. Import module in
consuming
module., 4. Use element in template.
string interpolation and property
binding.
+
String interpolation: {{ value }} inserts data into
templates.,
Property binding: [property]="value" binds data to
element
properties., Both keep view and data synchronized.
String interpolation in Angular?
+
Binding data from component to template using {{ value
}}.,
Automatically updates the DOM when the component value
changes.
Style function?
+
style() defines CSS styles to apply in a particular
state or
keyframe., Used inside state(), transition(), or
animate().,
Example: style({ opacity: 0, transform:
'translateX(-100%)' }).
Subject in Angular?
+
Subject is an Observable that allows multicasting to
multiple
subscribers.
Subscribing?
+
Subscribing is listening to an observable., Example:
.subscribe(data => console.log(data));, Triggers
execution and
receives emitted values.
Template expressions?
+
Template expressions are evaluated inside interpolation
or
binding., Can include properties, methods, operators.,
Cannot
contain statements like loops or conditionals.
Template statements?
+
Template statements handle events like (click) or
(change).,
Invoke component methods in response to user actions.,
Example:
Click
Template?
+
Template is the HTML view of a component., It defines
structure,
layout, and binds data using Angular syntax., Can
include
directives, bindings, and pipes.
Template-driven forms
+
Forms defined directly in HTML template using ngModel.,
Less
control but simpler for small forms.
Templates in Angular
+
Templates define the HTML view of a component., They can
contain
Angular directives, bindings, and expressions.,
Templates are
combined with component logic to render the UI.
Templates in Angular?
+
HTML with Angular directives, bindings, and components.,
Defines
the view for a component.
Test Angular application using
CLI?
+
Use ng test to run unit tests with Karma and Jasmine.,
Use ng
e2e for end-to-end testing with Protractor or Cypress.,
CLI
manages configurations and test runner setup
automatically.
TestBed?
+
TestBed is Angular’s unit testing utility for
configuring and
initializing environment., It allows creating
components,
services, and modules in isolation., Used with Karma or
Jasmine
to run tests.
Three phases of AOT
+
1. Metadata analysis: Parse decorators and template
metadata.,
2. Template compilation: Convert templates to TypeScript
code.,
3. Code generation: Emit optimized JavaScript for the
browser.
Transfer components to custom
elements
+
Use createCustomElement(Component, { injector }),
Register via
customElements.define('tag-name', element).
Transition function?
+
transition() defines how animations move between
states., It
specifies conditions, duration, and easing for the
animation.,
Example: transition('open => closed', animate('300ms
ease-in')).
Translate an attribute
+
Add i18n-attribute to mark element attributes: Welcome,
Translate text without creating an
element
+
Use i18n attribute on existing elements or directives.,
Angular
supports inline translations for text content.
Transpiling in Angular?
+
Transpiling converts TypeScript or modern JavaScript
into plain
JavaScript., This ensures compatibility with browsers.,
Angular
uses the TypeScript compiler (tsc) for this process., It
helps
leverage ES6+ features safely in older browsers.
Trigger an animation
+
Use Angular Animation API: trigger, state, transition,
animate.,
Call animation in template with [@animationName]., Can
also
trigger via component methods.
Two-way binding in Angular?
+
Two-way binding synchronizes data between component and
template
using [(ngModel)].
Two-way data binding
+
Updates component model when view changes and vice
versa.,
Implemented using [(ngModel)]., Simplifies form
handling.
Type narrowing?
+
Type narrowing is the process of refining a variable’s
type.,
TypeScript uses control flow analysis like if, typeof,
or
instanceof., Example: if (typeof x === "string") {
x.toUpperCase(); }
Types of data binding in Angular?
+
Interpolation, Property Binding, Event Binding, Two-way
Binding
([(ngModel)]).
Types of directives in Angular?
+
Components, Structural Directives (e.g., *ngIf, *ngFor),
and
Attribute Directives (e.g., ngClass, ngStyle).
Types of feature modules
+
Eager-loaded modules: Loaded at app startup.,
Lazy-loaded
modules: Loaded on demand via routing., Shared modules:
Contain
reusable components, directives, pipes., Core module:
Provides
singleton services.
Types of filters in AngularJS.
+
Filters format data displayed in the UI. Common filters
include:, ✓ currency (formats currency), ✓ date (formats
date),
✓ filter (filters arrays), ✓ uppercase/lowercase, ✓
orderBy
(sorts collections),
Types of injector hierarchies
+
Root injector, Module-level injector, Component-level
injector,
Child injectors inherit from parent injector.
Types of validator functions
+
Synchronous validators (Validators.required,
Validators.minLength), Asynchronous validators
(HTTP-based or
custom async checks)
Type-safe TestBed API changes in
Angular 9
+
TestBed APIs now return strongly typed component and
fixture
instances., Improves type checking in unit tests.
TypeScript class with constructor
and function
+
class Person {, constructor(public name: string) {},
greet() {
console.log(`Hello ${this.name}`); }, }, let p = new
Person("John");, p.greet();
TypeScript?
+
TypeScript is a superset of JavaScript that adds static
typing.,
It compiles down to plain JavaScript for browser
compatibility.,
Provides features like classes, interfaces, and type
checking.,
Used extensively in Angular for better maintainability
and
scalability.
Update specific properties of a
form
model
+
Use patchValue() for partial updates., setValue()
requires all
properties to be updated., Example: form.patchValue({
name:
'John' }).
Upgrade Angular version?
+
Use ng update @angular/core @angular/cli., Follow
migration
guides for breaking changes., CLI updates dependencies,
TypeScript, and configuration automatically.
Upgrade location service of
AngularJS?
+
Migrate $location service to Angular’s Router module.,
Update
code to use Router.navigate() or ActivatedRoute.,
Ensures smooth
URL and state management in Angular.
Use any JavaScript feature in
expression syntax for AOT?
+
No, only static and serializable expressions are
allowed.,
Dynamic or runtime JavaScript features are rejected.
Use AOT compilation with Ivy?
+
Yes, Ivy fully supports AOT (Ahead-of-Time)
compilation., It
improves startup performance and catches template errors
at
compile time.
Use arrow functions in AOT?
+
No, arrow functions are not allowed in decorators or
metadata.,
AOT requires static, serializable expressions.
Use Bazel with Angular CLI?
+
Install Bazel schematics: ng add @angular/bazel., Build
or test
projects using Bazel commands: ng build --bazel., It
replaces
default Webpack builder for performance optimization.
Use HttpClient with an example
+
Inject HttpClient in a service:, this.http.get
('api/users').subscribe(data => console.log(data));, Use
.get,
.post, .put, .delete for REST calls., Returns observable
streams.
Use interceptor for entire
application
+
Provide it in AppModule providers:, providers: [{
provide:
HTTP_INTERCEPTORS, useClass: MyInterceptor, multi: true
}],
Ensures all HTTP requests pass through it.
Use jQuery in Angular?
+
Install jQuery via npm: npm install jquery., Import it
in
angular.json scripts or component: import * as $ from
'jquery';., Use carefully; prefer Angular templates over
direct
DOM manipulation.
Use polyfills in Angular
application?
+
Modify polyfills.ts file to enable browser
compatibility.,
Includes support for older browsers (IE, Edge).,
Polyfills
ensure Angular features work across different platforms.
Use SASS in Angular project?
+
Set --style=scss when creating project: ng new app
--style=scss., Or change file extensions to .scss and
configure
angular.json., Angular CLI automatically compiles SASS
to CSS.
Utility functions provided by RxJS
+
Functions like of, from, interval, timer, throwError,
and
fromEvent., Used to create or manipulate observables.
Various kinds of directives
+
Structural: *ngIf, *ngFor - modify DOM structure,
Attribute:
[ngStyle], [ngClass] - change element
behavior/appearance,
Custom directives: User-defined behaviors
Various security contexts in
Angular
+
HTML (content in templates), Style (CSS binding), Script
(JavaScript context), URL (resource links), Resource URL
(external resources)
Verify model changes in forms
+
Subscribe to valueChanges or statusChanges on form or
controls.,
Example: form.valueChanges.subscribe(val =>
console.log(val)).
view encapsulation in Angular?
+
Controls CSS scope in components., Types: Emulated
(default),
None, Shadow DOM., Prevents styles from leaking or being
overridden.
ViewEncapsulation? Types?
+
ViewEncapsulation controls styling scope in Angular
components.,
It has three modes:, · Emulated (default, scoped
styles), · None
(global styles), · ShadowDom (real Shadow DOM isolation)
Ways to control AOT compilation
+
Enable/disable in angular.json using "aot": true/false.,
Use CLI
commands: ng build --aot., Manage template metadata and
decorators carefully.
Ways to remove duplicate service
registration
+
Provide service only in root., Avoid lazy-loaded module
providers for shared services., Use forRoot pattern for
modules
with services.
Ways to trigger change detection
in
Angular
+
User events (click, input) automatically trigger
detection.,
ChangeDetectorRef.detectChanges() manually triggers
detection.,
NgZone.run() executes code inside Angular zone., Async
operations via Observables or Promises also trigger it.
Workspace APIs?
+
Workspace APIs allow managing Angular projects
programmatically., Used for creating, modifying, or
generating
projects and configurations., Part of Angular DevKit
(@angular-devkit/core).
Zone context
+
The environment that monitors async operations., Angular
uses it
to know when to run change detection.
Zone?
+
Zone.js is a library used by Angular to detect
asynchronous
operations., It helps Angular trigger change detection
automatically., All async tasks like setTimeout,
promises, and
HTTP requests are tracked.
JKM API First Architecture
Advantages of api first?
+
Improves consistency, reduces rework, enables early integration, supports
microservices and multi-platform clients.
Api contract?
+
A formal definition of endpoints, request/response formats, data types, and
authentication mechanisms, usually via OpenAPI/Swagger.
Api first architecture?
+
Designs the API before implementing business logic, ensuring consistency,
reusability, and collaboration with front-end and third-party teams.
Api first supports microservices?
+
APIs act as contracts between services, enabling independent development,
testing,
and deployment.
Api gateway?
+
A gateway handles routing, authentication, rate-limiting, and logging for
microservice APIs.
Diffbet api first and code-first design?
+
API-first designs API before coding, focusing on contracts. Code-first
generates
APIs from implementation, which may lack consistency.
Diffbet rest and graphql?
+
Rest exposes fixed endpoints; graphql allows clients to query exactly what
they
need. both can follow api-first design.
Openapi (swagger)?
+
A specification for defining REST APIs, including endpoints, payloads,
responses,
and authentication, supporting documentation and code generation.
To handle security in api-first design?
+
Use OAuth2, JWT, API keys, TLS/HTTPS, and input validation.
Versioning in api design?
+
Maintains backward compatibility while introducing new features, often via
URL or
header versioning.
Advantages of api first?
+
Improves consistency, reduces rework, enables early integration, supports
microservices and multi-platform clients.
Api contract?
+
A formal definition of endpoints, request/response formats, data types, and
authentication mechanisms, usually via OpenAPI/Swagger.
Api first architecture?
+
Designs the API before implementing business logic, ensuring consistency,
reusability, and collaboration with front-end and third-party teams.
Api first supports microservices?
+
APIs act as contracts between services, enabling independent development,
testing,
and deployment.
Api gateway?
+
A gateway handles routing, authentication, rate-limiting, and logging for
microservice APIs.
Diffbet api first and code-first design?
+
API-first designs API before coding, focusing on contracts. Code-first
generates
APIs from implementation, which may lack consistency.
Diffbet rest and graphql?
+
Rest exposes fixed endpoints; graphql allows clients to query exactly what
they
need. both can follow api-first design.
Openapi (swagger)?
+
A specification for defining REST APIs, including endpoints, payloads,
responses,
and authentication, supporting documentation and code generation.
To handle security in api-first design?
+
Use OAuth2, JWT, API keys, TLS/HTTPS, and input validation.
Versioning in api design?
+
Maintains backward compatibility while introducing new features, often via
URL or
header versioning.
Advantages of api first?
+
Improves consistency, reduces rework, enables early integration, supports
microservices and multi-platform clients.
Api contract?
+
A formal definition of endpoints, request/response formats, data types, and
authentication mechanisms, usually via OpenAPI/Swagger.
Api first architecture?
+
Designs the API before implementing business logic, ensuring consistency,
reusability, and collaboration with front-end and third-party teams.
Api first supports microservices?
+
APIs act as contracts between services, enabling independent development,
testing,
and deployment.
Api gateway?
+
A gateway handles routing, authentication, rate-limiting, and logging for
microservice APIs.
Diffbet api first and code-first design?
+
API-first designs API before coding, focusing on contracts. Code-first
generates
APIs from implementation, which may lack consistency.
Diffbet rest and graphql?
+
Rest exposes fixed endpoints; graphql allows clients to query exactly what
they
need. both can follow api-first design.
Openapi (swagger)?
+
A specification for defining REST APIs, including endpoints, payloads,
responses,
and authentication, supporting documentation and code generation.
To handle security in api-first design?
+
Use OAuth2, JWT, API keys, TLS/HTTPS, and input validation.
Versioning in api design?
+
Maintains backward compatibility while introducing new features, often via
URL or
header versioning.
Advantages of api first?
+
Improves consistency, reduces rework, enables early integration, supports
microservices and multi-platform clients.
Api contract?
+
A formal definition of endpoints, request/response formats, data types, and
authentication mechanisms, usually via OpenAPI/Swagger.
Api first architecture?
+
Designs the API before implementing business logic, ensuring consistency,
reusability, and collaboration with front-end and third-party teams.
Api first supports microservices?
+
APIs act as contracts between services, enabling independent development,
testing,
and deployment.
Api gateway?
+
A gateway handles routing, authentication, rate-limiting, and logging for
microservice APIs.
Diffbet api first and code-first design?
+
API-first designs API before coding, focusing on contracts. Code-first
generates
APIs from implementation, which may lack consistency.
Diffbet rest and graphql?
+
Rest exposes fixed endpoints; graphql allows clients to query exactly what
they
need. both can follow api-first design.
Openapi (swagger)?
+
A specification for defining REST APIs, including endpoints, payloads,
responses,
and authentication, supporting documentation and code generation.
To handle security in api-first design?
+
Use OAuth2, JWT, API keys, TLS/HTTPS, and input validation.
Versioning in api design?
+
Maintains backward compatibility while introducing new features, often via
URL or
header versioning.
Advantages of api first?
+
Improves consistency, reduces rework, enables early integration, supports
microservices and multi-platform clients.
Api contract?
+
A formal definition of endpoints, request/response formats, data types, and
authentication mechanisms, usually via OpenAPI/Swagger.
Api first architecture?
+
Designs the API before implementing business logic, ensuring consistency,
reusability, and collaboration with front-end and third-party teams.
Api first supports microservices?
+
APIs act as contracts between services, enabling independent development,
testing,
and deployment.
Api gateway?
+
A gateway handles routing, authentication, rate-limiting, and logging for
microservice APIs.
Diffbet api first and code-first design?
+
API-first designs API before coding, focusing on contracts. Code-first
generates
APIs from implementation, which may lack consistency.
Diffbet rest and graphql?
+
Rest exposes fixed endpoints; graphql allows clients to query exactly what
they
need. both can follow api-first design.
Openapi (swagger)?
+
A specification for defining REST APIs, including endpoints, payloads,
responses,
and authentication, supporting documentation and code generation.
To handle security in api-first design?
+
Use OAuth2, JWT, API keys, TLS/HTTPS, and input validation.
Versioning in api design?
+
Maintains backward compatibility while introducing new features, often via
URL or
header versioning.
JKM APIs
Api aggregation?
+
API aggregation merges data from multiple APIs into a single response.
Api authentication vs authorization?
+
Authentication verifies identity; authorization defines access permissions.
Api authentication?
+
API authentication verifies the identity of the client accessing the API.
Api authorization?
+
API authorization determines what resources or actions an authenticated
client is
allowed to access.
Api backward compatibility?
+
Ensuring that changes in API do not break existing clients using older
versions.
Api caching?
+
API caching stores responses temporarily to reduce load and improve
performance.
Api client?
+
An API client is a program or application that sends requests to an API and
processes responses.
Api contract?
+
An API contract defines the expected request/response format headers status
codes
and behavior.
Api cors policy?
+
CORS policy restricts cross-origin requests for security allowing only
permitted
domains to access the API.
Api deprecation?
+
API deprecation is the process of marking an API or feature as obsolete and
guiding
clients to use alternatives.
Api documentation?
+
API documentation provides instructions endpoints parameters and examples
for using
an API.
Api endpoint testing?
+
Endpoint testing verifies that each API endpoint functions correctly and
returns
expected responses.
Api gateway?
+
An API gateway is a single entry point for multiple APIs that handles
routing
authentication and monitoring.
Api health check?
+
API health check monitors API status to ensure it is up responsive and
functioning
correctly.
Api idempotency key?
+
An idempotency key prevents duplicate processing of the same request.
Api latency?
+
API latency is the time taken for a request to travel from client to server
and
receive a response.
Api lifecycle?
+
API lifecycle includes design development testing deployment monitoring
versioning
and retirement.
Api load balancing?
+
Load balancing distributes incoming API requests across multiple servers to
ensure
availability and performance.
Api logging?
+
API logging records requests responses and events for debugging auditing and
analytics.
Api mocking?
+
API mocking simulates API responses without the actual backend
implementation for
testing purposes.
Api monitoring tool?
+
Tools like Postman New Relic or Datadog track API performance uptime and
errors.
Api orchestration vs aggregation?
+
Orchestration coordinates multiple API calls to complete a workflow;
aggregation
merges multiple API responses into one.
Api orchestration?
+
API orchestration combines multiple API calls into a single workflow to
complete
complex tasks.
Api proxy?
+
An API proxy is an intermediary that forwards API requests to backend
services often
used for security and routing.
Api rate limiting strategy?
+
Rate limiting strategies include token bucket fixed window sliding window
and leaky
bucket algorithms.
Api rate limiting window?
+
Rate limiting window defines the time interval in which the maximum requests
are
counted.
Api response time?
+
API response time is the duration between request submission and response
reception.
Api sandbox?
+
API sandbox is a testing environment that simulates API behavior without
affecting
production.
Api security?
+
API security protects APIs from unauthorized access attacks and misuse.
Api server?
+
An API server handles incoming requests from clients processes them and
returns
responses.
Api testing?
+
API testing verifies that APIs work as expected including functionality
performance
and security.
Api throttling in cloud?
+
In cloud API throttling prevents excessive requests to ensure fair usage and
system
stability.
Api throttling limit?
+
Throttling limit defines the maximum allowed requests per time window.
Api throttling pattern?
+
The throttling pattern limits excessive API calls to prevent system
overload.
Api throttling vs caching?
+
Throttling limits request rate; caching stores frequent responses to improve
performance.
Api throttling vs quota?
+
Throttling limits request rate; quota defines maximum allowed usage over a
longer
period.
Api throttling vs rate limiting?
+
Throttling controls the number of requests over time; rate limiting
restricts
requests per client or IP.
Api tokens?
+
API tokens are credentials used to authenticate and authorize API requests.
Api versioning best practice?
+
Best practice: include version in URL (e.g. /v1/resource) or header to
maintain
backward compatibility.
Api versioning?
+
API versioning allows maintaining multiple versions of an API to ensure
backward
compatibility.
Api?
+
An API (Application Programming Interface) is a set of rules that allows
software
applications to communicate with each other.
Cors?
+
CORS (Cross-Origin Resource Sharing) is a security feature that allows or
restricts
resource requests from different domains.
Diffbet rest and soap?
+
REST is lightweight stateless and uses HTTP; SOAP is protocol-based heavier
and uses
XML messages.
Diffbet synchronous and asynchronous apis?
+
Synchronous APIs wait for a response immediately; asynchronous APIs return
immediately and process in the background.
Endpoint in apis?
+
An endpoint is a specific URL where an API can access resources or perform
operations.
Explain api client sdk.
+
API client SDK is a prebuilt library that helps developers interact with an
API
using language-specific methods.
Explain api gateway vs reverse proxy.
+
API gateway manages routing security and monitoring for APIs; reverse proxy
forwards
client requests to servers.
Explain api idempotency vs retry.
+
Idempotency ensures repeated requests have no extra effect; retry may resend
requests safely using idempotency keys.
Explain api key authentication.
+
API key authentication uses a unique key provided to clients to access the
API.
Explain api load testing.
+
API load testing evaluates performance under heavy usage to identify
bottlenecks and
ensure scalability.
Explain api mocking vs stubbing.
+
Mocking simulates API behavior for testing; stubbing provides fixed
responses for
predefined inputs.
Explain api monitoring.
+
API monitoring tracks availability performance errors and usage patterns to
ensure
reliability.
Explain api pagination.
+
Pagination splits large API responses into smaller manageable chunks for
efficient
data transfer.
Explain api request headers.
+
Request headers carry metadata like authentication tokens content type and
caching
instructions.
Explain api response codes 2xx
+
4xx 5xx. 2xx = success 4xx = client error 5xx = server error.
Explain api security best practices.
+
Use authentication authorization HTTPS input validation rate limiting and
logging to
secure APIs.
Explain api testing types.
+
Types include functional performance security integration and contract
testing.
Explain api throttling algorithm.
+
Algorithms include fixed window sliding window token bucket and leaky bucket
to
control request rates.
Explain api versioning strategies.
+
Strategies: URI versioning (/v1/resource) request header versioning query
parameter
versioning (?version=1).
Explain endpoint security.
+
Endpoint security ensures that each API endpoint is protected using
authentication
authorization and encryption.
Explain oauth scopes.
+
OAuth scopes define the permissions and access level granted to a client
application.
Explain oauth.
+
OAuth is an authorization framework that allows third-party applications
limited
access to user resources without exposing credentials.
Explain rate limit headers.
+
Rate limit headers indicate remaining requests and reset time to clients for
API
usage management.
Explain rate-limiting vs throttling.
+
Rate-limiting controls API usage over time; throttling limits request rate
per user
or session.
Explain response codes in rest.
+
Common HTTP response codes include 200 (OK) 201 (Created) 400 (Bad Request)
401
(Unauthorized) 404 (Not Found) 500 (Server Error).
Explain rest api vs graphql.
+
REST uses multiple endpoints for resources; GraphQL uses a single endpoint
allowing
flexible queries.
Explain rest api vs rpc.
+
REST API is resource-based with standard HTTP methods; RPC (Remote Procedure
Call)
executes functions/methods on a remote server.
Explain rest constraints.
+
REST constraints include client-server statelessness cacheability layered
system
code-on-demand (optional) and uniform interface.
Explain restful status codes.
+
Status codes indicate API response results: 200 (OK) 201 (Created) 400 (Bad
Request)
401 (Unauthorized) 404 (Not Found) 500 (Server Error).
Explain the diffbet put and patch.
+
PUT updates a resource entirely; PATCH updates only specified fields.
Graphql?
+
GraphQL is a query language for APIs that allows clients to request exactly
the data
they need.
Hateoas?
+
HATEOAS (Hypermedia as the Engine of Application State) is a REST principle
where
responses include links to related actions.
Hmac authentication?
+
HMAC authentication uses a hash-based message authentication code to verify
request
integrity and authenticity.
Http methods used in rest?
+
Common HTTP methods are GET POST PUT DELETE PATCH and OPTIONS.
Idempotency in apis?
+
Idempotency ensures that multiple identical requests produce the same result
without
side effects.
Idempotent api method?
+
An idempotent method (GET PUT DELETE) produces the same result even if
called
multiple times.
Jwt?
+
JWT (JSON Web Token) is a compact self-contained token used for securely
transmitting information between parties.
Oauth 2.0?
+
OAuth 2.0 is an authorization framework allowing applications limited access
to user
resources.
Oauth refresh token?
+
A refresh token is used to obtain a new access token without
re-authentication.
Openid connect?
+
OpenID Connect is an authentication layer on top of OAuth 2.0 for verifying
user
identity.
Polling?
+
Polling repeatedly checks an API at intervals to get updates.
Rate limiting?
+
Rate limiting restricts the number of API requests a client can make in a
given time
period to prevent abuse.
Rest api documentation?
+
REST API documentation explains endpoints methods parameters responses and
examples
for developers.
Rest client?
+
A REST client sends HTTP requests to REST APIs and processes responses.
Rest server?
+
A REST server handles HTTP requests from clients processes them and sends
responses.
Rest?
+
REST (Representational State Transfer) is an architectural style that uses
HTTP
methods and stateless communication.
Restful api resource?
+
A RESTful resource is an identifiable object that can be accessed and
manipulated
via HTTP methods.
Restful resource?
+
A RESTful resource is an object or entity that can be accessed and
manipulated using
HTTP methods.
Soap action?
+
SOAP action specifies the intent of a SOAP HTTP request for proper routing
and
execution.
Soap envelope?
+
SOAP envelope wraps the XML message to define structure header and body for
SOAP
communication.
Soap fault?
+
SOAP fault is an error message returned by a SOAP API to indicate processing
issues.
Soap vs rest?
+
SOAP is protocol-based and formal with XML; REST is architectural stateless
and uses
lightweight formats like JSON.
Soap?
+
SOAP (Simple Object Access Protocol) is a protocol for exchanging structured
XML-based messages over a network.
Statelessness in rest?
+
Statelessness means each request from a client to server contains all
necessary
information without relying on server memory.
Swagger/openapi?
+
Swagger/OpenAPI is a standard framework for documenting and testing RESTful
APIs.
Throttling in apis?
+
Throttling limits API usage to control traffic and prevent server overload.
Tools are used for api testing?
+
Common tools include Postman SoapUI JMeter and RestAssured.
Types of apis?
+
Common types are REST SOAP GraphQL WebSocket and RPC APIs.
Versioning in rest apis?
+
Versioning ensures backward compatibility when APIs evolve using URLs
headers or
query parameters.
Webhook?
+
A webhook is an HTTP callback that notifies a client when an event occurs on
the
server.
Xml vs json in apis?
+
XML is verbose and strict; JSON is lightweight human-readable and widely
used in
REST APIs.
Api aggregation?
+
API aggregation merges data from multiple APIs into a single response.
Api authentication vs authorization?
+
Authentication verifies identity; authorization defines access permissions.
Api authentication?
+
API authentication verifies the identity of the client accessing the API.
Api authorization?
+
API authorization determines what resources or actions an authenticated
client is
allowed to access.
Api backward compatibility?
+
Ensuring that changes in API do not break existing clients using older
versions.
Api caching?
+
API caching stores responses temporarily to reduce load and improve
performance.
Api client?
+
An API client is a program or application that sends requests to an API and
processes responses.
Api contract?
+
An API contract defines the expected request/response format headers status
codes
and behavior.
Api cors policy?
+
CORS policy restricts cross-origin requests for security allowing only
permitted
domains to access the API.
Api deprecation?
+
API deprecation is the process of marking an API or feature as obsolete and
guiding
clients to use alternatives.
Api documentation?
+
API documentation provides instructions endpoints parameters and examples
for using
an API.
Api endpoint testing?
+
Endpoint testing verifies that each API endpoint functions correctly and
returns
expected responses.
Api gateway?
+
An API gateway is a single entry point for multiple APIs that handles
routing
authentication and monitoring.
Api health check?
+
API health check monitors API status to ensure it is up responsive and
functioning
correctly.
Api idempotency key?
+
An idempotency key prevents duplicate processing of the same request.
Api latency?
+
API latency is the time taken for a request to travel from client to server
and
receive a response.
Api lifecycle?
+
API lifecycle includes design development testing deployment monitoring
versioning
and retirement.
Api load balancing?
+
Load balancing distributes incoming API requests across multiple servers to
ensure
availability and performance.
Api logging?
+
API logging records requests responses and events for debugging auditing and
analytics.
Api mocking?
+
API mocking simulates API responses without the actual backend
implementation for
testing purposes.
Api monitoring tool?
+
Tools like Postman New Relic or Datadog track API performance uptime and
errors.
Api orchestration vs aggregation?
+
Orchestration coordinates multiple API calls to complete a workflow;
aggregation
merges multiple API responses into one.
Api orchestration?
+
API orchestration combines multiple API calls into a single workflow to
complete
complex tasks.
Api proxy?
+
An API proxy is an intermediary that forwards API requests to backend
services often
used for security and routing.
Api rate limiting strategy?
+
Rate limiting strategies include token bucket fixed window sliding window
and leaky
bucket algorithms.
Api rate limiting window?
+
Rate limiting window defines the time interval in which the maximum requests
are
counted.
Api response time?
+
API response time is the duration between request submission and response
reception.
Api sandbox?
+
API sandbox is a testing environment that simulates API behavior without
affecting
production.
Api security?
+
API security protects APIs from unauthorized access attacks and misuse.
Api server?
+
An API server handles incoming requests from clients processes them and
returns
responses.
Api testing?
+
API testing verifies that APIs work as expected including functionality
performance
and security.
Api throttling in cloud?
+
In cloud API throttling prevents excessive requests to ensure fair usage and
system
stability.
Api throttling limit?
+
Throttling limit defines the maximum allowed requests per time window.
Api throttling pattern?
+
The throttling pattern limits excessive API calls to prevent system
overload.
Api throttling vs caching?
+
Throttling limits request rate; caching stores frequent responses to improve
performance.
Api throttling vs quota?
+
Throttling limits request rate; quota defines maximum allowed usage over a
longer
period.
Api throttling vs rate limiting?
+
Throttling controls the number of requests over time; rate limiting
restricts
requests per client or IP.
Api tokens?
+
API tokens are credentials used to authenticate and authorize API requests.
Api versioning best practice?
+
Best practice: include version in URL (e.g. /v1/resource) or header to
maintain
backward compatibility.
Api versioning?
+
API versioning allows maintaining multiple versions of an API to ensure
backward
compatibility.
Api?
+
An API (Application Programming Interface) is a set of rules that allows
software
applications to communicate with each other.
Cors?
+
CORS (Cross-Origin Resource Sharing) is a security feature that allows or
restricts
resource requests from different domains.
Diffbet rest and soap?
+
REST is lightweight stateless and uses HTTP; SOAP is protocol-based heavier
and uses
XML messages.
Diffbet synchronous and asynchronous apis?
+
Synchronous APIs wait for a response immediately; asynchronous APIs return
immediately and process in the background.
Endpoint in apis?
+
An endpoint is a specific URL where an API can access resources or perform
operations.
Explain api client sdk.
+
API client SDK is a prebuilt library that helps developers interact with an
API
using language-specific methods.
Explain api gateway vs reverse proxy.
+
API gateway manages routing security and monitoring for APIs; reverse proxy
forwards
client requests to servers.
Explain api idempotency vs retry.
+
Idempotency ensures repeated requests have no extra effect; retry may resend
requests safely using idempotency keys.
Explain api key authentication.
+
API key authentication uses a unique key provided to clients to access the
API.
Explain api load testing.
+
API load testing evaluates performance under heavy usage to identify
bottlenecks and
ensure scalability.
Explain api mocking vs stubbing.
+
Mocking simulates API behavior for testing; stubbing provides fixed
responses for
predefined inputs.
Explain api monitoring.
+
API monitoring tracks availability performance errors and usage patterns to
ensure
reliability.
Explain api pagination.
+
Pagination splits large API responses into smaller manageable chunks for
efficient
data transfer.
Explain api request headers.
+
Request headers carry metadata like authentication tokens content type and
caching
instructions.
Explain api response codes 2xx
+
4xx 5xx. 2xx = success 4xx = client error 5xx = server error.
Explain api security best practices.
+
Use authentication authorization HTTPS input validation rate limiting and
logging to
secure APIs.
Explain api testing types.
+
Types include functional performance security integration and contract
testing.
Explain api throttling algorithm.
+
Algorithms include fixed window sliding window token bucket and leaky bucket
to
control request rates.
Explain api versioning strategies.
+
Strategies: URI versioning (/v1/resource) request header versioning query
parameter
versioning (?version=1).
Explain endpoint security.
+
Endpoint security ensures that each API endpoint is protected using
authentication
authorization and encryption.
Explain oauth scopes.
+
OAuth scopes define the permissions and access level granted to a client
application.
Explain oauth.
+
OAuth is an authorization framework that allows third-party applications
limited
access to user resources without exposing credentials.
Explain rate limit headers.
+
Rate limit headers indicate remaining requests and reset time to clients for
API
usage management.
Explain rate-limiting vs throttling.
+
Rate-limiting controls API usage over time; throttling limits request rate
per user
or session.
Explain response codes in rest.
+
Common HTTP response codes include 200 (OK) 201 (Created) 400 (Bad Request)
401
(Unauthorized) 404 (Not Found) 500 (Server Error).
Explain rest api vs graphql.
+
REST uses multiple endpoints for resources; GraphQL uses a single endpoint
allowing
flexible queries.
Explain rest api vs rpc.
+
REST API is resource-based with standard HTTP methods; RPC (Remote Procedure
Call)
executes functions/methods on a remote server.
Explain rest constraints.
+
REST constraints include client-server statelessness cacheability layered
system
code-on-demand (optional) and uniform interface.
Explain restful status codes.
+
Status codes indicate API response results: 200 (OK) 201 (Created) 400 (Bad
Request)
401 (Unauthorized) 404 (Not Found) 500 (Server Error).
Explain the diffbet put and patch.
+
PUT updates a resource entirely; PATCH updates only specified fields.
Graphql?
+
GraphQL is a query language for APIs that allows clients to request exactly
the data
they need.
Hateoas?
+
HATEOAS (Hypermedia as the Engine of Application State) is a REST principle
where
responses include links to related actions.
Hmac authentication?
+
HMAC authentication uses a hash-based message authentication code to verify
request
integrity and authenticity.
Http methods used in rest?
+
Common HTTP methods are GET POST PUT DELETE PATCH and OPTIONS.
Idempotency in apis?
+
Idempotency ensures that multiple identical requests produce the same result
without
side effects.
Idempotent api method?
+
An idempotent method (GET PUT DELETE) produces the same result even if
called
multiple times.
Jwt?
+
JWT (JSON Web Token) is a compact self-contained token used for securely
transmitting information between parties.
Oauth 2.0?
+
OAuth 2.0 is an authorization framework allowing applications limited access
to user
resources.
Oauth refresh token?
+
A refresh token is used to obtain a new access token without
re-authentication.
Openid connect?
+
OpenID Connect is an authentication layer on top of OAuth 2.0 for verifying
user
identity.
Polling?
+
Polling repeatedly checks an API at intervals to get updates.
Rate limiting?
+
Rate limiting restricts the number of API requests a client can make in a
given time
period to prevent abuse.
Rest api documentation?
+
REST API documentation explains endpoints methods parameters responses and
examples
for developers.
Rest client?
+
A REST client sends HTTP requests to REST APIs and processes responses.
Rest server?
+
A REST server handles HTTP requests from clients processes them and sends
responses.
Rest?
+
REST (Representational State Transfer) is an architectural style that uses
HTTP
methods and stateless communication.
Restful api resource?
+
A RESTful resource is an identifiable object that can be accessed and
manipulated
via HTTP methods.
Restful resource?
+
A RESTful resource is an object or entity that can be accessed and
manipulated using
HTTP methods.
Soap action?
+
SOAP action specifies the intent of a SOAP HTTP request for proper routing
and
execution.
Soap envelope?
+
SOAP envelope wraps the XML message to define structure header and body for
SOAP
communication.
Soap fault?
+
SOAP fault is an error message returned by a SOAP API to indicate processing
issues.
Soap vs rest?
+
SOAP is protocol-based and formal with XML; REST is architectural stateless
and uses
lightweight formats like JSON.
Soap?
+
SOAP (Simple Object Access Protocol) is a protocol for exchanging structured
XML-based messages over a network.
Statelessness in rest?
+
Statelessness means each request from a client to server contains all
necessary
information without relying on server memory.
Swagger/openapi?
+
Swagger/OpenAPI is a standard framework for documenting and testing RESTful
APIs.
Throttling in apis?
+
Throttling limits API usage to control traffic and prevent server overload.
Tools are used for api testing?
+
Common tools include Postman SoapUI JMeter and RestAssured.
Types of apis?
+
Common types are REST SOAP GraphQL WebSocket and RPC APIs.
Versioning in rest apis?
+
Versioning ensures backward compatibility when APIs evolve using URLs
headers or
query parameters.
Webhook?
+
A webhook is an HTTP callback that notifies a client when an event occurs on
the
server.
Xml vs json in apis?
+
XML is verbose and strict; JSON is lightweight human-readable and widely
used in
REST APIs.
Api aggregation?
+
API aggregation merges data from multiple APIs into a single response.
Api authentication vs authorization?
+
Authentication verifies identity; authorization defines access permissions.
Api authentication?
+
API authentication verifies the identity of the client accessing the API.
Api authorization?
+
API authorization determines what resources or actions an authenticated
client is
allowed to access.
Api backward compatibility?
+
Ensuring that changes in API do not break existing clients using older
versions.
Api caching?
+
API caching stores responses temporarily to reduce load and improve
performance.
Api client?
+
An API client is a program or application that sends requests to an API and
processes responses.
Api contract?
+
An API contract defines the expected request/response format headers status
codes
and behavior.
Api cors policy?
+
CORS policy restricts cross-origin requests for security allowing only
permitted
domains to access the API.
Api deprecation?
+
API deprecation is the process of marking an API or feature as obsolete and
guiding
clients to use alternatives.
Api documentation?
+
API documentation provides instructions endpoints parameters and examples
for using
an API.
Api endpoint testing?
+
Endpoint testing verifies that each API endpoint functions correctly and
returns
expected responses.
Api gateway?
+
An API gateway is a single entry point for multiple APIs that handles
routing
authentication and monitoring.
Api health check?
+
API health check monitors API status to ensure it is up responsive and
functioning
correctly.
Api idempotency key?
+
An idempotency key prevents duplicate processing of the same request.
Api latency?
+
API latency is the time taken for a request to travel from client to server
and
receive a response.
Api lifecycle?
+
API lifecycle includes design development testing deployment monitoring
versioning
and retirement.
Api load balancing?
+
Load balancing distributes incoming API requests across multiple servers to
ensure
availability and performance.
Api logging?
+
API logging records requests responses and events for debugging auditing and
analytics.
Api mocking?
+
API mocking simulates API responses without the actual backend
implementation for
testing purposes.
Api monitoring tool?
+
Tools like Postman New Relic or Datadog track API performance uptime and
errors.
Api orchestration vs aggregation?
+
Orchestration coordinates multiple API calls to complete a workflow;
aggregation
merges multiple API responses into one.
Api orchestration?
+
API orchestration combines multiple API calls into a single workflow to
complete
complex tasks.
Api proxy?
+
An API proxy is an intermediary that forwards API requests to backend
services often
used for security and routing.
Api rate limiting strategy?
+
Rate limiting strategies include token bucket fixed window sliding window
and leaky
bucket algorithms.
Api rate limiting window?
+
Rate limiting window defines the time interval in which the maximum requests
are
counted.
Api response time?
+
API response time is the duration between request submission and response
reception.
Api sandbox?
+
API sandbox is a testing environment that simulates API behavior without
affecting
production.
Api security?
+
API security protects APIs from unauthorized access attacks and misuse.
Api server?
+
An API server handles incoming requests from clients processes them and
returns
responses.
Api testing?
+
API testing verifies that APIs work as expected including functionality
performance
and security.
Api throttling in cloud?
+
In cloud API throttling prevents excessive requests to ensure fair usage and
system
stability.
Api throttling limit?
+
Throttling limit defines the maximum allowed requests per time window.
Api throttling pattern?
+
The throttling pattern limits excessive API calls to prevent system
overload.
Api throttling vs caching?
+
Throttling limits request rate; caching stores frequent responses to improve
performance.
Api throttling vs quota?
+
Throttling limits request rate; quota defines maximum allowed usage over a
longer
period.
Api throttling vs rate limiting?
+
Throttling controls the number of requests over time; rate limiting
restricts
requests per client or IP.
Api tokens?
+
API tokens are credentials used to authenticate and authorize API requests.
Api versioning best practice?
+
Best practice: include version in URL (e.g. /v1/resource) or header to
maintain
backward compatibility.
Api versioning?
+
API versioning allows maintaining multiple versions of an API to ensure
backward
compatibility.
Api?
+
An API (Application Programming Interface) is a set of rules that allows
software
applications to communicate with each other.
Cors?
+
CORS (Cross-Origin Resource Sharing) is a security feature that allows or
restricts
resource requests from different domains.
Diffbet rest and soap?
+
REST is lightweight stateless and uses HTTP; SOAP is protocol-based heavier
and uses
XML messages.
Diffbet synchronous and asynchronous apis?
+
Synchronous APIs wait for a response immediately; asynchronous APIs return
immediately and process in the background.
Endpoint in apis?
+
An endpoint is a specific URL where an API can access resources or perform
operations.
Explain api client sdk.
+
API client SDK is a prebuilt library that helps developers interact with an
API
using language-specific methods.
Explain api gateway vs reverse proxy.
+
API gateway manages routing security and monitoring for APIs; reverse proxy
forwards
client requests to servers.
Explain api idempotency vs retry.
+
Idempotency ensures repeated requests have no extra effect; retry may resend
requests safely using idempotency keys.
Explain api key authentication.
+
API key authentication uses a unique key provided to clients to access the
API.
Explain api load testing.
+
API load testing evaluates performance under heavy usage to identify
bottlenecks and
ensure scalability.
Explain api mocking vs stubbing.
+
Mocking simulates API behavior for testing; stubbing provides fixed
responses for
predefined inputs.
Explain api monitoring.
+
API monitoring tracks availability performance errors and usage patterns to
ensure
reliability.
Explain api pagination.
+
Pagination splits large API responses into smaller manageable chunks for
efficient
data transfer.
Explain api request headers.
+
Request headers carry metadata like authentication tokens content type and
caching
instructions.
Explain api response codes 2xx
+
4xx 5xx. 2xx = success 4xx = client error 5xx = server error.
Explain api security best practices.
+
Use authentication authorization HTTPS input validation rate limiting and
logging to
secure APIs.
Explain api testing types.
+
Types include functional performance security integration and contract
testing.
Explain api throttling algorithm.
+
Algorithms include fixed window sliding window token bucket and leaky bucket
to
control request rates.
Explain api versioning strategies.
+
Strategies: URI versioning (/v1/resource) request header versioning query
parameter
versioning (?version=1).
Explain endpoint security.
+
Endpoint security ensures that each API endpoint is protected using
authentication
authorization and encryption.
Explain oauth scopes.
+
OAuth scopes define the permissions and access level granted to a client
application.
Explain oauth.
+
OAuth is an authorization framework that allows third-party applications
limited
access to user resources without exposing credentials.
Explain rate limit headers.
+
Rate limit headers indicate remaining requests and reset time to clients for
API
usage management.
Explain rate-limiting vs throttling.
+
Rate-limiting controls API usage over time; throttling limits request rate
per user
or session.
Explain response codes in rest.
+
Common HTTP response codes include 200 (OK) 201 (Created) 400 (Bad Request)
401
(Unauthorized) 404 (Not Found) 500 (Server Error).
Explain rest api vs graphql.
+
REST uses multiple endpoints for resources; GraphQL uses a single endpoint
allowing
flexible queries.
Explain rest api vs rpc.
+
REST API is resource-based with standard HTTP methods; RPC (Remote Procedure
Call)
executes functions/methods on a remote server.
Explain rest constraints.
+
REST constraints include client-server statelessness cacheability layered
system
code-on-demand (optional) and uniform interface.
Explain restful status codes.
+
Status codes indicate API response results: 200 (OK) 201 (Created) 400 (Bad
Request)
401 (Unauthorized) 404 (Not Found) 500 (Server Error).
Explain the diffbet put and patch.
+
PUT updates a resource entirely; PATCH updates only specified fields.
Graphql?
+
GraphQL is a query language for APIs that allows clients to request exactly
the data
they need.
Hateoas?
+
HATEOAS (Hypermedia as the Engine of Application State) is a REST principle
where
responses include links to related actions.
Hmac authentication?
+
HMAC authentication uses a hash-based message authentication code to verify
request
integrity and authenticity.
Http methods used in rest?
+
Common HTTP methods are GET POST PUT DELETE PATCH and OPTIONS.
Idempotency in apis?
+
Idempotency ensures that multiple identical requests produce the same result
without
side effects.
Idempotent api method?
+
An idempotent method (GET PUT DELETE) produces the same result even if
called
multiple times.
Jwt?
+
JWT (JSON Web Token) is a compact self-contained token used for securely
transmitting information between parties.
Oauth 2.0?
+
OAuth 2.0 is an authorization framework allowing applications limited access
to user
resources.
Oauth refresh token?
+
A refresh token is used to obtain a new access token without
re-authentication.
Openid connect?
+
OpenID Connect is an authentication layer on top of OAuth 2.0 for verifying
user
identity.
Polling?
+
Polling repeatedly checks an API at intervals to get updates.
Rate limiting?
+
Rate limiting restricts the number of API requests a client can make in a
given time
period to prevent abuse.
Rest api documentation?
+
REST API documentation explains endpoints methods parameters responses and
examples
for developers.
Rest client?
+
A REST client sends HTTP requests to REST APIs and processes responses.
Rest server?
+
A REST server handles HTTP requests from clients processes them and sends
responses.
Rest?
+
REST (Representational State Transfer) is an architectural style that uses
HTTP
methods and stateless communication.
Restful api resource?
+
A RESTful resource is an identifiable object that can be accessed and
manipulated
via HTTP methods.
Restful resource?
+
A RESTful resource is an object or entity that can be accessed and
manipulated using
HTTP methods.
Soap action?
+
SOAP action specifies the intent of a SOAP HTTP request for proper routing
and
execution.
Soap envelope?
+
SOAP envelope wraps the XML message to define structure header and body for
SOAP
communication.
Soap fault?
+
SOAP fault is an error message returned by a SOAP API to indicate processing
issues.
Soap vs rest?
+
SOAP is protocol-based and formal with XML; REST is architectural stateless
and uses
lightweight formats like JSON.
Soap?
+
SOAP (Simple Object Access Protocol) is a protocol for exchanging structured
XML-based messages over a network.
Statelessness in rest?
+
Statelessness means each request from a client to server contains all
necessary
information without relying on server memory.
Swagger/openapi?
+
Swagger/OpenAPI is a standard framework for documenting and testing RESTful
APIs.
Throttling in apis?
+
Throttling limits API usage to control traffic and prevent server overload.
Tools are used for api testing?
+
Common tools include Postman SoapUI JMeter and RestAssured.
Types of apis?
+
Common types are REST SOAP GraphQL WebSocket and RPC APIs.
Versioning in rest apis?
+
Versioning ensures backward compatibility when APIs evolve using URLs
headers or
query parameters.
Webhook?
+
A webhook is an HTTP callback that notifies a client when an event occurs on
the
server.
Xml vs json in apis?
+
XML is verbose and strict; JSON is lightweight human-readable and widely
used in
REST APIs.
Api aggregation?
+
API aggregation merges data from multiple APIs into a single response.
Api authentication vs authorization?
+
Authentication verifies identity; authorization defines access permissions.
Api authentication?
+
API authentication verifies the identity of the client accessing the API.
Api authorization?
+
API authorization determines what resources or actions an authenticated
client is
allowed to access.
Api backward compatibility?
+
Ensuring that changes in API do not break existing clients using older
versions.
Api caching?
+
API caching stores responses temporarily to reduce load and improve
performance.
Api client?
+
An API client is a program or application that sends requests to an API and
processes responses.
Api contract?
+
An API contract defines the expected request/response format headers status
codes
and behavior.
Api cors policy?
+
CORS policy restricts cross-origin requests for security allowing only
permitted
domains to access the API.
Api deprecation?
+
API deprecation is the process of marking an API or feature as obsolete and
guiding
clients to use alternatives.
Api documentation?
+
API documentation provides instructions endpoints parameters and examples
for using
an API.
Api endpoint testing?
+
Endpoint testing verifies that each API endpoint functions correctly and
returns
expected responses.
Api gateway?
+
An API gateway is a single entry point for multiple APIs that handles
routing
authentication and monitoring.
Api health check?
+
API health check monitors API status to ensure it is up responsive and
functioning
correctly.
Api idempotency key?
+
An idempotency key prevents duplicate processing of the same request.
Api latency?
+
API latency is the time taken for a request to travel from client to server
and
receive a response.
Api lifecycle?
+
API lifecycle includes design development testing deployment monitoring
versioning
and retirement.
Api load balancing?
+
Load balancing distributes incoming API requests across multiple servers to
ensure
availability and performance.
Api logging?
+
API logging records requests responses and events for debugging auditing and
analytics.
Api mocking?
+
API mocking simulates API responses without the actual backend
implementation for
testing purposes.
Api monitoring tool?
+
Tools like Postman New Relic or Datadog track API performance uptime and
errors.
Api orchestration vs aggregation?
+
Orchestration coordinates multiple API calls to complete a workflow;
aggregation
merges multiple API responses into one.
Api orchestration?
+
API orchestration combines multiple API calls into a single workflow to
complete
complex tasks.
Api proxy?
+
An API proxy is an intermediary that forwards API requests to backend
services often
used for security and routing.
Api rate limiting strategy?
+
Rate limiting strategies include token bucket fixed window sliding window
and leaky
bucket algorithms.
Api rate limiting window?
+
Rate limiting window defines the time interval in which the maximum requests
are
counted.
Api response time?
+
API response time is the duration between request submission and response
reception.
Api sandbox?
+
API sandbox is a testing environment that simulates API behavior without
affecting
production.
Api security?
+
API security protects APIs from unauthorized access attacks and misuse.
Api server?
+
An API server handles incoming requests from clients processes them and
returns
responses.
Api testing?
+
API testing verifies that APIs work as expected including functionality
performance
and security.
Api throttling in cloud?
+
In cloud API throttling prevents excessive requests to ensure fair usage and
system
stability.
Api throttling limit?
+
Throttling limit defines the maximum allowed requests per time window.
Api throttling pattern?
+
The throttling pattern limits excessive API calls to prevent system
overload.
Api throttling vs caching?
+
Throttling limits request rate; caching stores frequent responses to improve
performance.
Api throttling vs quota?
+
Throttling limits request rate; quota defines maximum allowed usage over a
longer
period.
Api throttling vs rate limiting?
+
Throttling controls the number of requests over time; rate limiting
restricts
requests per client or IP.
Api tokens?
+
API tokens are credentials used to authenticate and authorize API requests.
Api versioning best practice?
+
Best practice: include version in URL (e.g. /v1/resource) or header to
maintain
backward compatibility.
Api versioning?
+
API versioning allows maintaining multiple versions of an API to ensure
backward
compatibility.
Api?
+
An API (Application Programming Interface) is a set of rules that allows
software
applications to communicate with each other.
Cors?
+
CORS (Cross-Origin Resource Sharing) is a security feature that allows or
restricts
resource requests from different domains.
Diffbet rest and soap?
+
REST is lightweight stateless and uses HTTP; SOAP is protocol-based heavier
and uses
XML messages.
Diffbet synchronous and asynchronous apis?
+
Synchronous APIs wait for a response immediately; asynchronous APIs return
immediately and process in the background.
Endpoint in apis?
+
An endpoint is a specific URL where an API can access resources or perform
operations.
Explain api client sdk.
+
API client SDK is a prebuilt library that helps developers interact with an
API
using language-specific methods.
Explain api gateway vs reverse proxy.
+
API gateway manages routing security and monitoring for APIs; reverse proxy
forwards
client requests to servers.
Explain api idempotency vs retry.
+
Idempotency ensures repeated requests have no extra effect; retry may resend
requests safely using idempotency keys.
Explain api key authentication.
+
API key authentication uses a unique key provided to clients to access the
API.
Explain api load testing.
+
API load testing evaluates performance under heavy usage to identify
bottlenecks and
ensure scalability.
Explain api mocking vs stubbing.
+
Mocking simulates API behavior for testing; stubbing provides fixed
responses for
predefined inputs.
Explain api monitoring.
+
API monitoring tracks availability performance errors and usage patterns to
ensure
reliability.
Explain api pagination.
+
Pagination splits large API responses into smaller manageable chunks for
efficient
data transfer.
Explain api request headers.
+
Request headers carry metadata like authentication tokens content type and
caching
instructions.
Explain api response codes 2xx
+
4xx 5xx. 2xx = success 4xx = client error 5xx = server error.
Explain api security best practices.
+
Use authentication authorization HTTPS input validation rate limiting and
logging to
secure APIs.
Explain api testing types.
+
Types include functional performance security integration and contract
testing.
Explain api throttling algorithm.
+
Algorithms include fixed window sliding window token bucket and leaky bucket
to
control request rates.
Explain api versioning strategies.
+
Strategies: URI versioning (/v1/resource) request header versioning query
parameter
versioning (?version=1).
Explain endpoint security.
+
Endpoint security ensures that each API endpoint is protected using
authentication
authorization and encryption.
Explain oauth scopes.
+
OAuth scopes define the permissions and access level granted to a client
application.
Explain oauth.
+
OAuth is an authorization framework that allows third-party applications
limited
access to user resources without exposing credentials.
Explain rate limit headers.
+
Rate limit headers indicate remaining requests and reset time to clients for
API
usage management.
Explain rate-limiting vs throttling.
+
Rate-limiting controls API usage over time; throttling limits request rate
per user
or session.
Explain response codes in rest.
+
Common HTTP response codes include 200 (OK) 201 (Created) 400 (Bad Request)
401
(Unauthorized) 404 (Not Found) 500 (Server Error).
Explain rest api vs graphql.
+
REST uses multiple endpoints for resources; GraphQL uses a single endpoint
allowing
flexible queries.
Explain rest api vs rpc.
+
REST API is resource-based with standard HTTP methods; RPC (Remote Procedure
Call)
executes functions/methods on a remote server.
Explain rest constraints.
+
REST constraints include client-server statelessness cacheability layered
system
code-on-demand (optional) and uniform interface.
Explain restful status codes.
+
Status codes indicate API response results: 200 (OK) 201 (Created) 400 (Bad
Request)
401 (Unauthorized) 404 (Not Found) 500 (Server Error).
Explain the diffbet put and patch.
+
PUT updates a resource entirely; PATCH updates only specified fields.
Graphql?
+
GraphQL is a query language for APIs that allows clients to request exactly
the data
they need.
Hateoas?
+
HATEOAS (Hypermedia as the Engine of Application State) is a REST principle
where
responses include links to related actions.
Hmac authentication?
+
HMAC authentication uses a hash-based message authentication code to verify
request
integrity and authenticity.
Http methods used in rest?
+
Common HTTP methods are GET POST PUT DELETE PATCH and OPTIONS.
Idempotency in apis?
+
Idempotency ensures that multiple identical requests produce the same result
without
side effects.
Idempotent api method?
+
An idempotent method (GET PUT DELETE) produces the same result even if
called
multiple times.
Jwt?
+
JWT (JSON Web Token) is a compact self-contained token used for securely
transmitting information between parties.
Oauth 2.0?
+
OAuth 2.0 is an authorization framework allowing applications limited access
to user
resources.
Oauth refresh token?
+
A refresh token is used to obtain a new access token without
re-authentication.
Openid connect?
+
OpenID Connect is an authentication layer on top of OAuth 2.0 for verifying
user
identity.
Polling?
+
Polling repeatedly checks an API at intervals to get updates.
Rate limiting?
+
Rate limiting restricts the number of API requests a client can make in a
given time
period to prevent abuse.
Rest api documentation?
+
REST API documentation explains endpoints methods parameters responses and
examples
for developers.
Rest client?
+
A REST client sends HTTP requests to REST APIs and processes responses.
Rest server?
+
A REST server handles HTTP requests from clients processes them and sends
responses.
Rest?
+
REST (Representational State Transfer) is an architectural style that uses
HTTP
methods and stateless communication.
Restful api resource?
+
A RESTful resource is an identifiable object that can be accessed and
manipulated
via HTTP methods.
Restful resource?
+
A RESTful resource is an object or entity that can be accessed and
manipulated using
HTTP methods.
Soap action?
+
SOAP action specifies the intent of a SOAP HTTP request for proper routing
and
execution.
Soap envelope?
+
SOAP envelope wraps the XML message to define structure header and body for
SOAP
communication.
Soap fault?
+
SOAP fault is an error message returned by a SOAP API to indicate processing
issues.
Soap vs rest?
+
SOAP is protocol-based and formal with XML; REST is architectural stateless
and uses
lightweight formats like JSON.
Soap?
+
SOAP (Simple Object Access Protocol) is a protocol for exchanging structured
XML-based messages over a network.
Statelessness in rest?
+
Statelessness means each request from a client to server contains all
necessary
information without relying on server memory.
Swagger/openapi?
+
Swagger/OpenAPI is a standard framework for documenting and testing RESTful
APIs.
Throttling in apis?
+
Throttling limits API usage to control traffic and prevent server overload.
Tools are used for api testing?
+
Common tools include Postman SoapUI JMeter and RestAssured.
Types of apis?
+
Common types are REST SOAP GraphQL WebSocket and RPC APIs.
Versioning in rest apis?
+
Versioning ensures backward compatibility when APIs evolve using URLs
headers or
query parameters.
Webhook?
+
A webhook is an HTTP callback that notifies a client when an event occurs on
the
server.
Xml vs json in apis?
+
XML is verbose and strict; JSON is lightweight human-readable and widely
used in
REST APIs.
What is an API?
+
An API (Application Programming Interface) is a set of rules that allows
software
applications to communicate with each other.
What is an API client?
+
An API client is a program or application that sends requests to an API and
processes responses.
What is an API server?
+
An API server handles incoming API requests, processes them, and returns
responses.
What is an API endpoint?
+
An endpoint is a specific URL where an API can access resources or perform
operations.
What is an API contract?
+
An API contract defines request formats, response formats, headers, status
codes,
and behavior.
What is API documentation?
+
API documentation provides instructions, endpoints, parameters, and examples
for
using an API.
What is API lifecycle?
+
API lifecycle includes design, development, testing, deployment, monitoring,
versioning, and retirement.
What is API latency?
+
API latency is the time taken for a request to reach the server and return a
response.
What is API response time?
+
API response time is the duration between request submission and response
reception.
What is API health check?
+
API health check monitors API availability and operational status.
What is API logging?
+
API logging records requests, responses, and events for debugging and
auditing.
What is API monitoring?
+
API monitoring tracks performance, uptime, errors, and usage patterns.
What is API sandbox?
+
An API sandbox is a testing environment that simulates API behavior without
affecting production.
What is API mocking?
+
API mocking simulates API responses without actual backend implementation.
What is API testing?
+
API testing verifies API functionality, performance, and security.
What is REST?
+
REST is an architectural style for designing networked applications using
stateless
communication.
What does REST stand for?
+
REST stands for Representational State Transfer.
What is a RESTful API?
+
A RESTful API follows REST principles using HTTP methods to access
resources.
What are REST constraints?
+
Client-server, statelessness, cacheability, uniform interface, layered
system, and
optional code on demand.
What is statelessness in REST?
+
Each request contains all information needed to process it without
server-side
session storage.
What is a resource in REST?
+
A resource is any data object accessed via a unique URI.
What are HTTP methods used in REST?
+
GET, POST, PUT, PATCH, DELETE, HEAD, and OPTIONS.
What does HTTP GET do?
+
GET retrieves data from the server.
What does HTTP POST do?
+
POST creates a new resource.
What does HTTP PUT do?
+
PUT updates or replaces an existing resource.
What does HTTP PATCH do?
+
PATCH partially updates a resource.
What does HTTP DELETE do?
+
DELETE removes a resource.
What is the difference between PUT and PATCH?
+
PUT replaces the entire resource; PATCH updates only specific fields.
What is idempotency in REST?
+
An idempotent request produces the same result when repeated.
Which HTTP methods are idempotent?
+
GET, PUT, DELETE, and HEAD are idempotent.
What is HTTP status code?
+
A status code indicates the result of an HTTP request.
What are 2xx status codes?
+
They indicate successful requests.
What are 4xx status codes?
+
They indicate client-side errors.
What are 5xx status codes?
+
They indicate server-side errors.
What is content negotiation?
+
Content negotiation selects response format using headers like Accept.
What are API design best practices?
+
API design best practices ensure APIs are consistent, scalable, secure, and
easy to
use.
Why is good API design important?
+
Good API design improves usability, maintainability, and developer adoption.
What naming convention should be used for REST APIs?
+
Use clear, meaningful, and plural nouns for resource names.
Should verbs be used in REST API URLs?
+
No, HTTP methods represent actions, not verbs in URLs.
What is a good REST API URL example?
+
/api/v1/users/{id}
How should nested resources be designed?
+
Use hierarchical URLs to represent relationships between resources.
What is versioning in API design?
+
Versioning manages API changes without breaking existing clients.
What are common API versioning strategies?
+
URI versioning, header versioning, and query parameter versioning.
What is pagination in APIs?
+
Pagination limits the number of records returned in a response.
Why is pagination important?
+
It improves performance and reduces payload size.
What is filtering in APIs?
+
Filtering restricts returned data based on criteria.
What is sorting in APIs?
+
Sorting orders response data based on specified fields.
What is field selection in APIs?
+
Field selection returns only required fields in the response.
What is HATEOAS?
+
HATEOAS provides hyperlinks in responses to guide API navigation.
What is consistent error handling?
+
Using standardized error formats and HTTP status codes.
What is API backward compatibility?
+
Ensuring new API versions do not break existing clients.
What is API security?
+
API security protects APIs from unauthorized access and misuse.
What is authentication in APIs?
+
Authentication verifies the identity of the API consumer.
What is authorization in APIs?
+
Authorization determines what resources an authenticated client can access.
What is an API key?
+
An API key is a simple token used to identify an API client.
When should API keys be used?
+
For basic identification and low-security scenarios.
What is OAuth2?
+
OAuth2 is an authorization framework that provides secure delegated access.
What is an access token?
+
An access token grants limited-time access to protected resources.
What is a refresh token?
+
A refresh token is used to obtain a new access token.
What is JWT?
+
JWT is a compact, self-contained token format used for secure API
communication.
What does a JWT contain?
+
Header, payload, and signature.
Why is JWT stateless?
+
All required authentication data is stored inside the token.
What is token expiration?
+
The time limit after which a token becomes invalid.
How do you secure API communication?
+
Using HTTPS, tokens, and proper authentication mechanisms.
What is rate limiting in API security?
+
Limiting the number of requests to prevent abuse.
What is idempotency in secure APIs?
+
Ensuring repeated requests do not cause unintended side effects.
What is an API Gateway?
+
An API Gateway is a single entry point that routes client requests to
backend
services.
Why is an API Gateway used?
+
To centralize authentication, routing, logging, and rate limiting.
What is rate limiting?
+
Rate limiting restricts the number of API requests in a given time window.
What is throttling?
+
Throttling slows down requests when limits are exceeded instead of blocking
them
completely.
What is the difference between rate limiting and
throttling?
+
Rate limiting blocks excess requests; throttling delays them.
What is API quota?
+
API quota defines the maximum number of allowed requests per client.
What is burst control?
+
Burst control allows temporary spikes in traffic within defined limits.
What is request aggregation?
+
Combining multiple backend calls into a single API response.
What is request routing?
+
Routing directs incoming requests to appropriate backend services.
What is circuit breaking in API Gateway?
+
Stopping requests to failing services to prevent cascading failures.
What is caching in API Gateway?
+
Storing responses to reduce backend load and improve performance.
What is load balancing at API Gateway?
+
Distributing traffic across multiple service instances.
What is API analytics?
+
Analyzing API usage, performance, and error patterns.
What is API testing?
+
API testing validates functionality, performance, security, and reliability
of APIs.
Why is API testing important?
+
It ensures APIs work correctly before UI integration and prevents production
failures.
What types of API testing exist?
+
Functional, integration, performance, security, and contract testing.
What is functional API testing?
+
Testing API endpoints against expected inputs and outputs.
What is integration API testing?
+
Testing interactions between APIs and backend systems.
What is contract testing in APIs?
+
Verifying API behavior matches the agreed API contract.
What is performance testing for APIs?
+
Measuring response time, throughput, and scalability.
What is security testing for APIs?
+
Testing authentication, authorization, and vulnerability resistance.
What is API documentation?
+
Written reference describing endpoints, parameters, responses, and examples.
Why is API documentation critical?
+
It enables developers to understand and consume APIs easily.
What is OpenAPI Specification?
+
A standard format for describing REST APIs.
What is Swagger?
+
Swagger is a toolset for creating, documenting, and testing APIs.
What is Postman?
+
Postman is an API testing and collaboration tool.
What is API mocking?
+
Simulating API responses without real backend implementation.
What is API sandbox?
+
A safe environment for testing APIs without affecting production.
What is API performance?
+
API performance measures response time, throughput, and resource efficiency.
Why is API performance important?
+
It affects user experience, scalability, and system reliability.
What is API caching?
+
Caching stores API responses to reduce repeated processing.
What are types of API caching?
+
Client-side, server-side, and proxy caching.
What is HTTP caching?
+
Using headers to control cache behavior in HTTP responses.
What are common HTTP cache headers?
+
Cache-Control, Expires, ETag, and Last-Modified.
What is ETag?
+
ETag is a unique identifier representing a resource version.
What is conditional request?
+
A request that uses ETag or Last-Modified to validate cached data.
What is API compression?
+
Reducing payload size using compression like Gzip.
What is pagination optimization?
+
Limiting data returned per request to improve performance.
What is connection pooling?
+
Reusing network connections to reduce latency.
What is API timeout?
+
The maximum time an API waits before failing a request.
What is API load testing?
+
Testing API behavior under expected and peak load.
What is API versioning?
+
API versioning manages changes without breaking existing clients.
Why is API versioning required?
+
To evolve APIs safely while supporting backward compatibility.
What are common API versioning strategies?
+
URI versioning, header versioning, and query parameter versioning.
What is URI versioning?
+
Including the version in the URL path like /v1/users.
What is header-based versioning?
+
Specifying the API version using HTTP headers.
What is query parameter versioning?
+
Passing the API version as a query parameter.
What is API deprecation?
+
Deprecation marks an API version as obsolete before removal.
Why is API deprecation important?
+
It gives consumers time to migrate to newer versions.
How should API deprecation be communicated?
+
Through documentation, headers, and clear timelines.
What is API sunset policy?
+
A defined timeline for retiring deprecated APIs.
What is API lifecycle management?
+
Managing APIs from design to retirement.
What are stages of API lifecycle?
+
Design, develop, test, deploy, monitor, version, deprecate, retire.
What is backward compatibility?
+
Ensuring older clients continue to work with newer API versions.
What is breaking change in APIs?
+
A change that requires client modification to continue working.
How do you avoid breaking changes?
+
By versioning APIs and maintaining backward compatibility.
Api aggregation?
+
API aggregation merges data from multiple APIs into a single response.
Api authentication vs authorization?
+
Authentication verifies identity; authorization defines access permissions.
Api authentication?
+
API authentication verifies the identity of the client accessing the API.
Api authorization?
+
API authorization determines what resources or actions an authenticated
client is
allowed to access.
Api backward compatibility?
+
Ensuring that changes in API do not break existing clients using older
versions.
Api caching?
+
API caching stores responses temporarily to reduce load and improve
performance.
Api client?
+
An API client is a program or application that sends requests to an API and
processes responses.
Api contract?
+
An API contract defines the expected request/response format headers status
codes
and behavior.
Api cors policy?
+
CORS policy restricts cross-origin requests for security allowing only
permitted
domains to access the API.
Api deprecation?
+
API deprecation is the process of marking an API or feature as obsolete and
guiding
clients to use alternatives.
Api documentation?
+
API documentation provides instructions endpoints parameters and examples
for using
an API.
Api endpoint testing?
+
Endpoint testing verifies that each API endpoint functions correctly and
returns
expected responses.
Api gateway?
+
An API gateway is a single entry point for multiple APIs that handles
routing
authentication and monitoring.
Api health check?
+
API health check monitors API status to ensure it is up responsive and
functioning
correctly.
Api idempotency key?
+
An idempotency key prevents duplicate processing of the same request.
Api latency?
+
API latency is the time taken for a request to travel from client to server
and
receive a response.
Api lifecycle?
+
API lifecycle includes design development testing deployment monitoring
versioning
and retirement.
Api load balancing?
+
Load balancing distributes incoming API requests across multiple servers to
ensure
availability and performance.
Api logging?
+
API logging records requests responses and events for debugging auditing and
analytics.
Api mocking?
+
API mocking simulates API responses without the actual backend
implementation for
testing purposes.
Api monitoring tool?
+
Tools like Postman New Relic or Datadog track API performance uptime and
errors.
Api orchestration vs aggregation?
+
Orchestration coordinates multiple API calls to complete a workflow;
aggregation
merges multiple API responses into one.
Api orchestration?
+
API orchestration combines multiple API calls into a single workflow to
complete
complex tasks.
Api proxy?
+
An API proxy is an intermediary that forwards API requests to backend
services often
used for security and routing.
Api rate limiting strategy?
+
Rate limiting strategies include token bucket fixed window sliding window
and leaky
bucket algorithms.
Api rate limiting window?
+
Rate limiting window defines the time interval in which the maximum requests
are
counted.
Api response time?
+
API response time is the duration between request submission and response
reception.
Api sandbox?
+
API sandbox is a testing environment that simulates API behavior without
affecting
production.
Api security?
+
API security protects APIs from unauthorized access attacks and misuse.
Api server?
+
An API server handles incoming requests from clients processes them and
returns
responses.
Api testing?
+
API testing verifies that APIs work as expected including functionality
performance
and security.
Api throttling in cloud?
+
In cloud API throttling prevents excessive requests to ensure fair usage and
system
stability.
Api throttling limit?
+
Throttling limit defines the maximum allowed requests per time window.
Api throttling pattern?
+
The throttling pattern limits excessive API calls to prevent system
overload.
Api throttling vs caching?
+
Throttling limits request rate; caching stores frequent responses to improve
performance.
Api throttling vs quota?
+
Throttling limits request rate; quota defines maximum allowed usage over a
longer
period.
Api throttling vs rate limiting?
+
Throttling controls the number of requests over time; rate limiting
restricts
requests per client or IP.
Api tokens?
+
API tokens are credentials used to authenticate and authorize API requests.
Api versioning best practice?
+
Best practice: include version in URL (e.g. /v1/resource) or header to
maintain
backward compatibility.
Api versioning?
+
API versioning allows maintaining multiple versions of an API to ensure
backward
compatibility.
Api?
+
An API (Application Programming Interface) is a set of rules that allows
software
applications to communicate with each other.
Cors?
+
CORS (Cross-Origin Resource Sharing) is a security feature that allows or
restricts
resource requests from different domains.
Diffbet rest and soap?
+
REST is lightweight stateless and uses HTTP; SOAP is protocol-based heavier
and uses
XML messages.
Diffbet synchronous and asynchronous apis?
+
Synchronous APIs wait for a response immediately; asynchronous APIs return
immediately and process in the background.
Endpoint in apis?
+
An endpoint is a specific URL where an API can access resources or perform
operations.
Explain api client sdk.
+
API client SDK is a prebuilt library that helps developers interact with an
API
using language-specific methods.
Explain api gateway vs reverse proxy.
+
API gateway manages routing security and monitoring for APIs; reverse proxy
forwards
client requests to servers.
Explain api idempotency vs retry.
+
Idempotency ensures repeated requests have no extra effect; retry may resend
requests safely using idempotency keys.
Explain api key authentication.
+
API key authentication uses a unique key provided to clients to access the
API.
Explain api load testing.
+
API load testing evaluates performance under heavy usage to identify
bottlenecks and
ensure scalability.
Explain api mocking vs stubbing.
+
Mocking simulates API behavior for testing; stubbing provides fixed
responses for
predefined inputs.
Explain api monitoring.
+
API monitoring tracks availability performance errors and usage patterns to
ensure
reliability.
Explain api pagination.
+
Pagination splits large API responses into smaller manageable chunks for
efficient
data transfer.
Explain api request headers.
+
Request headers carry metadata like authentication tokens content type and
caching
instructions.
Explain api response codes 2xx
+
4xx 5xx. 2xx = success 4xx = client error 5xx = server error.
Explain api security best practices.
+
Use authentication authorization HTTPS input validation rate limiting and
logging to
secure APIs.
Explain api testing types.
+
Types include functional performance security integration and contract
testing.
Explain api throttling algorithm.
+
Algorithms include fixed window sliding window token bucket and leaky bucket
to
control request rates.
Explain api versioning strategies.
+
Strategies: URI versioning (/v1/resource) request header versioning query
parameter
versioning (?version=1).
Explain endpoint security.
+
Endpoint security ensures that each API endpoint is protected using
authentication
authorization and encryption.
Explain oauth scopes.
+
OAuth scopes define the permissions and access level granted to a client
application.
Explain oauth.
+
OAuth is an authorization framework that allows third-party applications
limited
access to user resources without exposing credentials.
Explain rate limit headers.
+
Rate limit headers indicate remaining requests and reset time to clients for
API
usage management.
Explain rate-limiting vs throttling.
+
Rate-limiting controls API usage over time; throttling limits request rate
per user
or session.
Explain response codes in rest.
+
Common HTTP response codes include 200 (OK) 201 (Created) 400 (Bad Request)
401
(Unauthorized) 404 (Not Found) 500 (Server Error).
Explain rest api vs graphql.
+
REST uses multiple endpoints for resources; GraphQL uses a single endpoint
allowing
flexible queries.
Explain rest api vs rpc.
+
REST API is resource-based with standard HTTP methods; RPC (Remote Procedure
Call)
executes functions/methods on a remote server.
Explain rest constraints.
+
REST constraints include client-server statelessness cacheability layered
system
code-on-demand (optional) and uniform interface.
Explain restful status codes.
+
Status codes indicate API response results: 200 (OK) 201 (Created) 400 (Bad
Request)
401 (Unauthorized) 404 (Not Found) 500 (Server Error).
Explain the diffbet put and patch.
+
PUT updates a resource entirely; PATCH updates only specified fields.
Graphql?
+
GraphQL is a query language for APIs that allows clients to request exactly
the data
they need.
Hateoas?
+
HATEOAS (Hypermedia as the Engine of Application State) is a REST principle
where
responses include links to related actions.
Hmac authentication?
+
HMAC authentication uses a hash-based message authentication code to verify
request
integrity and authenticity.
Http methods used in rest?
+
Common HTTP methods are GET POST PUT DELETE PATCH and OPTIONS.
Idempotency in apis?
+
Idempotency ensures that multiple identical requests produce the same result
without
side effects.
Idempotent api method?
+
An idempotent method (GET PUT DELETE) produces the same result even if
called
multiple times.
Jwt?
+
JWT (JSON Web Token) is a compact self-contained token used for securely
transmitting information between parties.
Oauth 2.0?
+
OAuth 2.0 is an authorization framework allowing applications limited access
to user
resources.
Oauth refresh token?
+
A refresh token is used to obtain a new access token without
re-authentication.
Openid connect?
+
OpenID Connect is an authentication layer on top of OAuth 2.0 for verifying
user
identity.
Polling?
+
Polling repeatedly checks an API at intervals to get updates.
Rate limiting?
+
Rate limiting restricts the number of API requests a client can make in a
given time
period to prevent abuse.
Rest api documentation?
+
REST API documentation explains endpoints methods parameters responses and
examples
for developers.
Rest client?
+
A REST client sends HTTP requests to REST APIs and processes responses.
Rest server?
+
A REST server handles HTTP requests from clients processes them and sends
responses.
Rest?
+
REST (Representational State Transfer) is an architectural style that uses
HTTP
methods and stateless communication.
Restful api resource?
+
A RESTful resource is an identifiable object that can be accessed and
manipulated
via HTTP methods.
Restful resource?
+
A RESTful resource is an object or entity that can be accessed and
manipulated using
HTTP methods.
Soap action?
+
SOAP action specifies the intent of a SOAP HTTP request for proper routing
and
execution.
Soap envelope?
+
SOAP envelope wraps the XML message to define structure header and body for
SOAP
communication.
Soap fault?
+
SOAP fault is an error message returned by a SOAP API to indicate processing
issues.
Soap vs rest?
+
SOAP is protocol-based and formal with XML; REST is architectural stateless
and uses
lightweight formats like JSON.
Soap?
+
SOAP (Simple Object Access Protocol) is a protocol for exchanging structured
XML-based messages over a network.
Statelessness in rest?
+
Statelessness means each request from a client to server contains all
necessary
information without relying on server memory.
Swagger/openapi?
+
Swagger/OpenAPI is a standard framework for documenting and testing RESTful
APIs.
Throttling in apis?
+
Throttling limits API usage to control traffic and prevent server overload.
Tools are used for api testing?
+
Common tools include Postman SoapUI JMeter and RestAssured.
Types of apis?
+
Common types are REST SOAP GraphQL WebSocket and RPC APIs.
Versioning in rest apis?
+
Versioning ensures backward compatibility when APIs evolve using URLs
headers or
query parameters.
Webhook?
+
A webhook is an HTTP callback that notifies a client when an event occurs on
the
server.
Xml vs json in apis?
+
XML is verbose and strict; JSON is lightweight human-readable and widely
used in
REST APIs.
JKM Architecture
Advantages of microservices?
+
Microservices offer scalability flexibility independent deployment fault
isolation
and easier maintenance.
Api gateway in microservices?
+
API Gateway is a single entry point for microservices handling routing
authentication and monitoring.
Api?
+
An API (Application Programming Interface) allows software systems to
communicate
using defined interfaces.
Api-first design?
+
APIs are designed before implementation to ensure consistency, reusability,
and
integration readiness.
Architecture patterns?
+
Patterns like MVC, Microservices, Layered, and Event-Driven provide reusable
solutions for common design problems and enforce consistency.
Base?
+
BASE is an alternative to ACID for distributed systems: Basically Available
Soft
state Eventually consistent.
Blue-green deployment?
+
Blue-green deployment uses two identical environments to switch traffic
safely
during releases.
Builder pattern?
+
Builder pattern separates the construction of a complex object from its
representation.
Caching?
+
Caching stores frequently used data temporarily for faster access.
Cap theorem trade-off?
+
In distributed systems you can guarantee only two of Consistency
Availability and
Partition tolerance simultaneously.
Cap theorem?
+
CAP theorem states that a distributed system can provide only two of three:
consistency availability partition tolerance.
Cdn?
+
A CDN (Content Delivery Network) delivers content via geographically
distributed
servers to improve performance.
Circuit breaker?
+
Circuit breaker prevents cascading failures in distributed systems by
halting
requests to failing services.
Client-server architecture?
+
Client-server architecture separates clients (users) and servers (service
providers)
communicating over a network.
Cloud-native architecture?
+
Designing applications to leverage cloud features like elasticity,
microservices,
containers, and managed services.
Component-based architecture?
+
It divides a system into modular, reusable components with defined
interfaces,
simplifying maintenance and scalability.
Container?
+
A container packages an application and its dependencies to run consistently
across
environments.
Containerization in architecture?
+
Using containers (like Docker) to package apps with dependencies for
consistent
deployment and scaling.
Cqrs (command query responsibility segregation)?
+
Separates read and write operations for scalability and performance,
commonly used
with event sourcing.
Cqrs?
+
CQRS (Command Query Responsibility Segregation) separates read and write
operations
for better scalability and performance.
Data lake?
+
A data lake stores structured and unstructured data at scale for analytics.
Data warehouse?
+
A data warehouse stores structured processed data optimized for reporting
and
analysis.
Database shard?
+
Database sharding splits data across multiple databases for scalability.
Denormalization?
+
Denormalization adds redundancy for improved read performance at the cost of
storage
and complexity.
Design for security in architecture?
+
Incorporates authentication, authorization, encryption, and secure coding
practices
from the start.
Design pattern in architecture?
+
A design pattern is a repeatable solution to a common software problem
within a
specific context.
Design patterns?
+
Design patterns are reusable solutions to common software design problems.
Diffbet architecture and design?
+
Architecture defines system structure and principles; design focuses on
implementation details within that structure.
Diffbet monolithic and microservices architecture?
+
Monolithic combines all features in one codebase; microservices decouple
services
for independent deployment and scaling.
Diffbet stateless and stateful services?
+
Stateless services do not retain client information between requests;
stateful
services maintain client state.
Diffbet synchronous and asynchronous communication?
+
Synchronous waits for a response; asynchronous allows independent execution,
improving scalability and responsiveness.
Disadvantages of microservices?
+
Challenges include increased complexity distributed system management
network
latency and testing difficulty.
Distributed system?
+
A distributed system consists of multiple independent computers working
together as
a single system.
Docker?
+
Docker is a platform to build ship and run applications in containers.
Domain-driven design (ddd)?
+
DDD is a design approach focusing on modeling software based on complex
business
domains.
Domain-driven design (ddd)?
+
DDD aligns software design with business domains, emphasizing entities,
aggregates,
and bounded contexts.
Event sourcing?
+
Event sourcing stores state changes as a sequence of events rather than the
current
state.
Event sourcing?
+
Stores system state as a sequence of events instead of current snapshots,
enabling
auditability and replay.
Event-driven architecture?
+
Architecture where components communicate by producing and consuming events,
improving decoupling and scalability.
Eventual consistency?
+
Eventual consistency ensures that over time all nodes in a distributed
system
converge to the same state.
Explain acid properties.
+
ACID ensures database reliability: Atomicity Consistency Isolation
Durability.
Explain adapter pattern.
+
Adapter pattern allows incompatible interfaces to work together by
converting one
interface to another.
Explain api throttling.
+
API throttling limits the number of requests a client can make to prevent
overload.
Explain bounded context in ddd.
+
A bounded context defines a boundary within which a particular domain model
applies.
Explain canary deployment.
+
Canary deployment releases a new version to a small subset of users to
monitor
impact before full rollout.
Explain cap theorem.
+
CAP theorem states that a distributed system can only guarantee two of:
Consistency
Availability Partition tolerance.
Explain cdn caching.
+
CDN caching stores content at edge servers near users for faster delivery.
Explain circuit breaker pattern.
+
Circuit breaker prevents repeated failures in distributed systems by
stopping
requests to failing services temporarily.
Explain database normalization.
+
Normalization organizes database tables to reduce redundancy and improve
data
integrity.
Explain decorator pattern.
+
Decorator pattern adds behavior to objects dynamically without modifying
their
structure.
Explain dependency injection.
+
Dependency injection provides components with their dependencies from
external
sources instead of creating them internally.
Explain eager loading.
+
Eager loading retrieves all related data upfront to avoid multiple queries.
Explain etl.
+
ETL (Extract Transform Load) is a process of moving and transforming data
from
source systems to a data warehouse.
Explain event-driven architecture.
+
Event-driven architecture uses events to trigger and communicate between
decoupled
services or components.
Explain eventual consistency vs strong consistency.
+
Eventual consistency allows temporary discrepancies converging later; strong
consistency ensures immediate consistency across nodes.
Explain eventual consistency.
+
Eventual consistency allows data replicas to converge over time without
guaranteeing
immediate consistency.
Explain idempotency.
+
Idempotency ensures that multiple identical requests produce the same result
without
side effects.
Explain layered vs hexagonal architecture.
+
Layered architecture has rigid layers; hexagonal promotes testable decoupled
core
business logic.
Explain message queue.
+
A message queue allows asynchronous communication between components using
messages.
Explain modular monolith.
+
A modular monolith organizes a single application into independent modules
to gain
maintainability without full microservices complexity.
Explain mvc architecture.
+
MVC (Model-View-Controller) separates application logic: Model handles data
View
handles UI and Controller handles input.
Explain mvc vs mvvm.
+
MVC separates Model View Controller; MVVM binds ViewModel with View using
data
binding reducing Controller logic.
Explain oauth.
+
OAuth is an authorization protocol allowing third-party applications to
access user
data without sharing credentials.
Explain polling vs webhooks.
+
Polling repeatedly checks for updates; webhooks notify automatically when an
event
occurs.
Explain retry pattern.
+
Retry pattern resends failed requests with delays to handle transient
failures.
Explain rolling deployment.
+
Rolling deployment gradually replaces old instances with new versions
without
downtime.
Explain rolling vs blue-green deployment.
+
Rolling deployment updates instances gradually; blue-green deployment
switches
traffic between two identical environments.
Explain serverless architecture.
+
Serverless architecture runs code without managing servers; the cloud
provider
handles infrastructure automatically.
Explain service discovery.
+
Service discovery automatically detects services and their endpoints in
dynamic
environments.
Explain singleton pattern.
+
Singleton pattern ensures a class has only one instance and provides a
global access
point.
Explain soap service.
+
SOAP service uses XML-based messages and strict protocols for communication.
Explain sticky sessions.
+
Sticky sessions bind a client to a specific server instance to maintain
state across
multiple requests.
Explain sticky vs stateless sessions.
+
Sticky sessions bind users to a server; stateless sessions allow requests to
be
handled by any server.
Explain strategy pattern.
+
Strategy pattern defines a family of algorithms encapsulates each and makes
them
interchangeable.
Explain synchronous vs asynchronous apis.
+
Synchronous APIs wait for a response; asynchronous APIs allow processing in
the
background without waiting.
Explain the diffbet layered and microservices
architectures.
+
Layered architecture is monolithic with multiple layers; microservices split
functionality into independently deployable services.
Explain the diffbet soa and microservices.
+
SOA is an enterprise-level architecture with larger services; microservices
break
services into smaller independently deployable units.
Explain the diffbet synchronous and asynchronous
communication.
+
Synchronous communication waits for a response immediately; asynchronous
communication does not.
Explain the repository pattern.
+
The repository pattern abstracts data access logic providing a clean
interface to
query and manipulate data.
Explain vertical vs horizontal scaling.
+
Vertical scaling adds resources to a single machine; horizontal scaling adds
more
machines.
Façade pattern?
+
Façade pattern provides a simplified interface to a complex subsystem.
Fault tolerance?
+
Fault-tolerant systems continue functioning correctly even when components
fail,
minimizing downtime and data loss.
Graphql?
+
GraphQL is a query language for APIs allowing clients to request exactly the
data
they need.
Hexagonal architecture?
+
Hexagonal architecture (Ports & Adapters) isolates core logic from external
systems
through adapters.
High availability?
+
High availability ensures a system remains operational and accessible
despite
failures, often using redundancy and failover.
Jwt?
+
JWT (JSON Web Token) is a compact self-contained token used for securely
transmitting information between parties.
Kafka?
+
Kafka is a distributed streaming platform for building real-time data
pipelines and
applications.
Kubernetes?
+
Kubernetes is an orchestration platform to deploy scale and manage
containerized
applications.
Layered architecture?
+
Layered architecture organizes code into layers such as presentation
business and
data access.
Layered architecture?
+
Layers (Presentation, Business, Data) separate concerns, making systems
easier to
develop, maintain, and test.
Lazy loading?
+
Lazy loading delays loading of resources until they are needed.
Load balancer?
+
A load balancer distributes network or application traffic across multiple
servers
to optimize resource use and uptime.
Load balancer?
+
A load balancer distributes traffic across servers to ensure high
availability and
performance.
Load balancing?
+
Load balancing distributes incoming traffic across multiple servers to
improve
performance and reliability.
Maintainability in architecture?
+
Maintainability is ease of making changes, fixing bugs, or adding features
without
affecting other parts of the system.
Message broker?
+
A message broker facilitates communication between services by routing and
transforming messages.
Microkernel architecture?
+
Microkernel architecture provides a minimal core system with plug-in modules
for
extended functionality.
Microservices anti-pattern?
+
Microservices anti-patterns include tight coupling shared databases and
improper
service boundaries.
Microservices architecture?
+
Microservices architecture breaks an application into small independent
services
that communicate over APIs.
Microservices architecture?
+
Microservices split an application into independent, deployable services
communicating via APIs, enhancing flexibility and scalability.
Monolith vs microservices?
+
Monolith is a single deployable application; microservices break
functionality into
independently deployable services.
Monolithic architecture?
+
Monolithic architecture is a single unified application where all components
are
tightly coupled.
Non-functional requirements (nfrs)?
+
NFRs define system qualities like performance, scalability, reliability, and
security rather than features.
Observer pattern?
+
Observer pattern allows objects to subscribe and get notified when another
object
changes state.
Openid connect?
+
OpenID Connect is an authentication layer on top of OAuth 2.0 to verify user
identity.
Orchestration in microservices?
+
Automated management of containers or services using tools like Kubernetes
for
scaling, networking, and fault tolerance.
Performance optimization?
+
Designing systems for low latency, efficient resource usage, and fast
response times
under load.
Proxy pattern?
+
Proxy pattern provides a placeholder or surrogate to control access to
another
object.
Proxy server?
+
A proxy server acts as an intermediary between a client and server for
requests
caching and security.
Rabbitmq?
+
RabbitMQ is a message broker that uses queues to enable asynchronous
communication
between services.
Reference architecture?
+
A reference architecture is a standardized template or blueprint for
building
systems within a domain, promoting best practices.
Rest vs soap?
+
REST is lightweight uses HTTP and stateless; SOAP is protocol-based heavier
and
supports strict contracts.
Restful architecture?
+
RESTful architecture uses stateless HTTP requests to manipulate resources
following
REST principles.
Restful service?
+
A RESTful service follows REST principles using standard HTTP methods for
communication.
Reverse proxy?
+
A reverse proxy receives requests on behalf of servers and forwards them
often for
load balancing or security.
Reverse proxy?
+
A reverse proxy forwards requests from clients to backend servers often for
load
balancing.
Role of architecture documentation?
+
Communicates system structure, decisions, and rationale to stakeholders,
enabling
clarity and informed decision-making.
Role of architecture in devops?
+
Ensures system design supports CI/CD pipelines, automated testing,
monitoring, and
fast deployment cycles.
Scalability in architecture?
+
Scalability is a system’s ability to handle growing workloads by adding
resources
vertically or horizontally.
Service mesh?
+
A service mesh manages communication between microservices providing
features like
routing security and observability.
Service registry?
+
A service registry keeps track of all available services and their endpoints
for
dynamic discovery in microservices.
Service-oriented architecture (soa)?
+
SOA organizes software as interoperable services with standard communication
protocols, promoting reuse across systems.
Sharding vs partitioning?
+
Sharding splits data horizontally across databases; partitioning divides
tables
within a database for management and performance.
Software architecture?
+
Software architecture defines the high-level structure of a system including
its
components their relationships and how they interact.
Software architecture?
+
Software architecture defines the high-level structure of a system, its
components,
and their interactions. It ensures scalability, maintainability, and
alignment with
business goals.
Solid principles?
+
SOLID principles guide object-oriented design: Single responsibility
Open/closed
Liskov substitution Interface segregation Dependency inversion.
Solution architecture vs enterprise architecture?
+
Solution architecture focuses on a specific project or system; enterprise
architecture aligns all IT systems with business strategy.
Strangler pattern?
+
Strangler pattern gradually replaces legacy systems with new services over
time.
Technical debt?
+
Accumulated shortcuts in design or code that require future rework,
impacting
maintainability and quality.
Token-based authentication?
+
Token-based authentication uses tokens to authenticate users without storing
session
state on the server.
Trade-off in architecture?
+
Balancing conflicting requirements like performance vs cost or flexibility
vs
simplicity to make informed design decisions.
Advantages of microservices?
+
Microservices offer scalability flexibility independent deployment fault
isolation
and easier maintenance.
Api gateway in microservices?
+
API Gateway is a single entry point for microservices handling routing
authentication and monitoring.
Api?
+
An API (Application Programming Interface) allows software systems to
communicate
using defined interfaces.
Api-first design?
+
APIs are designed before implementation to ensure consistency, reusability,
and
integration readiness.
Architecture patterns?
+
Patterns like MVC, Microservices, Layered, and Event-Driven provide reusable
solutions for common design problems and enforce consistency.
Base?
+
BASE is an alternative to ACID for distributed systems: Basically Available
Soft
state Eventually consistent.
Blue-green deployment?
+
Blue-green deployment uses two identical environments to switch traffic
safely
during releases.
Builder pattern?
+
Builder pattern separates the construction of a complex object from its
representation.
Caching?
+
Caching stores frequently used data temporarily for faster access.
Cap theorem trade-off?
+
In distributed systems you can guarantee only two of Consistency
Availability and
Partition tolerance simultaneously.
Cap theorem?
+
CAP theorem states that a distributed system can provide only two of three:
consistency availability partition tolerance.
Cdn?
+
A CDN (Content Delivery Network) delivers content via geographically
distributed
servers to improve performance.
Circuit breaker?
+
Circuit breaker prevents cascading failures in distributed systems by
halting
requests to failing services.
Client-server architecture?
+
Client-server architecture separates clients (users) and servers (service
providers)
communicating over a network.
Cloud-native architecture?
+
Designing applications to leverage cloud features like elasticity,
microservices,
containers, and managed services.
Component-based architecture?
+
It divides a system into modular, reusable components with defined
interfaces,
simplifying maintenance and scalability.
Container?
+
A container packages an application and its dependencies to run consistently
across
environments.
Containerization in architecture?
+
Using containers (like Docker) to package apps with dependencies for
consistent
deployment and scaling.
Cqrs (command query responsibility segregation)?
+
Separates read and write operations for scalability and performance,
commonly used
with event sourcing.
Cqrs?
+
CQRS (Command Query Responsibility Segregation) separates read and write
operations
for better scalability and performance.
Data lake?
+
A data lake stores structured and unstructured data at scale for analytics.
Data warehouse?
+
A data warehouse stores structured processed data optimized for reporting
and
analysis.
Database shard?
+
Database sharding splits data across multiple databases for scalability.
Denormalization?
+
Denormalization adds redundancy for improved read performance at the cost of
storage
and complexity.
Design for security in architecture?
+
Incorporates authentication, authorization, encryption, and secure coding
practices
from the start.
Design pattern in architecture?
+
A design pattern is a repeatable solution to a common software problem
within a
specific context.
Design patterns?
+
Design patterns are reusable solutions to common software design problems.
Diffbet architecture and design?
+
Architecture defines system structure and principles; design focuses on
implementation details within that structure.
Diffbet monolithic and microservices architecture?
+
Monolithic combines all features in one codebase; microservices decouple
services
for independent deployment and scaling.
Diffbet stateless and stateful services?
+
Stateless services do not retain client information between requests;
stateful
services maintain client state.
Diffbet synchronous and asynchronous communication?
+
Synchronous waits for a response; asynchronous allows independent execution,
improving scalability and responsiveness.
Disadvantages of microservices?
+
Challenges include increased complexity distributed system management
network
latency and testing difficulty.
Distributed system?
+
A distributed system consists of multiple independent computers working
together as
a single system.
Docker?
+
Docker is a platform to build ship and run applications in containers.
Domain-driven design (ddd)?
+
DDD is a design approach focusing on modeling software based on complex
business
domains.
Domain-driven design (ddd)?
+
DDD aligns software design with business domains, emphasizing entities,
aggregates,
and bounded contexts.
Event sourcing?
+
Event sourcing stores state changes as a sequence of events rather than the
current
state.
Event sourcing?
+
Stores system state as a sequence of events instead of current snapshots,
enabling
auditability and replay.
Event-driven architecture?
+
Architecture where components communicate by producing and consuming events,
improving decoupling and scalability.
Eventual consistency?
+
Eventual consistency ensures that over time all nodes in a distributed
system
converge to the same state.
Explain acid properties.
+
ACID ensures database reliability: Atomicity Consistency Isolation
Durability.
Explain adapter pattern.
+
Adapter pattern allows incompatible interfaces to work together by
converting one
interface to another.
Explain api throttling.
+
API throttling limits the number of requests a client can make to prevent
overload.
Explain bounded context in ddd.
+
A bounded context defines a boundary within which a particular domain model
applies.
Explain canary deployment.
+
Canary deployment releases a new version to a small subset of users to
monitor
impact before full rollout.
Explain cap theorem.
+
CAP theorem states that a distributed system can only guarantee two of:
Consistency
Availability Partition tolerance.
Explain cdn caching.
+
CDN caching stores content at edge servers near users for faster delivery.
Explain circuit breaker pattern.
+
Circuit breaker prevents repeated failures in distributed systems by
stopping
requests to failing services temporarily.
Explain database normalization.
+
Normalization organizes database tables to reduce redundancy and improve
data
integrity.
Explain decorator pattern.
+
Decorator pattern adds behavior to objects dynamically without modifying
their
structure.
Explain dependency injection.
+
Dependency injection provides components with their dependencies from
external
sources instead of creating them internally.
Explain eager loading.
+
Eager loading retrieves all related data upfront to avoid multiple queries.
Explain etl.
+
ETL (Extract Transform Load) is a process of moving and transforming data
from
source systems to a data warehouse.
Explain event-driven architecture.
+
Event-driven architecture uses events to trigger and communicate between
decoupled
services or components.
Explain eventual consistency vs strong consistency.
+
Eventual consistency allows temporary discrepancies converging later; strong
consistency ensures immediate consistency across nodes.
Explain eventual consistency.
+
Eventual consistency allows data replicas to converge over time without
guaranteeing
immediate consistency.
Explain idempotency.
+
Idempotency ensures that multiple identical requests produce the same result
without
side effects.
Explain layered vs hexagonal architecture.
+
Layered architecture has rigid layers; hexagonal promotes testable decoupled
core
business logic.
Explain message queue.
+
A message queue allows asynchronous communication between components using
messages.
Explain modular monolith.
+
A modular monolith organizes a single application into independent modules
to gain
maintainability without full microservices complexity.
Explain mvc architecture.
+
MVC (Model-View-Controller) separates application logic: Model handles data
View
handles UI and Controller handles input.
Explain mvc vs mvvm.
+
MVC separates Model View Controller; MVVM binds ViewModel with View using
data
binding reducing Controller logic.
Explain oauth.
+
OAuth is an authorization protocol allowing third-party applications to
access user
data without sharing credentials.
Explain polling vs webhooks.
+
Polling repeatedly checks for updates; webhooks notify automatically when an
event
occurs.
Explain retry pattern.
+
Retry pattern resends failed requests with delays to handle transient
failures.
Explain rolling deployment.
+
Rolling deployment gradually replaces old instances with new versions
without
downtime.
Explain rolling vs blue-green deployment.
+
Rolling deployment updates instances gradually; blue-green deployment
switches
traffic between two identical environments.
Explain serverless architecture.
+
Serverless architecture runs code without managing servers; the cloud
provider
handles infrastructure automatically.
Explain service discovery.
+
Service discovery automatically detects services and their endpoints in
dynamic
environments.
Explain singleton pattern.
+
Singleton pattern ensures a class has only one instance and provides a
global access
point.
Explain soap service.
+
SOAP service uses XML-based messages and strict protocols for communication.
Explain sticky sessions.
+
Sticky sessions bind a client to a specific server instance to maintain
state across
multiple requests.
Explain sticky vs stateless sessions.
+
Sticky sessions bind users to a server; stateless sessions allow requests to
be
handled by any server.
Explain strategy pattern.
+
Strategy pattern defines a family of algorithms encapsulates each and makes
them
interchangeable.
Explain synchronous vs asynchronous apis.
+
Synchronous APIs wait for a response; asynchronous APIs allow processing in
the
background without waiting.
Explain the diffbet layered and microservices
architectures.
+
Layered architecture is monolithic with multiple layers; microservices split
functionality into independently deployable services.
Explain the diffbet soa and microservices.
+
SOA is an enterprise-level architecture with larger services; microservices
break
services into smaller independently deployable units.
Explain the diffbet synchronous and asynchronous
communication.
+
Synchronous communication waits for a response immediately; asynchronous
communication does not.
Explain the repository pattern.
+
The repository pattern abstracts data access logic providing a clean
interface to
query and manipulate data.
Explain vertical vs horizontal scaling.
+
Vertical scaling adds resources to a single machine; horizontal scaling adds
more
machines.
Façade pattern?
+
Façade pattern provides a simplified interface to a complex subsystem.
Fault tolerance?
+
Fault-tolerant systems continue functioning correctly even when components
fail,
minimizing downtime and data loss.
Graphql?
+
GraphQL is a query language for APIs allowing clients to request exactly the
data
they need.
Hexagonal architecture?
+
Hexagonal architecture (Ports & Adapters) isolates core logic from external
systems
through adapters.
High availability?
+
High availability ensures a system remains operational and accessible
despite
failures, often using redundancy and failover.
Jwt?
+
JWT (JSON Web Token) is a compact self-contained token used for securely
transmitting information between parties.
Kafka?
+
Kafka is a distributed streaming platform for building real-time data
pipelines and
applications.
Kubernetes?
+
Kubernetes is an orchestration platform to deploy scale and manage
containerized
applications.
Layered architecture?
+
Layered architecture organizes code into layers such as presentation
business and
data access.
Layered architecture?
+
Layers (Presentation, Business, Data) separate concerns, making systems
easier to
develop, maintain, and test.
Lazy loading?
+
Lazy loading delays loading of resources until they are needed.
Load balancer?
+
A load balancer distributes network or application traffic across multiple
servers
to optimize resource use and uptime.
Load balancer?
+
A load balancer distributes traffic across servers to ensure high
availability and
performance.
Load balancing?
+
Load balancing distributes incoming traffic across multiple servers to
improve
performance and reliability.
Maintainability in architecture?
+
Maintainability is ease of making changes, fixing bugs, or adding features
without
affecting other parts of the system.
Message broker?
+
A message broker facilitates communication between services by routing and
transforming messages.
Microkernel architecture?
+
Microkernel architecture provides a minimal core system with plug-in modules
for
extended functionality.
Microservices anti-pattern?
+
Microservices anti-patterns include tight coupling shared databases and
improper
service boundaries.
Microservices architecture?
+
Microservices architecture breaks an application into small independent
services
that communicate over APIs.
Microservices architecture?
+
Microservices split an application into independent, deployable services
communicating via APIs, enhancing flexibility and scalability.
Monolith vs microservices?
+
Monolith is a single deployable application; microservices break
functionality into
independently deployable services.
Monolithic architecture?
+
Monolithic architecture is a single unified application where all components
are
tightly coupled.
Non-functional requirements (nfrs)?
+
NFRs define system qualities like performance, scalability, reliability, and
security rather than features.
Observer pattern?
+
Observer pattern allows objects to subscribe and get notified when another
object
changes state.
Openid connect?
+
OpenID Connect is an authentication layer on top of OAuth 2.0 to verify user
identity.
Orchestration in microservices?
+
Automated management of containers or services using tools like Kubernetes
for
scaling, networking, and fault tolerance.
Performance optimization?
+
Designing systems for low latency, efficient resource usage, and fast
response times
under load.
Proxy pattern?
+
Proxy pattern provides a placeholder or surrogate to control access to
another
object.
Proxy server?
+
A proxy server acts as an intermediary between a client and server for
requests
caching and security.
Rabbitmq?
+
RabbitMQ is a message broker that uses queues to enable asynchronous
communication
between services.
Reference architecture?
+
A reference architecture is a standardized template or blueprint for
building
systems within a domain, promoting best practices.
Rest vs soap?
+
REST is lightweight uses HTTP and stateless; SOAP is protocol-based heavier
and
supports strict contracts.
Restful architecture?
+
RESTful architecture uses stateless HTTP requests to manipulate resources
following
REST principles.
Restful service?
+
A RESTful service follows REST principles using standard HTTP methods for
communication.
Reverse proxy?
+
A reverse proxy receives requests on behalf of servers and forwards them
often for
load balancing or security.
Reverse proxy?
+
A reverse proxy forwards requests from clients to backend servers often for
load
balancing.
Role of architecture documentation?
+
Communicates system structure, decisions, and rationale to stakeholders,
enabling
clarity and informed decision-making.
Role of architecture in devops?
+
Ensures system design supports CI/CD pipelines, automated testing,
monitoring, and
fast deployment cycles.
Scalability in architecture?
+
Scalability is a system’s ability to handle growing workloads by adding
resources
vertically or horizontally.
Service mesh?
+
A service mesh manages communication between microservices providing
features like
routing security and observability.
Service registry?
+
A service registry keeps track of all available services and their endpoints
for
dynamic discovery in microservices.
Service-oriented architecture (soa)?
+
SOA organizes software as interoperable services with standard communication
protocols, promoting reuse across systems.
Sharding vs partitioning?
+
Sharding splits data horizontally across databases; partitioning divides
tables
within a database for management and performance.
Software architecture?
+
Software architecture defines the high-level structure of a system including
its
components their relationships and how they interact.
Software architecture?
+
Software architecture defines the high-level structure of a system, its
components,
and their interactions. It ensures scalability, maintainability, and
alignment with
business goals.
Solid principles?
+
SOLID principles guide object-oriented design: Single responsibility
Open/closed
Liskov substitution Interface segregation Dependency inversion.
Solution architecture vs enterprise architecture?
+
Solution architecture focuses on a specific project or system; enterprise
architecture aligns all IT systems with business strategy.
Strangler pattern?
+
Strangler pattern gradually replaces legacy systems with new services over
time.
Technical debt?
+
Accumulated shortcuts in design or code that require future rework,
impacting
maintainability and quality.
Token-based authentication?
+
Token-based authentication uses tokens to authenticate users without storing
session
state on the server.
Trade-off in architecture?
+
Balancing conflicting requirements like performance vs cost or flexibility
vs
simplicity to make informed design decisions.
Advantages of microservices?
+
Microservices offer scalability flexibility independent deployment fault
isolation
and easier maintenance.
Api gateway in microservices?
+
API Gateway is a single entry point for microservices handling routing
authentication and monitoring.
Api?
+
An API (Application Programming Interface) allows software systems to
communicate
using defined interfaces.
Api-first design?
+
APIs are designed before implementation to ensure consistency, reusability,
and
integration readiness.
Architecture patterns?
+
Patterns like MVC, Microservices, Layered, and Event-Driven provide reusable
solutions for common design problems and enforce consistency.
Base?
+
BASE is an alternative to ACID for distributed systems: Basically Available
Soft
state Eventually consistent.
Blue-green deployment?
+
Blue-green deployment uses two identical environments to switch traffic
safely
during releases.
Builder pattern?
+
Builder pattern separates the construction of a complex object from its
representation.
Caching?
+
Caching stores frequently used data temporarily for faster access.
Cap theorem trade-off?
+
In distributed systems you can guarantee only two of Consistency
Availability and
Partition tolerance simultaneously.
Cap theorem?
+
CAP theorem states that a distributed system can provide only two of three:
consistency availability partition tolerance.
Cdn?
+
A CDN (Content Delivery Network) delivers content via geographically
distributed
servers to improve performance.
Circuit breaker?
+
Circuit breaker prevents cascading failures in distributed systems by
halting
requests to failing services.
Client-server architecture?
+
Client-server architecture separates clients (users) and servers (service
providers)
communicating over a network.
Cloud-native architecture?
+
Designing applications to leverage cloud features like elasticity,
microservices,
containers, and managed services.
Component-based architecture?
+
It divides a system into modular, reusable components with defined
interfaces,
simplifying maintenance and scalability.
Container?
+
A container packages an application and its dependencies to run consistently
across
environments.
Containerization in architecture?
+
Using containers (like Docker) to package apps with dependencies for
consistent
deployment and scaling.
Cqrs (command query responsibility segregation)?
+
Separates read and write operations for scalability and performance,
commonly used
with event sourcing.
Cqrs?
+
CQRS (Command Query Responsibility Segregation) separates read and write
operations
for better scalability and performance.
Data lake?
+
A data lake stores structured and unstructured data at scale for analytics.
Data warehouse?
+
A data warehouse stores structured processed data optimized for reporting
and
analysis.
Database shard?
+
Database sharding splits data across multiple databases for scalability.
Denormalization?
+
Denormalization adds redundancy for improved read performance at the cost of
storage
and complexity.
Design for security in architecture?
+
Incorporates authentication, authorization, encryption, and secure coding
practices
from the start.
Design pattern in architecture?
+
A design pattern is a repeatable solution to a common software problem
within a
specific context.
Design patterns?
+
Design patterns are reusable solutions to common software design problems.
Diffbet architecture and design?
+
Architecture defines system structure and principles; design focuses on
implementation details within that structure.
Diffbet monolithic and microservices architecture?
+
Monolithic combines all features in one codebase; microservices decouple
services
for independent deployment and scaling.
Diffbet stateless and stateful services?
+
Stateless services do not retain client information between requests;
stateful
services maintain client state.
Diffbet synchronous and asynchronous communication?
+
Synchronous waits for a response; asynchronous allows independent execution,
improving scalability and responsiveness.
Disadvantages of microservices?
+
Challenges include increased complexity distributed system management
network
latency and testing difficulty.
Distributed system?
+
A distributed system consists of multiple independent computers working
together as
a single system.
Docker?
+
Docker is a platform to build ship and run applications in containers.
Domain-driven design (ddd)?
+
DDD is a design approach focusing on modeling software based on complex
business
domains.
Domain-driven design (ddd)?
+
DDD aligns software design with business domains, emphasizing entities,
aggregates,
and bounded contexts.
Event sourcing?
+
Event sourcing stores state changes as a sequence of events rather than the
current
state.
Event sourcing?
+
Stores system state as a sequence of events instead of current snapshots,
enabling
auditability and replay.
Event-driven architecture?
+
Architecture where components communicate by producing and consuming events,
improving decoupling and scalability.
Eventual consistency?
+
Eventual consistency ensures that over time all nodes in a distributed
system
converge to the same state.
Explain acid properties.
+
ACID ensures database reliability: Atomicity Consistency Isolation
Durability.
Explain adapter pattern.
+
Adapter pattern allows incompatible interfaces to work together by
converting one
interface to another.
Explain api throttling.
+
API throttling limits the number of requests a client can make to prevent
overload.
Explain bounded context in ddd.
+
A bounded context defines a boundary within which a particular domain model
applies.
Explain canary deployment.
+
Canary deployment releases a new version to a small subset of users to
monitor
impact before full rollout.
Explain cap theorem.
+
CAP theorem states that a distributed system can only guarantee two of:
Consistency
Availability Partition tolerance.
Explain cdn caching.
+
CDN caching stores content at edge servers near users for faster delivery.
Explain circuit breaker pattern.
+
Circuit breaker prevents repeated failures in distributed systems by
stopping
requests to failing services temporarily.
Explain database normalization.
+
Normalization organizes database tables to reduce redundancy and improve
data
integrity.
Explain decorator pattern.
+
Decorator pattern adds behavior to objects dynamically without modifying
their
structure.
Explain dependency injection.
+
Dependency injection provides components with their dependencies from
external
sources instead of creating them internally.
Explain eager loading.
+
Eager loading retrieves all related data upfront to avoid multiple queries.
Explain etl.
+
ETL (Extract Transform Load) is a process of moving and transforming data
from
source systems to a data warehouse.
Explain event-driven architecture.
+
Event-driven architecture uses events to trigger and communicate between
decoupled
services or components.
Explain eventual consistency vs strong consistency.
+
Eventual consistency allows temporary discrepancies converging later; strong
consistency ensures immediate consistency across nodes.
Explain eventual consistency.
+
Eventual consistency allows data replicas to converge over time without
guaranteeing
immediate consistency.
Explain idempotency.
+
Idempotency ensures that multiple identical requests produce the same result
without
side effects.
Explain layered vs hexagonal architecture.
+
Layered architecture has rigid layers; hexagonal promotes testable decoupled
core
business logic.
Explain message queue.
+
A message queue allows asynchronous communication between components using
messages.
Explain modular monolith.
+
A modular monolith organizes a single application into independent modules
to gain
maintainability without full microservices complexity.
Explain mvc architecture.
+
MVC (Model-View-Controller) separates application logic: Model handles data
View
handles UI and Controller handles input.
Explain mvc vs mvvm.
+
MVC separates Model View Controller; MVVM binds ViewModel with View using
data
binding reducing Controller logic.
Explain oauth.
+
OAuth is an authorization protocol allowing third-party applications to
access user
data without sharing credentials.
Explain polling vs webhooks.
+
Polling repeatedly checks for updates; webhooks notify automatically when an
event
occurs.
Explain retry pattern.
+
Retry pattern resends failed requests with delays to handle transient
failures.
Explain rolling deployment.
+
Rolling deployment gradually replaces old instances with new versions
without
downtime.
Explain rolling vs blue-green deployment.
+
Rolling deployment updates instances gradually; blue-green deployment
switches
traffic between two identical environments.
Explain serverless architecture.
+
Serverless architecture runs code without managing servers; the cloud
provider
handles infrastructure automatically.
Explain service discovery.
+
Service discovery automatically detects services and their endpoints in
dynamic
environments.
Explain singleton pattern.
+
Singleton pattern ensures a class has only one instance and provides a
global access
point.
Explain soap service.
+
SOAP service uses XML-based messages and strict protocols for communication.
Explain sticky sessions.
+
Sticky sessions bind a client to a specific server instance to maintain
state across
multiple requests.
Explain sticky vs stateless sessions.
+
Sticky sessions bind users to a server; stateless sessions allow requests to
be
handled by any server.
Explain strategy pattern.
+
Strategy pattern defines a family of algorithms encapsulates each and makes
them
interchangeable.
Explain synchronous vs asynchronous apis.
+
Synchronous APIs wait for a response; asynchronous APIs allow processing in
the
background without waiting.
Explain the diffbet layered and microservices
architectures.
+
Layered architecture is monolithic with multiple layers; microservices split
functionality into independently deployable services.
Explain the diffbet soa and microservices.
+
SOA is an enterprise-level architecture with larger services; microservices
break
services into smaller independently deployable units.
Explain the diffbet synchronous and asynchronous
communication.
+
Synchronous communication waits for a response immediately; asynchronous
communication does not.
Explain the repository pattern.
+
The repository pattern abstracts data access logic providing a clean
interface to
query and manipulate data.
Explain vertical vs horizontal scaling.
+
Vertical scaling adds resources to a single machine; horizontal scaling adds
more
machines.
Façade pattern?
+
Façade pattern provides a simplified interface to a complex subsystem.
Fault tolerance?
+
Fault-tolerant systems continue functioning correctly even when components
fail,
minimizing downtime and data loss.
Graphql?
+
GraphQL is a query language for APIs allowing clients to request exactly the
data
they need.
Hexagonal architecture?
+
Hexagonal architecture (Ports & Adapters) isolates core logic from external
systems
through adapters.
High availability?
+
High availability ensures a system remains operational and accessible
despite
failures, often using redundancy and failover.
Jwt?
+
JWT (JSON Web Token) is a compact self-contained token used for securely
transmitting information between parties.
Kafka?
+
Kafka is a distributed streaming platform for building real-time data
pipelines and
applications.
Kubernetes?
+
Kubernetes is an orchestration platform to deploy scale and manage
containerized
applications.
Layered architecture?
+
Layered architecture organizes code into layers such as presentation
business and
data access.
Layered architecture?
+
Layers (Presentation, Business, Data) separate concerns, making systems
easier to
develop, maintain, and test.
Lazy loading?
+
Lazy loading delays loading of resources until they are needed.
Load balancer?
+
A load balancer distributes network or application traffic across multiple
servers
to optimize resource use and uptime.
Load balancer?
+
A load balancer distributes traffic across servers to ensure high
availability and
performance.
Load balancing?
+
Load balancing distributes incoming traffic across multiple servers to
improve
performance and reliability.
Maintainability in architecture?
+
Maintainability is ease of making changes, fixing bugs, or adding features
without
affecting other parts of the system.
Message broker?
+
A message broker facilitates communication between services by routing and
transforming messages.
Microkernel architecture?
+
Microkernel architecture provides a minimal core system with plug-in modules
for
extended functionality.
Microservices anti-pattern?
+
Microservices anti-patterns include tight coupling shared databases and
improper
service boundaries.
Microservices architecture?
+
Microservices architecture breaks an application into small independent
services
that communicate over APIs.
Microservices architecture?
+
Microservices split an application into independent, deployable services
communicating via APIs, enhancing flexibility and scalability.
Monolith vs microservices?
+
Monolith is a single deployable application; microservices break
functionality into
independently deployable services.
Monolithic architecture?
+
Monolithic architecture is a single unified application where all components
are
tightly coupled.
Non-functional requirements (nfrs)?
+
NFRs define system qualities like performance, scalability, reliability, and
security rather than features.
Observer pattern?
+
Observer pattern allows objects to subscribe and get notified when another
object
changes state.
Openid connect?
+
OpenID Connect is an authentication layer on top of OAuth 2.0 to verify user
identity.
Orchestration in microservices?
+
Automated management of containers or services using tools like Kubernetes
for
scaling, networking, and fault tolerance.
Performance optimization?
+
Designing systems for low latency, efficient resource usage, and fast
response times
under load.
Proxy pattern?
+
Proxy pattern provides a placeholder or surrogate to control access to
another
object.
Proxy server?
+
A proxy server acts as an intermediary between a client and server for
requests
caching and security.
Rabbitmq?
+
RabbitMQ is a message broker that uses queues to enable asynchronous
communication
between services.
Reference architecture?
+
A reference architecture is a standardized template or blueprint for
building
systems within a domain, promoting best practices.
Rest vs soap?
+
REST is lightweight uses HTTP and stateless; SOAP is protocol-based heavier
and
supports strict contracts.
Restful architecture?
+
RESTful architecture uses stateless HTTP requests to manipulate resources
following
REST principles.
Restful service?
+
A RESTful service follows REST principles using standard HTTP methods for
communication.
Reverse proxy?
+
A reverse proxy receives requests on behalf of servers and forwards them
often for
load balancing or security.
Reverse proxy?
+
A reverse proxy forwards requests from clients to backend servers often for
load
balancing.
Role of architecture documentation?
+
Communicates system structure, decisions, and rationale to stakeholders,
enabling
clarity and informed decision-making.
Role of architecture in devops?
+
Ensures system design supports CI/CD pipelines, automated testing,
monitoring, and
fast deployment cycles.
Scalability in architecture?
+
Scalability is a system’s ability to handle growing workloads by adding
resources
vertically or horizontally.
Service mesh?
+
A service mesh manages communication between microservices providing
features like
routing security and observability.
Service registry?
+
A service registry keeps track of all available services and their endpoints
for
dynamic discovery in microservices.
Service-oriented architecture (soa)?
+
SOA organizes software as interoperable services with standard communication
protocols, promoting reuse across systems.
Sharding vs partitioning?
+
Sharding splits data horizontally across databases; partitioning divides
tables
within a database for management and performance.
Software architecture?
+
Software architecture defines the high-level structure of a system including
its
components their relationships and how they interact.
Software architecture?
+
Software architecture defines the high-level structure of a system, its
components,
and their interactions. It ensures scalability, maintainability, and
alignment with
business goals.
Solid principles?
+
SOLID principles guide object-oriented design: Single responsibility
Open/closed
Liskov substitution Interface segregation Dependency inversion.
Solution architecture vs enterprise architecture?
+
Solution architecture focuses on a specific project or system; enterprise
architecture aligns all IT systems with business strategy.
Strangler pattern?
+
Strangler pattern gradually replaces legacy systems with new services over
time.
Technical debt?
+
Accumulated shortcuts in design or code that require future rework,
impacting
maintainability and quality.
Token-based authentication?
+
Token-based authentication uses tokens to authenticate users without storing
session
state on the server.
Trade-off in architecture?
+
Balancing conflicting requirements like performance vs cost or flexibility
vs
simplicity to make informed design decisions.
Advantages of microservices?
+
Microservices offer scalability flexibility independent deployment fault
isolation
and easier maintenance.
Api gateway in microservices?
+
API Gateway is a single entry point for microservices handling routing
authentication and monitoring.
Api?
+
An API (Application Programming Interface) allows software systems to
communicate
using defined interfaces.
Api-first design?
+
APIs are designed before implementation to ensure consistency, reusability,
and
integration readiness.
Architecture patterns?
+
Patterns like MVC, Microservices, Layered, and Event-Driven provide reusable
solutions for common design problems and enforce consistency.
Base?
+
BASE is an alternative to ACID for distributed systems: Basically Available
Soft
state Eventually consistent.
Blue-green deployment?
+
Blue-green deployment uses two identical environments to switch traffic
safely
during releases.
Builder pattern?
+
Builder pattern separates the construction of a complex object from its
representation.
Caching?
+
Caching stores frequently used data temporarily for faster access.
Cap theorem trade-off?
+
In distributed systems you can guarantee only two of Consistency
Availability and
Partition tolerance simultaneously.
Cap theorem?
+
CAP theorem states that a distributed system can provide only two of three:
consistency availability partition tolerance.
Cdn?
+
A CDN (Content Delivery Network) delivers content via geographically
distributed
servers to improve performance.
Circuit breaker?
+
Circuit breaker prevents cascading failures in distributed systems by
halting
requests to failing services.
Client-server architecture?
+
Client-server architecture separates clients (users) and servers (service
providers)
communicating over a network.
Cloud-native architecture?
+
Designing applications to leverage cloud features like elasticity,
microservices,
containers, and managed services.
Component-based architecture?
+
It divides a system into modular, reusable components with defined
interfaces,
simplifying maintenance and scalability.
Container?
+
A container packages an application and its dependencies to run consistently
across
environments.
Containerization in architecture?
+
Using containers (like Docker) to package apps with dependencies for
consistent
deployment and scaling.
Cqrs (command query responsibility segregation)?
+
Separates read and write operations for scalability and performance,
commonly used
with event sourcing.
Cqrs?
+
CQRS (Command Query Responsibility Segregation) separates read and write
operations
for better scalability and performance.
Data lake?
+
A data lake stores structured and unstructured data at scale for analytics.
Data warehouse?
+
A data warehouse stores structured processed data optimized for reporting
and
analysis.
Database shard?
+
Database sharding splits data across multiple databases for scalability.
Denormalization?
+
Denormalization adds redundancy for improved read performance at the cost of
storage
and complexity.
Design for security in architecture?
+
Incorporates authentication, authorization, encryption, and secure coding
practices
from the start.
Design pattern in architecture?
+
A design pattern is a repeatable solution to a common software problem
within a
specific context.
Design patterns?
+
Design patterns are reusable solutions to common software design problems.
Diffbet architecture and design?
+
Architecture defines system structure and principles; design focuses on
implementation details within that structure.
Diffbet monolithic and microservices architecture?
+
Monolithic combines all features in one codebase; microservices decouple
services
for independent deployment and scaling.
Diffbet stateless and stateful services?
+
Stateless services do not retain client information between requests;
stateful
services maintain client state.
Diffbet synchronous and asynchronous communication?
+
Synchronous waits for a response; asynchronous allows independent execution,
improving scalability and responsiveness.
Disadvantages of microservices?
+
Challenges include increased complexity distributed system management
network
latency and testing difficulty.
Distributed system?
+
A distributed system consists of multiple independent computers working
together as
a single system.
Docker?
+
Docker is a platform to build ship and run applications in containers.
Domain-driven design (ddd)?
+
DDD is a design approach focusing on modeling software based on complex
business
domains.
Domain-driven design (ddd)?
+
DDD aligns software design with business domains, emphasizing entities,
aggregates,
and bounded contexts.
Event sourcing?
+
Event sourcing stores state changes as a sequence of events rather than the
current
state.
Event sourcing?
+
Stores system state as a sequence of events instead of current snapshots,
enabling
auditability and replay.
Event-driven architecture?
+
Architecture where components communicate by producing and consuming events,
improving decoupling and scalability.
Eventual consistency?
+
Eventual consistency ensures that over time all nodes in a distributed
system
converge to the same state.
Explain acid properties.
+
ACID ensures database reliability: Atomicity Consistency Isolation
Durability.
Explain adapter pattern.
+
Adapter pattern allows incompatible interfaces to work together by
converting one
interface to another.
Explain api throttling.
+
API throttling limits the number of requests a client can make to prevent
overload.
Explain bounded context in ddd.
+
A bounded context defines a boundary within which a particular domain model
applies.
Explain canary deployment.
+
Canary deployment releases a new version to a small subset of users to
monitor
impact before full rollout.
Explain cap theorem.
+
CAP theorem states that a distributed system can only guarantee two of:
Consistency
Availability Partition tolerance.
Explain cdn caching.
+
CDN caching stores content at edge servers near users for faster delivery.
Explain circuit breaker pattern.
+
Circuit breaker prevents repeated failures in distributed systems by
stopping
requests to failing services temporarily.
Explain database normalization.
+
Normalization organizes database tables to reduce redundancy and improve
data
integrity.
Explain decorator pattern.
+
Decorator pattern adds behavior to objects dynamically without modifying
their
structure.
Explain dependency injection.
+
Dependency injection provides components with their dependencies from
external
sources instead of creating them internally.
Explain eager loading.
+
Eager loading retrieves all related data upfront to avoid multiple queries.
Explain etl.
+
ETL (Extract Transform Load) is a process of moving and transforming data
from
source systems to a data warehouse.
Explain event-driven architecture.
+
Event-driven architecture uses events to trigger and communicate between
decoupled
services or components.
Explain eventual consistency vs strong consistency.
+
Eventual consistency allows temporary discrepancies converging later; strong
consistency ensures immediate consistency across nodes.
Explain eventual consistency.
+
Eventual consistency allows data replicas to converge over time without
guaranteeing
immediate consistency.
Explain idempotency.
+
Idempotency ensures that multiple identical requests produce the same result
without
side effects.
Explain layered vs hexagonal architecture.
+
Layered architecture has rigid layers; hexagonal promotes testable decoupled
core
business logic.
Explain message queue.
+
A message queue allows asynchronous communication between components using
messages.
Explain modular monolith.
+
A modular monolith organizes a single application into independent modules
to gain
maintainability without full microservices complexity.
Explain mvc architecture.
+
MVC (Model-View-Controller) separates application logic: Model handles data
View
handles UI and Controller handles input.
Explain mvc vs mvvm.
+
MVC separates Model View Controller; MVVM binds ViewModel with View using
data
binding reducing Controller logic.
Explain oauth.
+
OAuth is an authorization protocol allowing third-party applications to
access user
data without sharing credentials.
Explain polling vs webhooks.
+
Polling repeatedly checks for updates; webhooks notify automatically when an
event
occurs.
Explain retry pattern.
+
Retry pattern resends failed requests with delays to handle transient
failures.
Explain rolling deployment.
+
Rolling deployment gradually replaces old instances with new versions
without
downtime.
Explain rolling vs blue-green deployment.
+
Rolling deployment updates instances gradually; blue-green deployment
switches
traffic between two identical environments.
Explain serverless architecture.
+
Serverless architecture runs code without managing servers; the cloud
provider
handles infrastructure automatically.
Explain service discovery.
+
Service discovery automatically detects services and their endpoints in
dynamic
environments.
Explain singleton pattern.
+
Singleton pattern ensures a class has only one instance and provides a
global access
point.
Explain soap service.
+
SOAP service uses XML-based messages and strict protocols for communication.
Explain sticky sessions.
+
Sticky sessions bind a client to a specific server instance to maintain
state across
multiple requests.
Explain sticky vs stateless sessions.
+
Sticky sessions bind users to a server; stateless sessions allow requests to
be
handled by any server.
Explain strategy pattern.
+
Strategy pattern defines a family of algorithms encapsulates each and makes
them
interchangeable.
Explain synchronous vs asynchronous apis.
+
Synchronous APIs wait for a response; asynchronous APIs allow processing in
the
background without waiting.
Explain the diffbet layered and microservices
architectures.
+
Layered architecture is monolithic with multiple layers; microservices split
functionality into independently deployable services.
Explain the diffbet soa and microservices.
+
SOA is an enterprise-level architecture with larger services; microservices
break
services into smaller independently deployable units.
Explain the diffbet synchronous and asynchronous
communication.
+
Synchronous communication waits for a response immediately; asynchronous
communication does not.
Explain the repository pattern.
+
The repository pattern abstracts data access logic providing a clean
interface to
query and manipulate data.
Explain vertical vs horizontal scaling.
+
Vertical scaling adds resources to a single machine; horizontal scaling adds
more
machines.
Façade pattern?
+
Façade pattern provides a simplified interface to a complex subsystem.
Fault tolerance?
+
Fault-tolerant systems continue functioning correctly even when components
fail,
minimizing downtime and data loss.
Graphql?
+
GraphQL is a query language for APIs allowing clients to request exactly the
data
they need.
Hexagonal architecture?
+
Hexagonal architecture (Ports & Adapters) isolates core logic from external
systems
through adapters.
High availability?
+
High availability ensures a system remains operational and accessible
despite
failures, often using redundancy and failover.
Jwt?
+
JWT (JSON Web Token) is a compact self-contained token used for securely
transmitting information between parties.
Kafka?
+
Kafka is a distributed streaming platform for building real-time data
pipelines and
applications.
Kubernetes?
+
Kubernetes is an orchestration platform to deploy scale and manage
containerized
applications.
Layered architecture?
+
Layered architecture organizes code into layers such as presentation
business and
data access.
Layered architecture?
+
Layers (Presentation, Business, Data) separate concerns, making systems
easier to
develop, maintain, and test.
Lazy loading?
+
Lazy loading delays loading of resources until they are needed.
Load balancer?
+
A load balancer distributes network or application traffic across multiple
servers
to optimize resource use and uptime.
Load balancer?
+
A load balancer distributes traffic across servers to ensure high
availability and
performance.
Load balancing?
+
Load balancing distributes incoming traffic across multiple servers to
improve
performance and reliability.
Maintainability in architecture?
+
Maintainability is ease of making changes, fixing bugs, or adding features
without
affecting other parts of the system.
Message broker?
+
A message broker facilitates communication between services by routing and
transforming messages.
Microkernel architecture?
+
Microkernel architecture provides a minimal core system with plug-in modules
for
extended functionality.
Microservices anti-pattern?
+
Microservices anti-patterns include tight coupling shared databases and
improper
service boundaries.
Microservices architecture?
+
Microservices architecture breaks an application into small independent
services
that communicate over APIs.
Microservices architecture?
+
Microservices split an application into independent, deployable services
communicating via APIs, enhancing flexibility and scalability.
Monolith vs microservices?
+
Monolith is a single deployable application; microservices break
functionality into
independently deployable services.
Monolithic architecture?
+
Monolithic architecture is a single unified application where all components
are
tightly coupled.
Non-functional requirements (nfrs)?
+
NFRs define system qualities like performance, scalability, reliability, and
security rather than features.
Observer pattern?
+
Observer pattern allows objects to subscribe and get notified when another
object
changes state.
Openid connect?
+
OpenID Connect is an authentication layer on top of OAuth 2.0 to verify user
identity.
Orchestration in microservices?
+
Automated management of containers or services using tools like Kubernetes
for
scaling, networking, and fault tolerance.
Performance optimization?
+
Designing systems for low latency, efficient resource usage, and fast
response times
under load.
Proxy pattern?
+
Proxy pattern provides a placeholder or surrogate to control access to
another
object.
Proxy server?
+
A proxy server acts as an intermediary between a client and server for
requests
caching and security.
Rabbitmq?
+
RabbitMQ is a message broker that uses queues to enable asynchronous
communication
between services.
Reference architecture?
+
A reference architecture is a standardized template or blueprint for
building
systems within a domain, promoting best practices.
Rest vs soap?
+
REST is lightweight uses HTTP and stateless; SOAP is protocol-based heavier
and
supports strict contracts.
Restful architecture?
+
RESTful architecture uses stateless HTTP requests to manipulate resources
following
REST principles.
Restful service?
+
A RESTful service follows REST principles using standard HTTP methods for
communication.
Reverse proxy?
+
A reverse proxy receives requests on behalf of servers and forwards them
often for
load balancing or security.
Reverse proxy?
+
A reverse proxy forwards requests from clients to backend servers often for
load
balancing.
Role of architecture documentation?
+
Communicates system structure, decisions, and rationale to stakeholders,
enabling
clarity and informed decision-making.
Role of architecture in devops?
+
Ensures system design supports CI/CD pipelines, automated testing,
monitoring, and
fast deployment cycles.
Scalability in architecture?
+
Scalability is a system’s ability to handle growing workloads by adding
resources
vertically or horizontally.
Service mesh?
+
A service mesh manages communication between microservices providing
features like
routing security and observability.
Service registry?
+
A service registry keeps track of all available services and their endpoints
for
dynamic discovery in microservices.
Service-oriented architecture (soa)?
+
SOA organizes software as interoperable services with standard communication
protocols, promoting reuse across systems.
Sharding vs partitioning?
+
Sharding splits data horizontally across databases; partitioning divides
tables
within a database for management and performance.
Software architecture?
+
Software architecture defines the high-level structure of a system including
its
components their relationships and how they interact.
Software architecture?
+
Software architecture defines the high-level structure of a system, its
components,
and their interactions. It ensures scalability, maintainability, and
alignment with
business goals.
Solid principles?
+
SOLID principles guide object-oriented design: Single responsibility
Open/closed
Liskov substitution Interface segregation Dependency inversion.
Solution architecture vs enterprise architecture?
+
Solution architecture focuses on a specific project or system; enterprise
architecture aligns all IT systems with business strategy.
Strangler pattern?
+
Strangler pattern gradually replaces legacy systems with new services over
time.
Technical debt?
+
Accumulated shortcuts in design or code that require future rework,
impacting
maintainability and quality.
Token-based authentication?
+
Token-based authentication uses tokens to authenticate users without storing
session
state on the server.
Trade-off in architecture?
+
Balancing conflicting requirements like performance vs cost or flexibility
vs
simplicity to make informed design decisions.
What is software architecture?
+
Software architecture defines the high-level structure of a system, its
components,
and their interactions.
Why is software architecture important?
+
It ensures scalability, maintainability, performance, and alignment with
business
goals.
What are the responsibilities of software
architecture?
+
Defining system structure, technology choices, communication, and quality
attributes.
What is a distributed system?
+
A distributed system consists of multiple independent computers working
together as
one system.
What are non-functional requirements (NFRs)?
+
NFRs define system qualities like performance, scalability, security, and
reliability.
What is scalability in architecture?
+
Scalability is the ability of a system to handle increased load by adding
resources.
What is maintainability in architecture?
+
Maintainability is the ease of modifying, fixing, or extending a system.
What is performance optimization in architecture?
+
Designing systems for low latency, efficient resource usage, and fast
responses.
What is fault tolerance?
+
Fault tolerance allows systems to continue functioning despite component
failures.
What is high availability?
+
High availability ensures systems remain operational through redundancy and
failover.
What is technical debt?
+
Technical debt is accumulated design or code shortcuts requiring future
rework.
What is trade-off in architecture design?
+
Balancing conflicting requirements like performance vs cost or flexibility
vs
simplicity.
What is reference architecture?
+
A standardized blueprint that promotes best practices within a domain.
What is solution architecture?
+
Solution architecture focuses on designing a specific system or project.
What is enterprise architecture?
+
Enterprise architecture aligns all IT systems with business strategy.
What is a monolithic architecture?
+
A monolithic architecture is a single, tightly coupled application deployed
as one
unit.
What are advantages of monolithic architecture?
+
Simple development, easier testing, and straightforward deployment.
What are disadvantages of monolithic architecture?
+
Limited scalability, tight coupling, and difficult maintenance as the system
grows.
What is layered architecture?
+
Layered architecture organizes code into layers like presentation, business,
and
data.
What are the common layers in layered architecture?
+
Presentation, application, domain, and data layers.
What are benefits of layered architecture?
+
Separation of concerns and easier maintainability.
What are drawbacks of layered architecture?
+
Performance overhead and rigid structure.
What is microservices architecture?
+
Microservices architecture splits applications into small, independent
services.
What are benefits of microservices architecture?
+
Independent deployment, scalability, and fault isolation.
What are challenges of microservices architecture?
+
Distributed complexity, data consistency, and monitoring overhead.
What is event-driven architecture?
+
Event-driven architecture uses events to trigger communication between
components.
What are benefits of event-driven architecture?
+
Loose coupling, scalability, and real-time processing.
What are challenges of event-driven architecture?
+
Complex debugging and eventual consistency.
What is SOA vs Microservices?
+
SOA is coarse-grained and centralized; Microservices are fine-grained and
decentralized.
When should monolith be used?
+
For small systems or early-stage applications.
When should microservices be used?
+
For large, scalable, and independently evolving systems.
What are software design principles?
+
Software design principles are guidelines that help create flexible,
maintainable,
and scalable systems.
Why are design principles important in architecture?
+
They reduce complexity, improve code quality, and support long-term
maintainability.
What is the SOLID principle?
+
SOLID is a set of five object-oriented design principles for better software
design.
What does the Single Responsibility Principle mean?
+
A class should have only one reason to change.
What does the Open/Closed Principle mean?
+
Software entities should be open for extension but closed for modification.
What does the Liskov Substitution Principle mean?
+
Subtypes must be substitutable for their base types without altering
correctness.
What does the Interface Segregation Principle mean?
+
Clients should not be forced to depend on interfaces they do not use.
What does the Dependency Inversion Principle mean?
+
High-level modules should not depend on low-level modules, but on
abstractions.
What is separation of concerns?
+
Separation of concerns divides a system into distinct sections with specific
responsibilities.
What is DRY principle?
+
DRY means Don’t Repeat Yourself and avoids duplication.
What is KISS principle?
+
KISS means Keep It Simple, Stupid and encourages simplicity.
What is YAGNI principle?
+
YAGNI means You Aren’t Gonna Need It and avoids unnecessary features.
What is loose coupling?
+
Loose coupling minimizes dependencies between components.
What is high cohesion?
+
High cohesion means components have closely related responsibilities.
How do SOLID principles improve architecture?
+
They enhance flexibility, testability, and maintainability.
What is scalability in software architecture?
+
Scalability is the ability of a system to handle increased load efficiently.
What is vertical scalability?
+
Vertical scalability increases capacity by adding resources to a single
machine.
What is horizontal scalability?
+
Horizontal scalability increases capacity by adding more machines.
What is the difference between vertical and horizontal
scaling?
+
Vertical scales up one node; horizontal scales out across nodes.
What is performance in architecture?
+
Performance refers to system responsiveness and throughput.
What is latency?
+
Latency is the time taken to process a request.
What is throughput?
+
Throughput is the number of requests processed per unit time.
What is caching?
+
Caching stores frequently accessed data for faster retrieval.
What is load balancing?
+
Load balancing distributes traffic across multiple servers.
What is reliability?
+
Reliability ensures consistent system behavior over time.
What is fault tolerance?
+
Fault tolerance allows systems to continue operating during failures.
What is high availability?
+
High availability ensures minimal downtime using redundancy.
What is disaster recovery?
+
Disaster recovery restores systems after major failures.
What is failover?
+
Failover switches to a backup system when the primary fails.
What are performance bottlenecks?
+
Components that limit system throughput or increase latency.
What is security architecture?
+
Security architecture defines how systems protect data, services, and users
from
threats.
Why is security important in software architecture?
+
It prevents data breaches, unauthorized access, and system misuse.
What is authentication?
+
Authentication verifies the identity of a user or system.
What is authorization?
+
Authorization determines what actions an authenticated user can perform.
What is the difference between authentication and
authorization?
+
Authentication confirms identity, while authorization grants permissions.
What is role-based access control (RBAC)?
+
RBAC restricts access based on user roles.
What is principle of least privilege?
+
Users are given only the minimum access required to perform tasks.
What is encryption in architecture?
+
Encryption protects data by converting it into unreadable form.
What is data-at-rest encryption?
+
Encryption applied to stored data.
What is data-in-transit encryption?
+
Encryption applied to data moving across networks.
What is HTTPS?
+
HTTPS secures HTTP communication using TLS encryption.
What is token-based security?
+
Security using tokens instead of credentials for access.
What is OAuth in security architecture?
+
OAuth enables secure delegated authorization.
What is JWT in security architecture?
+
JWT is a token format used for stateless authentication.
What is API security gateway?
+
A gateway that enforces authentication, authorization, and rate limiting.
What is data architecture?
+
Data architecture defines how data is stored, managed, integrated, and
accessed in a
system.
Why is data architecture important?
+
It ensures data consistency, scalability, performance, and security.
What is a centralized database architecture?
+
A single database shared by all components of the system.
What are drawbacks of centralized databases?
+
Scalability limitations and single point of failure.
What is distributed data architecture?
+
Data is spread across multiple databases or locations.
What is database per service pattern?
+
Each service owns and manages its own database.
Why is database per service recommended?
+
It ensures loose coupling and independent scalability.
What is data replication?
+
Copying data across multiple databases for availability and performance.
What is data partitioning (sharding)?
+
Splitting data into smaller parts distributed across nodes.
What is data consistency?
+
Ensuring data correctness across systems.
What is strong consistency?
+
Data is immediately consistent across all systems.
What is eventual consistency?
+
Data becomes consistent over time.
What is CAP theorem?
+
A system can guarantee only two of Consistency, Availability, and Partition
tolerance.
What is polyglot persistence?
+
Using different databases for different needs.
What is data caching?
+
Storing frequently accessed data for faster retrieval.
What are integration patterns in architecture?
+
Integration patterns define how different systems or components communicate
and
exchange data.
Why are integration patterns important?
+
They ensure reliable, scalable, and maintainable communication between
systems.
What is synchronous communication?
+
Synchronous communication waits for a response before continuing execution.
What is asynchronous communication?
+
Asynchronous communication allows processing without waiting for an
immediate
response.
What is point-to-point communication?
+
Direct communication between two systems.
What is publish-subscribe pattern?
+
Producers publish messages and consumers subscribe to them.
What is message queue?
+
A queue that stores messages until they are processed.
What is event-driven communication?
+
Systems communicate by emitting and reacting to events.
What is request-response pattern?
+
A client sends a request and waits for a response.
What is API-based integration?
+
Integration using REST or HTTP APIs.
What is messaging-based integration?
+
Integration using message brokers like queues or topics.
What is data synchronization?
+
Keeping data consistent across integrated systems.
What is loose coupling in integration?
+
Minimizing dependencies between communicating systems.
What is integration latency?
+
Delay in communication between integrated components.
What is reliability in system integration?
+
Ensuring messages are delivered and processed correctly.
What is cloud architecture?
+
Cloud architecture defines how cloud components are structured and deployed.
What are cloud service models?
+
IaaS, PaaS, and SaaS.
What is IaaS?
+
Infrastructure as a Service provides virtualized computing resources.
What is PaaS?
+
Platform as a Service provides a platform for application development.
What is SaaS?
+
Software as a Service delivers applications over the internet.
What are cloud deployment models?
+
Public, private, hybrid, and multi-cloud.
What is a public cloud?
+
Cloud infrastructure shared by multiple organizations.
What is a private cloud?
+
Cloud infrastructure dedicated to a single organization.
What is hybrid cloud?
+
Combination of public and private cloud environments.
What is multi-cloud?
+
Using multiple cloud providers.
What is cloud scalability?
+
Ability to scale resources up or down on demand.
What is cloud elasticity?
+
Automatic scaling based on workload.
What is cloud cost optimization?
+
Managing cloud usage to minimize costs.
What is cloud security architecture?
+
Security controls designed specifically for cloud environments.
What is cloud monitoring?
+
Tracking performance, usage, and health of cloud systems.
Advantages of microservices?
+
Microservices offer scalability flexibility independent deployment fault
isolation
and easier maintenance.
Api gateway in microservices?
+
API Gateway is a single entry point for microservices handling routing
authentication and monitoring.
Api?
+
An API (Application Programming Interface) allows software systems to
communicate
using defined interfaces.
Api-first design?
+
APIs are designed before implementation to ensure consistency, reusability,
and
integration readiness.
Architecture patterns?
+
Patterns like MVC, Microservices, Layered, and Event-Driven provide reusable
solutions for common design problems and enforce consistency.
Base?
+
BASE is an alternative to ACID for distributed systems: Basically Available
Soft
state Eventually consistent.
Blue-green deployment?
+
Blue-green deployment uses two identical environments to switch traffic
safely
during releases.
Builder pattern?
+
Builder pattern separates the construction of a complex object from its
representation.
Caching?
+
Caching stores frequently used data temporarily for faster access.
Cap theorem trade-off?
+
In distributed systems you can guarantee only two of Consistency
Availability and
Partition tolerance simultaneously.
Cap theorem?
+
CAP theorem states that a distributed system can provide only two of three:
consistency availability partition tolerance.
Cdn?
+
A CDN (Content Delivery Network) delivers content via geographically
distributed
servers to improve performance.
Circuit breaker?
+
Circuit breaker prevents cascading failures in distributed systems by
halting
requests to failing services.
Client-server architecture?
+
Client-server architecture separates clients (users) and servers (service
providers)
communicating over a network.
Cloud-native architecture?
+
Designing applications to leverage cloud features like elasticity,
microservices,
containers, and managed services.
Component-based architecture?
+
It divides a system into modular, reusable components with defined
interfaces,
simplifying maintenance and scalability.
Container?
+
A container packages an application and its dependencies to run consistently
across
environments.
Containerization in architecture?
+
Using containers (like Docker) to package apps with dependencies for
consistent
deployment and scaling.
Cqrs (command query responsibility segregation)?
+
Separates read and write operations for scalability and performance,
commonly used
with event sourcing.
Cqrs?
+
CQRS (Command Query Responsibility Segregation) separates read and write
operations
for better scalability and performance.
Data lake?
+
A data lake stores structured and unstructured data at scale for analytics.
Data warehouse?
+
A data warehouse stores structured processed data optimized for reporting
and
analysis.
Database shard?
+
Database sharding splits data across multiple databases for scalability.
Denormalization?
+
Denormalization adds redundancy for improved read performance at the cost of
storage
and complexity.
Design for security in architecture?
+
Incorporates authentication, authorization, encryption, and secure coding
practices
from the start.
Design pattern in architecture?
+
A design pattern is a repeatable solution to a common software problem
within a
specific context.
Design patterns?
+
Design patterns are reusable solutions to common software design problems.
Diffbet architecture and design?
+
Architecture defines system structure and principles; design focuses on
implementation details within that structure.
Diffbet monolithic and microservices architecture?
+
Monolithic combines all features in one codebase; microservices decouple
services
for independent deployment and scaling.
Diffbet stateless and stateful services?
+
Stateless services do not retain client information between requests;
stateful
services maintain client state.
Diffbet synchronous and asynchronous communication?
+
Synchronous waits for a response; asynchronous allows independent execution,
improving scalability and responsiveness.
Disadvantages of microservices?
+
Challenges include increased complexity distributed system management
network
latency and testing difficulty.
Distributed system?
+
A distributed system consists of multiple independent computers working
together as
a single system.
Docker?
+
Docker is a platform to build ship and run applications in containers.
Domain-driven design (ddd)?
+
DDD is a design approach focusing on modeling software based on complex
business
domains.
Domain-driven design (ddd)?
+
DDD aligns software design with business domains, emphasizing entities,
aggregates,
and bounded contexts.
Event sourcing?
+
Event sourcing stores state changes as a sequence of events rather than the
current
state.
Event sourcing?
+
Stores system state as a sequence of events instead of current snapshots,
enabling
auditability and replay.
Event-driven architecture?
+
Architecture where components communicate by producing and consuming events,
improving decoupling and scalability.
Eventual consistency?
+
Eventual consistency ensures that over time all nodes in a distributed
system
converge to the same state.
Explain acid properties.
+
ACID ensures database reliability: Atomicity Consistency Isolation
Durability.
Explain adapter pattern.
+
Adapter pattern allows incompatible interfaces to work together by
converting one
interface to another.
Explain api throttling.
+
API throttling limits the number of requests a client can make to prevent
overload.
Explain bounded context in ddd.
+
A bounded context defines a boundary within which a particular domain model
applies.
Explain canary deployment.
+
Canary deployment releases a new version to a small subset of users to
monitor
impact before full rollout.
Explain cap theorem.
+
CAP theorem states that a distributed system can only guarantee two of:
Consistency
Availability Partition tolerance.
Explain cdn caching.
+
CDN caching stores content at edge servers near users for faster delivery.
Explain circuit breaker pattern.
+
Circuit breaker prevents repeated failures in distributed systems by
stopping
requests to failing services temporarily.
Explain database normalization.
+
Normalization organizes database tables to reduce redundancy and improve
data
integrity.
Explain decorator pattern.
+
Decorator pattern adds behavior to objects dynamically without modifying
their
structure.
Explain dependency injection.
+
Dependency injection provides components with their dependencies from
external
sources instead of creating them internally.
Explain eager loading.
+
Eager loading retrieves all related data upfront to avoid multiple queries.
Explain etl.
+
ETL (Extract Transform Load) is a process of moving and transforming data
from
source systems to a data warehouse.
Explain event-driven architecture.
+
Event-driven architecture uses events to trigger and communicate between
decoupled
services or components.
Explain eventual consistency vs strong consistency.
+
Eventual consistency allows temporary discrepancies converging later; strong
consistency ensures immediate consistency across nodes.
Explain eventual consistency.
+
Eventual consistency allows data replicas to converge over time without
guaranteeing
immediate consistency.
Explain idempotency.
+
Idempotency ensures that multiple identical requests produce the same result
without
side effects.
Explain layered vs hexagonal architecture.
+
Layered architecture has rigid layers; hexagonal promotes testable decoupled
core
business logic.
Explain message queue.
+
A message queue allows asynchronous communication between components using
messages.
Explain modular monolith.
+
A modular monolith organizes a single application into independent modules
to gain
maintainability without full microservices complexity.
Explain mvc architecture.
+
MVC (Model-View-Controller) separates application logic: Model handles data
View
handles UI and Controller handles input.
Explain mvc vs mvvm.
+
MVC separates Model View Controller; MVVM binds ViewModel with View using
data
binding reducing Controller logic.
Explain oauth.
+
OAuth is an authorization protocol allowing third-party applications to
access user
data without sharing credentials.
Explain polling vs webhooks.
+
Polling repeatedly checks for updates; webhooks notify automatically when an
event
occurs.
Explain retry pattern.
+
Retry pattern resends failed requests with delays to handle transient
failures.
Explain rolling deployment.
+
Rolling deployment gradually replaces old instances with new versions
without
downtime.
Explain rolling vs blue-green deployment.
+
Rolling deployment updates instances gradually; blue-green deployment
switches
traffic between two identical environments.
Explain serverless architecture.
+
Serverless architecture runs code without managing servers; the cloud
provider
handles infrastructure automatically.
Explain service discovery.
+
Service discovery automatically detects services and their endpoints in
dynamic
environments.
Explain singleton pattern.
+
Singleton pattern ensures a class has only one instance and provides a
global access
point.
Explain soap service.
+
SOAP service uses XML-based messages and strict protocols for communication.
Explain sticky sessions.
+
Sticky sessions bind a client to a specific server instance to maintain
state across
multiple requests.
Explain sticky vs stateless sessions.
+
Sticky sessions bind users to a server; stateless sessions allow requests to
be
handled by any server.
Explain strategy pattern.
+
Strategy pattern defines a family of algorithms encapsulates each and makes
them
interchangeable.
Explain synchronous vs asynchronous apis.
+
Synchronous APIs wait for a response; asynchronous APIs allow processing in
the
background without waiting.
Explain the diffbet layered and microservices
architectures.
+
Layered architecture is monolithic with multiple layers; microservices split
functionality into independently deployable services.
Explain the diffbet soa and microservices.
+
SOA is an enterprise-level architecture with larger services; microservices
break
services into smaller independently deployable units.
Explain the diffbet synchronous and asynchronous
communication.
+
Synchronous communication waits for a response immediately; asynchronous
communication does not.
Explain the repository pattern.
+
The repository pattern abstracts data access logic providing a clean
interface to
query and manipulate data.
Explain vertical vs horizontal scaling.
+
Vertical scaling adds resources to a single machine; horizontal scaling adds
more
machines.
Façade pattern?
+
Façade pattern provides a simplified interface to a complex subsystem.
Fault tolerance?
+
Fault-tolerant systems continue functioning correctly even when components
fail,
minimizing downtime and data loss.
Graphql?
+
GraphQL is a query language for APIs allowing clients to request exactly the
data
they need.
Hexagonal architecture?
+
Hexagonal architecture (Ports & Adapters) isolates core logic from external
systems
through adapters.
High availability?
+
High availability ensures a system remains operational and accessible
despite
failures, often using redundancy and failover.
Jwt?
+
JWT (JSON Web Token) is a compact self-contained token used for securely
transmitting information between parties.
Kafka?
+
Kafka is a distributed streaming platform for building real-time data
pipelines and
applications.
Kubernetes?
+
Kubernetes is an orchestration platform to deploy scale and manage
containerized
applications.
Layered architecture?
+
Layered architecture organizes code into layers such as presentation
business and
data access.
Layered architecture?
+
Layers (Presentation, Business, Data) separate concerns, making systems
easier to
develop, maintain, and test.
Lazy loading?
+
Lazy loading delays loading of resources until they are needed.
Load balancer?
+
A load balancer distributes network or application traffic across multiple
servers
to optimize resource use and uptime.
Load balancer?
+
A load balancer distributes traffic across servers to ensure high
availability and
performance.
Load balancing?
+
Load balancing distributes incoming traffic across multiple servers to
improve
performance and reliability.
Maintainability in architecture?
+
Maintainability is ease of making changes, fixing bugs, or adding features
without
affecting other parts of the system.
Message broker?
+
A message broker facilitates communication between services by routing and
transforming messages.
Microkernel architecture?
+
Microkernel architecture provides a minimal core system with plug-in modules
for
extended functionality.
Microservices anti-pattern?
+
Microservices anti-patterns include tight coupling shared databases and
improper
service boundaries.
Microservices architecture?
+
Microservices architecture breaks an application into small independent
services
that communicate over APIs.
Microservices architecture?
+
Microservices split an application into independent, deployable services
communicating via APIs, enhancing flexibility and scalability.
Monolith vs microservices?
+
Monolith is a single deployable application; microservices break
functionality into
independently deployable services.
Monolithic architecture?
+
Monolithic architecture is a single unified application where all components
are
tightly coupled.
Non-functional requirements (nfrs)?
+
NFRs define system qualities like performance, scalability, reliability, and
security rather than features.
Observer pattern?
+
Observer pattern allows objects to subscribe and get notified when another
object
changes state.
Openid connect?
+
OpenID Connect is an authentication layer on top of OAuth 2.0 to verify user
identity.
Orchestration in microservices?
+
Automated management of containers or services using tools like Kubernetes
for
scaling, networking, and fault tolerance.
Performance optimization?
+
Designing systems for low latency, efficient resource usage, and fast
response times
under load.
Proxy pattern?
+
Proxy pattern provides a placeholder or surrogate to control access to
another
object.
Proxy server?
+
A proxy server acts as an intermediary between a client and server for
requests
caching and security.
Rabbitmq?
+
RabbitMQ is a message broker that uses queues to enable asynchronous
communication
between services.
Reference architecture?
+
A reference architecture is a standardized template or blueprint for
building
systems within a domain, promoting best practices.
Rest vs soap?
+
REST is lightweight uses HTTP and stateless; SOAP is protocol-based heavier
and
supports strict contracts.
Restful architecture?
+
RESTful architecture uses stateless HTTP requests to manipulate resources
following
REST principles.
Restful service?
+
A RESTful service follows REST principles using standard HTTP methods for
communication.
Reverse proxy?
+
A reverse proxy receives requests on behalf of servers and forwards them
often for
load balancing or security.
Reverse proxy?
+
A reverse proxy forwards requests from clients to backend servers often for
load
balancing.
Role of architecture documentation?
+
Communicates system structure, decisions, and rationale to stakeholders,
enabling
clarity and informed decision-making.
Role of architecture in devops?
+
Ensures system design supports CI/CD pipelines, automated testing,
monitoring, and
fast deployment cycles.
Scalability in architecture?
+
Scalability is a system’s ability to handle growing workloads by adding
resources
vertically or horizontally.
Service mesh?
+
A service mesh manages communication between microservices providing
features like
routing security and observability.
Service registry?
+
A service registry keeps track of all available services and their endpoints
for
dynamic discovery in microservices.
Service-oriented architecture (soa)?
+
SOA organizes software as interoperable services with standard communication
protocols, promoting reuse across systems.
Sharding vs partitioning?
+
Sharding splits data horizontally across databases; partitioning divides
tables
within a database for management and performance.
Software architecture?
+
Software architecture defines the high-level structure of a system including
its
components their relationships and how they interact.
Software architecture?
+
Software architecture defines the high-level structure of a system, its
components,
and their interactions. It ensures scalability, maintainability, and
alignment with
business goals.
Solid principles?
+
SOLID principles guide object-oriented design: Single responsibility
Open/closed
Liskov substitution Interface segregation Dependency inversion.
Solution architecture vs enterprise architecture?
+
Solution architecture focuses on a specific project or system; enterprise
architecture aligns all IT systems with business strategy.
Strangler pattern?
+
Strangler pattern gradually replaces legacy systems with new services over
time.
Technical debt?
+
Accumulated shortcuts in design or code that require future rework,
impacting
maintainability and quality.
Token-based authentication?
+
Token-based authentication uses tokens to authenticate users without storing
session
state on the server.
Trade-off in architecture?
+
Balancing conflicting requirements like performance vs cost or flexibility
vs
simplicity to make informed design decisions.
JKM Architecture Documentation & Diagrams
Architecture documentation important?
+
Provides clarity, supports communication with stakeholders, enables
consistency,
reduces technical debt, and assists onboarding new developers.
Architecture documentation?
+
It is a set of artifacts describing software systems’ structure, components,
interactions, and design decisions. Helps teams understand, maintain, and
scale the
system.
Architecture review?
+
A structured assessment of architecture artifacts to ensure design meets
requirements, quality standards, and scalability needs.
Component diagram?
+
A component diagram shows modular parts of a system and their dependencies.
Useful
to illustrate service boundaries in Microservices or layered architecture.
Deployment diagram?
+
Shows how software artifacts are deployed on physical nodes or
infrastructure.
Important for cloud or on-premise planning.
Diffbet erd and uml?
+
ERD focuses on database entities and relationships, UML covers broader
software
architecture including behavior, structure, and interactions.
Diffbet logical, physical, and deployment diagrams?
+
Logical diagrams show functional components and relationships, physical
diagrams
show actual hardware or servers, deployment diagrams show how software is
distributed across nodes.
Sequence diagram?
+
Sequence diagrams depict interactions between objects or components over
time. Shows
method calls, responses, and process flow.
Uml?
+
Unified Modeling Language (UML) is a standard to visualize system design
using
diagrams like class, sequence, use case, and activity diagrams.
Use case diagram?
+
It shows system functionality and actors interacting with the system. Helps
define
requirements from a user perspective.
Architecture documentation important?
+
Provides clarity, supports communication with stakeholders, enables
consistency,
reduces technical debt, and assists onboarding new developers.
Architecture documentation?
+
It is a set of artifacts describing software systems’ structure, components,
interactions, and design decisions. Helps teams understand, maintain, and
scale the
system.
Architecture review?
+
A structured assessment of architecture artifacts to ensure design meets
requirements, quality standards, and scalability needs.
Component diagram?
+
A component diagram shows modular parts of a system and their dependencies.
Useful
to illustrate service boundaries in Microservices or layered architecture.
Deployment diagram?
+
Shows how software artifacts are deployed on physical nodes or
infrastructure.
Important for cloud or on-premise planning.
Diffbet erd and uml?
+
ERD focuses on database entities and relationships, UML covers broader
software
architecture including behavior, structure, and interactions.
Diffbet logical, physical, and deployment diagrams?
+
Logical diagrams show functional components and relationships, physical
diagrams
show actual hardware or servers, deployment diagrams show how software is
distributed across nodes.
Sequence diagram?
+
Sequence diagrams depict interactions between objects or components over
time. Shows
method calls, responses, and process flow.
Uml?
+
Unified Modeling Language (UML) is a standard to visualize system design
using
diagrams like class, sequence, use case, and activity diagrams.
Use case diagram?
+
It shows system functionality and actors interacting with the system. Helps
define
requirements from a user perspective.
Architecture documentation important?
+
Provides clarity, supports communication with stakeholders, enables
consistency,
reduces technical debt, and assists onboarding new developers.
Architecture documentation?
+
It is a set of artifacts describing software systems’ structure, components,
interactions, and design decisions. Helps teams understand, maintain, and
scale the
system.
Architecture review?
+
A structured assessment of architecture artifacts to ensure design meets
requirements, quality standards, and scalability needs.
Component diagram?
+
A component diagram shows modular parts of a system and their dependencies.
Useful
to illustrate service boundaries in Microservices or layered architecture.
Deployment diagram?
+
Shows how software artifacts are deployed on physical nodes or
infrastructure.
Important for cloud or on-premise planning.
Diffbet erd and uml?
+
ERD focuses on database entities and relationships, UML covers broader
software
architecture including behavior, structure, and interactions.
Diffbet logical, physical, and deployment diagrams?
+
Logical diagrams show functional components and relationships, physical
diagrams
show actual hardware or servers, deployment diagrams show how software is
distributed across nodes.
Sequence diagram?
+
Sequence diagrams depict interactions between objects or components over
time. Shows
method calls, responses, and process flow.
Uml?
+
Unified Modeling Language (UML) is a standard to visualize system design
using
diagrams like class, sequence, use case, and activity diagrams.
Use case diagram?
+
It shows system functionality and actors interacting with the system. Helps
define
requirements from a user perspective.
Architecture documentation important?
+
Provides clarity, supports communication with stakeholders, enables
consistency,
reduces technical debt, and assists onboarding new developers.
Architecture documentation?
+
It is a set of artifacts describing software systems’ structure, components,
interactions, and design decisions. Helps teams understand, maintain, and
scale the
system.
Architecture review?
+
A structured assessment of architecture artifacts to ensure design meets
requirements, quality standards, and scalability needs.
Component diagram?
+
A component diagram shows modular parts of a system and their dependencies.
Useful
to illustrate service boundaries in Microservices or layered architecture.
Deployment diagram?
+
Shows how software artifacts are deployed on physical nodes or
infrastructure.
Important for cloud or on-premise planning.
Diffbet erd and uml?
+
ERD focuses on database entities and relationships, UML covers broader
software
architecture including behavior, structure, and interactions.
Diffbet logical, physical, and deployment diagrams?
+
Logical diagrams show functional components and relationships, physical
diagrams
show actual hardware or servers, deployment diagrams show how software is
distributed across nodes.
Sequence diagram?
+
Sequence diagrams depict interactions between objects or components over
time. Shows
method calls, responses, and process flow.
Uml?
+
Unified Modeling Language (UML) is a standard to visualize system design
using
diagrams like class, sequence, use case, and activity diagrams.
Use case diagram?
+
It shows system functionality and actors interacting with the system. Helps
define
requirements from a user perspective.
Architecture documentation important?
+
Provides clarity, supports communication with stakeholders, enables
consistency,
reduces technical debt, and assists onboarding new developers.
Architecture documentation?
+
It is a set of artifacts describing software systems’ structure, components,
interactions, and design decisions. Helps teams understand, maintain, and
scale the
system.
Architecture review?
+
A structured assessment of architecture artifacts to ensure design meets
requirements, quality standards, and scalability needs.
Component diagram?
+
A component diagram shows modular parts of a system and their dependencies.
Useful
to illustrate service boundaries in Microservices or layered architecture.
Deployment diagram?
+
Shows how software artifacts are deployed on physical nodes or
infrastructure.
Important for cloud or on-premise planning.
Diffbet erd and uml?
+
ERD focuses on database entities and relationships, UML covers broader
software
architecture including behavior, structure, and interactions.
Diffbet logical, physical, and deployment diagrams?
+
Logical diagrams show functional components and relationships, physical
diagrams
show actual hardware or servers, deployment diagrams show how software is
distributed across nodes.
Sequence diagram?
+
Sequence diagrams depict interactions between objects or components over
time. Shows
method calls, responses, and process flow.
Uml?
+
Unified Modeling Language (UML) is a standard to visualize system design
using
diagrams like class, sequence, use case, and activity diagrams.
Use case diagram?
+
It shows system functionality and actors interacting with the system. Helps
define
requirements from a user perspective.
JKM Authorisation Cloud Security
redirect uris be exact?
+
To prevent open redirect vulnerabilities.
Aaud' claim?
+
Audience — the application that token is meant for.
Access review?
+
Feature to periodically validate user access.
Access token lifetime?
+
Time before token expires, usually minutes.
Access token lifetime?
+
Default 60–90 minutes depending on policies.
Access token manager?
+
Component controlling token storage/expiry.
Access token?
+
A credential used to access protected resources.
Access token?
+
Grants access to APIs.
Access token?
+
A token used to access APIs.
Acr'?
+
Authentication Context Class Reference — indicates authentication strength.
Acs url?
+
Assertion Consumer Service URL for SP to receive SAML assertions.
Acs url?
+
Endpoint where SP receives SAML responses.
Active-active vs active-passive ha?
+
Active-Active: all nodes serve traffic simultaneously., Active-Passive: one
node is
primary, another is standby for failover.
Adaptive authentication?
+
Dynamic authentication based on risk.
Adaptive sso?
+
Applies dynamic authentication conditions.
Address' scope?
+
Access to user address attributes.
Adfs application group?
+
Collection of OAuth/OIDC clients.
Adfs farm?
+
Cluster of servers providing redundancy.
Adfs federation metadata?
+
XML describing ADFS endpoints and certificates.
Adfs proxy?
+
Enables external access to internal ADFS.
Adfs web application proxy?
+
Proxy enabling external access to ADFS.
Adfs?
+
Active Directory Federation Services implementing SAML.
Adfs?
+
Active Directory Federation Services: on-prem identity provider.
Advantages
+
Supports SSO, secure token-based access, scoped permissions, mobile/server
support,
and third-party integrations.
Algorithms does oidc use?
+
RS256, ES256, HS256.
Always sign assertions?
+
Yes, signing is mandatory for security.
Amr'?
+
Authentication Methods Reference — methods used for authentication.
Api security in cloud?
+
API security protects cloud APIs from misuse attacks and unauthorized
access.
App registration?
+
Configuration representing an application identity.
App role assignment?
+
Assign roles to users or groups for an app.
Apps must use pkce?
+
Mobile, SPAs, and any public clients.
Artifact resolution service?
+
Endpoint used to exchange artifact for assertion.
Assertion consumer service?
+
Endpoint where SP receives SAML responses.
Assertion in saml?
+
A package of security information issued by an Identity Provider.
Assertion signing?
+
Proof that assertion came from trusted IdP.
Attribute mapping in ping?
+
Mapping LDAP or internal attributes to SAML assertions.
Attribute mapping?
+
Mapping SAML attributes to SP identity fields.
Attribute mapping?
+
Mapping Okta attributes to app attributes.
Attribute mapping?
+
Mapping user attributes from IdP to SP.
Attribute release policy?
+
Rules governing which user data IdP sends.
Attributes secured?
+
By signing and optional encryption.
Attributestatement?
+
Part of assertion containing user attributes.
Audience claim?
+
Identifies the resource the token is valid for.
Audience mismatch'?
+
Assertion issued for wrong SP.
Audience restriction?
+
Ensures assertion is used only by intended SP.
Audience restriction?
+
Ensures tokens are used by intended SP.
Auth_time' claim?
+
Time the user was last authenticated.
Authentication api?
+
REST API enabling custom authentication UI.
Authentication methods does adfs support?
+
Windows auth, forms auth, certificate auth.
Authnrequest?
+
Authentication request from SP to IdP.
Authnrequest?
+
A request from SP to IdP to authenticate the user.
Authorization code flow secure?
+
Tokens issued directly to backend server, not exposed to browser.
Authorization code flow?
+
OAuth 2.0 flow for server-side apps; client exchanges an authorization code
for an
access token securely.
Authorization code flow?
+
A secure flow for server-side apps exchanging code for tokens.
Authorization code flow?
+
Exchanges code for tokens securely via backend.
Authorization code flow?
+
Most secure flow using server-side token exchange.
Authorization code grant
+
Used for web apps; user logs in, backend exchanges authorization code for
access
token securely.
Authorization endpoint?
+
Used to authenticate the user.
Authorization grant?
+
Credential representing user consent.
Authorization server responsibility?
+
Issue tokens, validate clients, manage scopes and consent.
Authorization server?
+
The server issuing access tokens and managing consent.
Auto healing in kubernetes?
+
Automatically restarts failed containers or reschedules pods to healthy
nodes to
ensure continuous availability.
Avoid idp-initiated sso?
+
SP-initiated is more secure.
Avoid implicit flow?
+
Yes, deprecated for security reasons.
Azure ad b2b?
+
Allows external identities to collaborate securely.
Azure ad b2c?
+
Identity platform for customer applications.
Azure ad connect?
+
Sync tool connecting on-prem AD with Azure AD.
Azure ad mfa?
+
Multi-factor authentication service to enhance security.
Azure ad saml?
+
Azure Active Directory supporting SAML-based SSO.
Azure ad vs adfs?
+
Azure AD = cloud; ADFS = on-prem federation.
Azure ad vs okta?
+
Azure AD is Microsoft cloud identity; Okta is independent IAM leader.
Azure ad vs pingfederate?
+
Azure AD = cloud-first; PingFederate = enterprise federation with granular
control.
Azure ad?
+
A cloud-based identity and access management service by Microsoft.
Back-channel logout?
+
Logout using server-to-server messages.
Back-channel logout?
+
Server-to-server logout notifications.
Back-channel slo?
+
Uses server-to-server calls for logout.
Backup strategy for cloud?
+
Regular snapshots, versioned backups, geo-replication, and automated
schedules
ensure data recovery.
Bearer token?
+
A bearer token is a type of access token that allows access to resources
when
presented. No additional verification is required besides the token itself.
Bearer token?
+
Token that grants access without additional proof.
Best practices for jwt?
+
Use HTTPS, short-lived tokens, refresh tokens, sign tokens, and avoid
storing
sensitive data in payload.
Best practices for oauth/jwt in production?
+
Use HTTPS, short-lived tokens, refresh tokens, secure storage, signature
verification, and proper logging/auditing.
Biggest benefit of sso?
+
User convenience and reduced login friction.
Biometric sso?
+
SSO authenticated via biometrics like fingerprint or face.
Can cookies break sso?
+
Yes, blocked cookies prevent session persistence.
Can jwt be revoked?
+
JWTs are stateless, so they cannot be revoked by default. Implement token
blacklisting or short expiration for control.
Can metadata expire?
+
Yes, metadata can have expiration to enforce updates.
Can pingfederate encrypt assertions?
+
Yes, full support for SAML encryption.
Can refresh tokens be revoked?
+
Yes, through revocation endpoints.
Can scopes control mfa?
+
Yes, using acr/amr claims.
Can sso reduce password reuse?
+
Yes, only one password is needed.
Can sso reduce phishing?
+
Yes, users rarely enter passwords.
Can umbraco support jwt authentication?
+
Yes, JWT middleware can secure API endpoints and allow stateless
authentication for
custom Umbraco APIs.
Cannot oauth2 replace saml?
+
OAuth2 does not authenticate users; needs OIDC.
Certificate rollover?
+
Updating certificates without service disruption.
Certificate rollover?
+
Rotation of signing certificates to maintain security.
Check_session_iframe?
+
Used to track session changes via iframe polling.
Claim in jwt?
+
Claims are pieces of information asserted about a subject (user) in the
token, e.g.,
sub, exp, role.
Claims provider trust?
+
Identity providers trusted by ADFS.
Client credentials flow?
+
Used for server-to-server authentication without user.
Client credentials flow?
+
Server-to-server authentication, not user login.
Client credentials grant
+
Used for machine-to-machine authentication without user involvement.
Client in oauth 2.0?
+
The application requesting access to a resource.
Client in oidc?
+
Application requesting tokens from IdP.
Client secret?
+
Confidential credential used by backend clients.
Client secret?
+
Credential used for confidential OAuth clients.
Client_id?
+
Unique identifier for the client.
Client_secret?
+
Secret only known to confidential clients.
Cloud access control?
+
Access control manages who can access cloud resources and what operations
they can
perform.
Cloud access key best practices?
+
Rotate keys use IAM roles avoid hardcoding keys and monitor usage.
Cloud access security broker (casb)?
+
CASB is a security solution placed between cloud users and services to
enforce
security policies.
Cloud access security broker (casb)?
+
CASB acts as a policy enforcement point between users and cloud services to
monitor
and protect sensitive data.
Cloud audit logging?
+
Audit logging records user activity configuration changes and security
events in
cloud platforms.
Cloud audit trail?
+
Audit trail logs record all user actions and system changes for
accountability and
compliance.
Cloud breach detection?
+
Breach detection identifies unauthorized access or compromise of cloud
resources.
Cloud compliance auditing?
+
Compliance auditing verifies cloud configurations and operations meet
regulatory
requirements.
Cloud compliance frameworks?
+
Frameworks include ISO 27001 SOC 2 HIPAA PCI DSS and GDPR.
Cloud compliance standards?
+
Standards like ISO 27001, SOC 2, GDPR, HIPAA ensure cloud providers meet
regulatory
security requirements.
Cloud data backup?
+
Data backup creates copies of cloud data to restore in case of loss or
corruption.
Cloud data classification?
+
Data classification categorizes cloud data by sensitivity to apply proper
security
controls.
Cloud data residency?
+
Data residency ensures cloud data is stored in specified geographic
locations to
comply with regulations.
Cloud ddos mitigation best practices?
+
Use distributed protection traffic filtering auto-scaling and monitoring.
Cloud disaster recovery?
+
Disaster recovery ensures cloud workloads can recover quickly from failures
or
attacks.
Cloud encryption best practices?
+
Use strong algorithms rotate keys encrypt in transit and at rest and protect
key
management.
Cloud encryption in transit and at rest?
+
In-transit encryption protects data during network transfer. At-rest
encryption
protects stored data on disk or database.
Cloud encryption key rotation?
+
Key rotation periodically updates encryption keys to reduce the risk of
compromise.
Cloud endpoint security best practices?
+
Install agents enforce policies monitor behavior and isolate compromised
endpoints.
Cloud endpoint security?
+
Endpoint security protects devices that access cloud resources from malware
breaches
or unauthorized access.
Cloud firewall best practices?
+
Use least privilege segment networks update rules regularly and log traffic.
Cloud firewall?
+
Cloud firewall is a network security service to filter and monitor traffic
to cloud
resources.
Cloud forensic investigation?
+
Cloud forensics investigates breaches or attacks to identify root causes and
affected assets.
Cloud identity federation vs sso?
+
Federation allows using external identities; SSO allows single
authentication across
multiple apps.
Cloud identity federation?
+
Allows users to access multiple cloud services using single identity,
enabling SSO
across providers.
Cloud identity management?
+
Cloud identity management handles user authentication authorization and
lifecycle in
cloud services.
Cloud incident management?
+
Incident management handles security events to minimize impact and prevent
recurrence.
Cloud incident response plan?
+
Plan outlines procedures roles and tools for responding to cloud security
incidents.
Cloud incident response?
+
Incident response is the process of detecting analyzing and mitigating
security
incidents in the cloud.
Cloud key management?
+
Cloud key management creates stores rotates and controls access to
cryptographic
keys.
Cloud key rotation policy?
+
Policy defines frequency and procedure for rotating encryption keys.
Cloud logging and monitoring?
+
Collects audit logs, metrics, and events to detect anomalies, unauthorized
access,
and security breaches.
Cloud logging best practices?
+
Centralize logs enable retention monitor for anomalies and secure log
storage.
Cloud logging retention policy?
+
Defines how long logs are stored and ensures they are archived securely for
compliance.
Cloud logging?
+
Cloud logging records user activity system events and access for auditing
and
monitoring.
Cloud malware protection?
+
Malware protection detects and removes malicious software from cloud
workloads and
endpoints.
Cloud misconfiguration?
+
Misconfiguration occurs when cloud resources are improperly configured
creating
security risks.
Cloud monitoring best practices?
+
Monitor critical assets configure alerts and integrate with SIEM and
incident
response.
Cloud monitoring?
+
Cloud monitoring tracks resource usage performance and security threats in
real
time.
Cloud monitoring?
+
Monitoring tools track performance, security events, and availability,
helping
identify issues proactively.
Cloud multi-factor authentication best practices?
+
Enable MFA for all users use strong methods like TOTP or hardware tokens.
Cloud native ha design?
+
Using redundancy, distributed systems, microservices, and auto-scaling to
achieve
high availability.
Cloud native security?
+
Security designed specifically for cloud services and microservices,
including
containers, Kubernetes, and serverless workloads.
Cloud network monitoring?
+
Network monitoring observes traffic flows detects anomalies and enforces
segmentation.
Cloud network segmentation?
+
Network segmentation isolates cloud workloads to reduce attack surfaces.
Cloud patch management?
+
Patch management updates cloud systems and applications to fix
vulnerabilities.
Cloud patch management?
+
Automated application of security patches to OS, software, and applications
running
in the cloud.
Cloud penetration testing policy?
+
Policy defines rules and approvals required before conducting penetration
tests on
cloud services.
Cloud penetration testing tools?
+
Tools include Kali Linux Metasploit Nmap Burp Suite and cloud
provider-native tools.
Cloud penetration testing?
+
Penetration testing simulates attacks on cloud systems to identify
vulnerabilities.
Cloud penetration testing?
+
Ethical testing to identify vulnerabilities and misconfigurations in cloud
infrastructure.
Cloud role-based access control (rbac)?
+
RBAC assigns permissions based on user roles to enforce least privilege.
Cloud secrets management?
+
Secrets management stores and controls access to sensitive information like
API keys
and passwords.
Cloud secure devops?
+
Secure DevOps integrates security into DevOps processes and CI/CD pipelines.
Cloud secure gateway?
+
Secure gateway controls and monitors access between users and cloud
applications.
Cloud security assessment?
+
Assessment evaluates cloud infrastructure configurations and practices
against
security standards.
Cloud security auditing?
+
Auditing evaluates cloud resources and policies to ensure security and
compliance.
Cloud security automation tools?
+
Tools include AWS Config Azure Security Center GCP Security Command Center
and
Terraform with security checks.
Cloud security automation?
+
Automation uses scripts or tools to enforce security policies and remediate
threats
automatically.
Cloud security automation?
+
Automates security checks, patching, and policy enforcement to reduce human
error
and improve speed.
Cloud security baseline?
+
Security baseline defines standard configurations and controls for cloud
environments.
Cloud security best practices?
+
Enforce IAM encryption monitoring logging patching least privilege and
incident
response.
Cloud security group best practices?
+
Use least privilege separate environments restrict inbound/outbound rules
and
monitor traffic.
Cloud security incident types?
+
Types include data breach misconfiguration account compromise malware
infection and
insider threats.
Cloud security monitoring tools?
+
Tools include AWS GuardDuty Azure Defender GCP Security Command Center and
third-party SIEM.
Cloud security orchestration?
+
Security orchestration automates workflows threat response and remediation
across
cloud systems.
Cloud security policy?
+
Policy defines rules standards and practices to protect cloud resources.
Cloud security posture management (cspm)?
+
CSPM continuously monitors cloud environments to detect misconfigurations
and
compliance risks.
Cloud security posture management (cspm)?
+
CSPM tools continuously monitor misconfigurations, vulnerabilities, and
compliance
risks in cloud environments.
Cloud security?
+
Cloud security is the set of policies technologies and controls designed to
protect
data applications and infrastructure in cloud environments.
Cloud security?
+
Cloud security involves policies, controls, procedures, and technologies
that
protect data, applications, and services in the cloud. It ensures
confidentiality,
integrity, and availability (CIA) of cloud resources.
Cloud siem?
+
Cloud SIEM centralizes log collection analysis alerting and reporting for
security
events.
Cloud threat detection?
+
Threat detection identifies malicious activity or anomalies in cloud
environments.
Cloud threat intelligence?
+
Threat intelligence provides data on current security threats and
vulnerabilities to
enhance cloud defenses.
Cloud threat modeling?
+
Threat modeling identifies potential threats and vulnerabilities in cloud
systems
and designs mitigation strategies.
Cloud threat modeling?
+
Identifying potential threats, vulnerabilities, and mitigation strategies
for cloud
architectures.
Cloud vpn?
+
Cloud VPN securely connects on-premises networks to cloud resources over
encrypted
tunnels.
Cloud vulnerability assessment?
+
It identifies security weaknesses in cloud infrastructure applications and
configurations.
Cloud vulnerability management?
+
Vulnerability management identifies prioritizes and remediates security
weaknesses.
Cloud vulnerability scanning?
+
Scanning detects security flaws in cloud infrastructure applications and
containers.
Cloud workload isolation?
+
Workload isolation separates applications or tenants to prevent lateral
movement of
threats.
Cloud workload protection platform (cwpp)?
+
CWPP provides security for workloads running across cloud VMs containers and
serverless environments.
Cloud-native security?
+
Cloud-native security integrates security controls directly into cloud
applications
and infrastructure.
Common saml attributes?
+
email, firstName, lastName, employeeID.
Compliance in cloud security?
+
Compliance ensures cloud deployments adhere to regulatory standards like
GDPR HIPAA
or PCI DSS.
Compliance monitoring in cloud?
+
Continuous auditing to ensure resources follow regulatory and internal
security
standards.
Conditional access?
+
Policies restricting token issuance based on conditions.
Conditional access?
+
Policy engine controlling access based on conditions.
Confidential client?
+
Client that securely stores secrets (backend server).
Configuration management in cloud security?
+
Configuration management ensures cloud resources are deployed securely and
consistently.
Consent screen?
+
UI shown to user listing requested permissions.
Container security?
+
Container security protects containerized applications and their
orchestration
platforms like Docker and Kubernetes.
Container security?
+
Securing containerized applications using image scanning, runtime
protection, and
least privilege.
Continuous compliance?
+
Automated monitoring of cloud resources to maintain compliance with
regulations like
HIPAA or GDPR.
Cookies relate to sso?
+
SSO often uses session cookies to maintain authenticated sessions across
multiple
apps or domains.
Credential stuffing protection?
+
OIDC frameworks block repeated unsuccessful logins.
Cross-domain sso?
+
SSO across different organizations.
Csrf state parameter?
+
Used to protect against CSRF attacks during authentication.
Custom scopes?
+
App-defined permissions for additional claims.
Data loss prevention (dlp)?
+
DLP prevents unauthorized access sharing or leakage of sensitive cloud data.
Data masking?
+
Hides sensitive data in non-production environments to protect privacy while
allowing application testing.
Ddos protection in cloud?
+
Defends cloud services against Distributed Denial of Service attacks using
mitigation, traffic filtering, and scaling.
Decentralized identity?
+
User-controlled identity using blockchain-based models.
Delegation?
+
Acting on behalf of a user with limited privileges.
Destination mismatch'?
+
Assertion sent to wrong ACS URL.
Device code flow?
+
Used by devices with no browser or limited input.
Device code flow?
+
Authentication for devices without browsers.
Diffbet access token and refresh token?
+
Access tokens are short-lived tokens for resource access. Refresh tokens are
long-lived and used to obtain new access tokens without re-authentication.
Diffbet app registration and enterprise application?
+
App Registration = app identity; Enterprise App = SSO configuration
instance.
Diffbet auth code and auth code + pkce?
+
PKCE adds code verifier & challenge for extra security.
Diffbet authentication and authorization?
+
Authentication verifies identity; authorization defines what resources an
authenticated user can access.
Diffbet authentication and authorization?
+
Authentication verifies identity; authorization verifies permissions.
Diffbet availability zone and region?
+
A Region is a geographical location. An Availability Zone (AZ) is an
isolated data
center within a region providing HA.
Diffbet dr and ha?
+
HA focuses on real-time availability and minimal downtime. DR is about
recovering
after a major failure or disaster, which may involve longer restoration
times.
Diffbet icontentservice and ipublishedcontent?
+
IContentService is used for editing/staging content. IPublishedContent is
for
reading published content efficiently.
Diffbet id_token and access_token?
+
ID token is for authentication; access token is for authorization.
Diffbet oauth 1.0 and 2.0?
+
OAuth 1.0 requires cryptographic signing; OAuth 2.0 uses bearer tokens,
simpler
flow, and supports multiple grant types like Authorization Code and Client
Credentials.
Diffbet oauth and openid connect?
+
OAuth is for authorization; OIDC is an authentication layer on top of OAuth
providing user identity.
Diffbet oauth scopes and claims?
+
Scopes define the permissions requested; claims define attributes about the
user or
session.
Diffbet par and jar?
+
PAR = push request; JAR = sign request.
Diffbet published content and draft content?
+
Draft content is editable but not visible to the public; published content
is live
on the website.
Diffbet saml and jwt?
+
SAML uses XML for identity assertions; JWT uses JSON. JWT is lighter and
easier for
APIs, while SAML is enterprise-oriented.
Diffbet saml and jwt?
+
SAML = XML assertions; JWT = JSON tokens.
Diffbet saml and oauth?
+
SAML is for SSO using XML; OAuth is authorization using JSON/REST.
Diffbet saml and oidc?
+
SAML uses XML and is enterprise-focused; OIDC uses JSON and supports modern
apps.
Diffbet sso and mfa?
+
SSO = one login across apps; MFA = additional security factors during login.
Diffbet sso and oauth?
+
SSO is mainly for authentication across apps. OAuth is for delegated
authorization
without sharing credentials.
Diffbet sso and password sync?
+
SSO shares authentication state; password sync copies passwords across
systems.
Diffbet sso and slo?
+
SSO = login across apps; SLO = logout across apps.
Diffbet stateless and stateful authentication?
+
JWT enables stateless authentication—server does not store session info.
Traditional
sessions are stateful, stored on the server.
Diffbet symmetric and asymmetric encryption?
+
Symmetric uses same key for encryption and decryption. Asymmetric uses
public/private key pairs. Asymmetric is used in secure key exchange.
Diffbet umbraco api controllers and mvc controllers?
+
API controllers return JSON or XML data for apps; MVC controllers render
views/templates.
Discovery document?
+
Well-known configuration endpoint for OIDC.
Discovery important?
+
Allows dynamic configuration of OIDC clients.
Distributed denial-of-service (ddos) protection?
+
DDoS protection mitigates attacks that overwhelm cloud services with
traffic.
Do access tokens depend on scopes?
+
Yes, scopes define API permissions.
Do all protocols support slo?
+
Yes, but implementations vary.
Do all sps support sso?
+
Not always — legacy apps may need custom connectors.
Do browsers impact sso?
+
Yes, privacy modes may block redirects/cookies.
Do not log tokens?
+
Never log access or refresh tokens.
Does adfs support mfa?
+
Yes, with built-in and external providers.
Does adfs support oauth2?
+
Yes, since ADFS 3.0.
Does adfs support saml sso?
+
Yes, as IdP and SP.
Does azure ad support saml?
+
Yes, SAML 2.0 with IdP-initiated and SP-initiated flows.
Does id token depend on scopes?
+
Yes, claims in ID Token depend on scopes.
Does jwt work?
+
Server generates JWT after authentication. Client stores it (usually in
local
storage). Subsequent requests include the token in the Authorization header
for
stateless authentication.
Does oidc support single logout?
+
Yes, through RP-Initiated and Front/Back-channel logout.
Does oidc support sso?
+
Yes, OIDC provides Single Sign-On functionality.
Does okta expose jwks?
+
/oauth2/v1/keys endpoint.
Does okta support password sync?
+
Yes, via provisioning connectors.
Does pingfederate issue jwt tokens?
+
Yes, for access and id tokens.
Does pingfederate support mfa?
+
Yes, via PingID or third-party integrations.
Does pingfederate support pkce?
+
Yes, for public clients.
Does pingfederate support saml sso?
+
Yes, both IdP and SP roles.
Does saml ensure security?
+
Uses XML signatures, encryption, certificates, and timestamps.
Does saml metadata contain?
+
Certificates, endpoints, SSO URLs, entity IDs.
Does saml stand for?
+
Security Assertion Markup Language.
Does saml use tokens?
+
Yes, SAML assertions are XML-based tokens.
Does silent logout mean?
+
Logout without redirecting the user.
Does slo fail?
+
Different implementations or expired sessions.
Does sso break?
+
Wrong certificates, clock skew, misconfigured endpoints.
Does sso enhance security?
+
Reduces password fatigue, centralizes authentication policies, enables MFA,
and
minimizes login-related vulnerabilities.
Does sso help in compliance?
+
Yes, supports SOC2, HIPAA, GDPR requirements.
Does sso improve auditability?
+
Centralized login logs.
Does sso improve security?
+
Reduces password fatigue, phishing risk, and enforces central policies.
Does sso improve security?
+
Centralized authentication and MFA enforcement.
Does sso increase productivity?
+
Yes, no repeated logins.
Does sso reduce attack surface?
+
Yes, fewer passwords and login endpoints.
Does sso reduce helpdesk calls?
+
Reduces password reset requests.
Does sso require accurate time sync?
+
Yes, tokens require clock accuracy.
Does sso require certificate management?
+
Yes, periodic rollover is required.
Does sso work?
+
A centralized identity provider authenticates the user, issues a token or
cookie,
and applications trust this token to grant access.
Domain federation?
+
Configures ADFS or external IdP to authenticate domain users.
Dpop?
+
Demonstration of Proof-of-Possession; prevents token theft misuse.
Dynamic client registration?
+
Allows clients to auto-register at IdP.
Dynamic group?
+
Group with rule-based membership.
Email' scope?
+
Access to user email and email_verified.
Encode saml messages?
+
To ensure safe transport via URLs or POST.
Encrypt sensitive attributes?
+
Highly recommended.
Encryption at rest?
+
Encryption at rest protects stored data using cryptographic techniques.
Encryption errors occur?
+
Incorrect certificate or key mismatch.
Encryption in cloud?
+
Encryption protects data in transit and at rest using algorithms like AES or
RSA. It
prevents unauthorized access to sensitive cloud data.
Encryption in transit?
+
Encryption in transit protects data as it travels over networks between
cloud
services or users.
End_session endpoint?
+
Used for OIDC logout operations.
Endpoint security in cloud?
+
Protects client devices, VMs, and containers from malware, unauthorized
access, and
vulnerabilities.
Enforce mfa?
+
Improves security for sensitive resources.
Enterprise application?
+
Represents an SP configuration used for SSO.
Enterprise sso?
+
SSO for employees using enterprise IdPs.
Entity category?
+
Classification of SP/IdP capabilities.
Entity id?
+
A unique identifier for SP or IdP in SAML.
Example of federation hub?
+
Azure AD, ADFS, Okta, PingFederate.
Exp' claim?
+
Expiration timestamp.
Expired assertion'?
+
Assertion outside NotOnOrAfter time.
Explain auto scaling.
+
Auto Scaling automatically adjusts compute resources based on demand,
improving
availability and cost efficiency.
Explain bastion host.
+
A Bastion host is a secure jump server used to access instances in private
networks.
Explain cloud firewall.
+
Cloud firewalls filter network traffic at the edge or VM level, enforcing
security
rules to prevent unauthorized access.
Explain disaster recovery in cloud.
+
Disaster Recovery (DR) is a set of processes to restore cloud applications
and data
after failures. It involves backups, replication, multi-region deployment,
and
failover strategies.
Failover in cloud?
+
Automatic switching to a redundant system when a primary system fails,
ensuring
service continuity.
Fapi?
+
Financial grade API security profile for OIDC/OAuth2.
Fault tolerance in cloud?
+
Fault tolerance ensures the system continues functioning despite component
failures
using redundancy and failover.
Federated identity?
+
Using external identity providers like Google or Azure AD.
Federation hub?
+
Central IdP connecting multiple SPs.
Federation in azure ad?
+
Using ADFS or external IdPs for authentication.
Federation in sso?
+
Trust relationship enabling cross-domain authentication.
Federation metadata?
+
Configuration XML exchanged between IdP and SP.
Federation?
+
Trust between identity providers and service providers.
Fine-grained authorization?
+
Scoped permissions down to resource-level.
Flow is best for iot devices?
+
Device Code flow.
Flow is best for machine-to-machine?
+
Client Credentials.
Flow is best for mobile?
+
Authorization Code with PKCE.
Flow is best for spas?
+
Authorization Code with PKCE (Implicit avoided).
Flow is more secure?
+
SP-initiated, due to request ID validation.
Flow should spas use?
+
Authorization Code Flow with PKCE.
Flow supports refresh tokens?
+
Authorization Code Flow and Hybrid Flow.
Flow supports sso?
+
Authorization Code or Hybrid flow via OIDC.
Flows does azure ad support?
+
Auth Code, PKCE, Client Credentials, Device Code, ROPC.
Format are oauth tokens?
+
Typically JWT or opaque tokens.
Format does oidc use?
+
JSON, REST APIs, and JWT tokens.
Formats can access tokens use?
+
JWT or opaque format.
Formats can id tokens use?
+
Always JWT.
Frontchannel logout?
+
Logout performed via the browser using redirects.
Front-channel logout?
+
Logout via browser redirects.
Front-channel logout?
+
Browser-based logout using redirects.
Front-channel slo?
+
Uses browser redirects for logout.
Global logout?
+
Logout from entire identity federation.
Grant type
+
Defines how the client collects and exchanges access tokens.
Graph api?
+
API to manage users, groups, and apps.
Happens if idp is down during slo?
+
SPs may not logout properly.
Haproxy in cloud?
+
HAProxy is a load balancer and proxy server that supports high availability
and
failover.
High availability (ha) in cloud?
+
HA ensures that cloud services remain accessible with minimal downtime. It
uses
redundancy, failover mechanisms, and load balancing to maintain continuous
operations.
Home realm discovery?
+
Identifies which IdP user belongs to.
Home realm discovery?
+
Choosing correct IdP based on the user.
Http artifact binding?
+
Message reference is sent, not entire assertion.
Http post binding?
+
SAML message sent through an HTML form post.
Http redirect binding?
+
SAML message is sent via URL query string.
Https requirement?
+
OAuth 2.0 must use HTTPS for all communication.
Hybrid cloud security?
+
Hybrid cloud security protects workloads and data across on-premises and
cloud
environments.
Hybrid flow?
+
Combination of implicit + authorization code (OIDC).
Hybrid flow?
+
Combination of Implicit and Authorization Code flows.
Iam in cloud security?
+
Identity and Access Management controls who can access cloud resources and
what
actions they can perform.
Iam in cloud security?
+
Identity and Access Management controls who can access cloud resources and
what they
can do. It includes authentication, authorization, roles, policies, and MFA.
Iat' claim?
+
Issued-at timestamp.
Id token signature?
+
Verifies integrity and authenticity.
Id token?
+
JWT token containing authentication details.
Id token?
+
A JWT containing identity information about the user.
Id_token?
+
OIDC token containing user identity claims.
Id_token_hint?
+
Hint for logout identifying user's ID Token.
Identifier (entity id)?
+
SP unique identifier configured in Azure AD.
Identity brokering?
+
IdP sits between user and multiple IdPs.
Identity federation?
+
Identity federation allows users to access multiple cloud services using a
single
identity.
Identity federation?
+
A trust relationship allowing different systems to share authentication.
Identity hub?
+
A centralized identity broker connecting many IdPs.
Identity protection?
+
Detects risky logins and risky users.
Identity provider (idp)?
+
An IdP is a trusted service that authenticates users and issues tokens or
assertions
for SSO.
Identity provider (idp)?
+
Authenticates users and issues claims.
Identity provider (idp)?
+
A service that authenticates a user and issues SAML assertions.
Identity token validation?
+
Ensuring token signature, audience, and issuer are correct.
Idp discovery?
+
Selecting the correct identity provider for login.
Idp federation?
+
One IdP authenticates users for many SPs.
Idp in sso?
+
Identity Provider — authenticates the user.
Idp metadata url?
+
URL where SP fetches IdP metadata.
Idp proxying?
+
IdP acting as intermediary between user and another IdP.
Idp?
+
System that authenticates users and issues tokens/assertions.
Idp-initiated sso?
+
Login initiated from Identity Provider.
Idp-initiated sso?
+
User starts login at the Identity Provider.
Immutable infrastructure?
+
Infrastructure that is never modified after deployment, only replaced. It
ensures
consistency and security.
Impersonation?
+
User acting as another identity — dangerous and restricted.
Implicit flow deprecated?
+
Exposes tokens to browser and insecure environments.
Implicit flow deprecated?
+
Less secure, exposes tokens in browser URL.
Implicit flow?
+
Legacy browser-based flow without backend; not recommended.
Implicit flow?
+
Old flow that returns tokens via browser fragments.
Implicit grant flow?
+
OAuth 2.0 flow for client-side apps where tokens are returned directly
without
client secret.
Implicit vs code flow?
+
Code Flow more secure; Implicit deprecated.
Incremental consent?
+
Requesting only partial permissions at first.
Inresponseto attribute?
+
Links the response to the matching AuthnRequest.
Inresponseto missing'?
+
IdP did not include request ID; insecure for SP-initiated.
Introspection endpoint?
+
Used to validate opaque access tokens.
Intrusion detection and prevention (ids/ips)?
+
IDS/IPS monitors network traffic for malicious activity, raising alerts or
blocking
threats.
Intrusion detection system (ids)?
+
IDS monitors cloud traffic for malicious activity or policy violations.
Intrusion prevention system (ips)?
+
IPS not only detects but also blocks malicious traffic in real time.
Invalid signature' error?
+
Assertion signature mismatch or wrong certificate.
Is jwt used in microservices?
+
JWT allows secure stateless communication between microservices, with each
service
verifying the token without a central session store.
Is jwt verified?
+
Server uses the secret or public key to verify the token’s signature and
validity,
ensuring it was issued by a trusted source.
Is more reliable — front or back channel?
+
Back-channel, because it avoids browser issues.
Is oauth 2.0 for authentication?
+
Not by design; it's for authorization. OIDC adds authentication.
Is oauth 2.0 stateful or stateless?
+
Can be either, depending on token type and architecture.
Is oidc authentication or authorization?
+
OIDC is authentication; OAuth2 is authorization.
Is oidc stateless or stateful?
+
Stateless — relies on JWT tokens.
Is oidc suitable for mobile apps?
+
Yes, highly optimized for mobile clients.
Is saml used for authentication or authorization?
+
Primarily authentication; asserts user identity to SP.
Is sso a single point of failure?
+
Yes, if IdP is down, login for all apps fails.
Is sso for authentication or authorization?
+
SSO is primarily for authentication.
Is sso latency-prone?
+
Yes, due to redirects and token validation.
Is token expiry handled in oauth?
+
Access tokens have a short TTL; refresh tokens are used to request a new
access
token without user interaction.
Iss' claim?
+
Issuer identifier.
Issuer claim?
+
Identifies authorization server that issued the token.
Issuer mismatch'?
+
Incorrect IdP entity ID used.
Jar (jwt authorization request)?
+
Authorization request packaged as signed JWT.
Jarm?
+
JWT-secured Authorization Response Mode — adds signing to auth responses.
Just-in-time provisioning?
+
Provision user accounts at login time.
Just-in-time provisioning?
+
User is created automatically during login.
Jwks endpoint?
+
JSON Web Key Set for token verification keys.
Jwks uri?
+
Endpoint serving public keys for validating tokens.
Jwks?
+
JSON Web Key Set for validating tokens.
Jwt header?
+
Header specifies the signing algorithm (e.g., HS256) and token type (JWT).
Jwt kid field?
+
Key ID to identify which signing key to use.
Jwt payload?
+
The payload contains claims, which are statements about the user or session
(e.g.,
user ID, roles, expiration).
Jwt signature?
+
The signature ensures the token’s integrity. It is generated using a secret
(HMAC)
or private key (RSA/ECDSA).
Jwt signature?
+
Cryptographic signature verifying authenticity.
Jwt token?
+
Self-contained token with claims.
Jwt?
+
JSON Web Token (JWT) is a compact, URL-safe token format used to securely
transmit
claims between parties. It includes a header, payload, and signature.
Jwt?
+
JSON Web Token — compact, signed token.
Kerberos?
+
Network authentication protocol used in Windows SSO.
Key components of cloud security?
+
Key components include identity and access management (IAM) data protection
network
security monitoring and compliance.
Key management service (kms)?
+
KMS is a cloud service for creating managing and controlling encryption keys
securely.
Key management service (kms)?
+
KMS securely creates, stores, and rotates encryption keys for cloud
resources.
Kubernetes role in ha?
+
Kubernetes provides HA by managing pods across multiple nodes, self-healing,
and
load balancing.
Limit attribute sharing?
+
Minimize data to reduce privacy risk.
Limit scopes?
+
Yes, always follow least privilege.
Load balancer?
+
A load balancer distributes incoming traffic across multiple servers to
ensure high
availability and performance.
Logging & auditing in cloud security?
+
Captures user actions and system events to detect breaches, analyze
incidents, and
meet compliance.
Logout method is most reliable?
+
Back-channel logout.
Main cloud security challenges?
+
Challenges include data breaches insecure APIs misconfigured cloud services
insider
threats and compliance issues.
Main types of cloud security?
+
Includes Data Security, Network Security, Identity & Access Management
(IAM),
Application Security, and Endpoint Security. It protects cloud workloads
from
breaches and vulnerabilities.
Metadata important?
+
Ensures both IdP and SP trust each other and understand endpoints.
Metadata signature?
+
Indicates authenticity of metadata file.
Mfa in oauth?
+
Additional step enforced by authorization server.
Microsegmentation in cloud security?
+
Divides networks into smaller segments to isolate workloads and minimize
lateral
attack movement.
Microsoft graph permissions?
+
Scopes that define what an app can access.
Monitor saml logs?
+
Detects anomalies and attacks.
Mtls in oauth?
+
Mutual TLS binding tokens to client certificates.
Multi-cloud security?
+
Multi-cloud security manages security consistently across multiple cloud
providers.
Multi-factor authentication (mfa)?
+
MFA requires multiple forms of verification to access cloud resources
enhancing
security.
Multi-factor authentication (mfa)?
+
MFA requires two or more verification methods to access cloud resources,
enhancing
security beyond passwords.
Multi-federation?
+
Multiple IdPs serving different user groups.
Multi-region deployment?
+
Deploying resources in multiple regions improves disaster recovery,
redundancy, and
availability.
Multi-tenant app?
+
App serving multiple organizations with separate identities.
Multi-tenant identity?
+
Multiple tenants share identity infrastructure.
Nameid formats?
+
EmailAddress, Persistent, Transient, Unspecified.
Nameid?
+
Unique identifier for the user in SAML.
Nameidmapping?
+
Mapping NameIDs between IdP and SP.
Network acl?
+
Network ACL is a stateless firewall used to control traffic at the subnet
level.
Network acl?
+
A Network Access Control List controls traffic at the subnet level. It
provides an
additional layer beyond security groups.
Nonce' claim?
+
Used to prevent replay attacks.
Nonce used for?
+
To prevent replay attacks.
Nonce used for?
+
Prevents replay attacks.
Nonce?
+
Unique value used in ID token to prevent replay.
Not to store tokens?
+
LocalStorage or unencrypted browser memory.
Notbefore claim?
+
Defines earliest time the assertion is valid.
Notonorafter claim?
+
Expiration time of assertion.
Oauth 2
+
OAuth 2 is an open authorization framework enabling secure access delegation
without
sharing passwords.
Oauth 2.0 grant types?
+
Auth Code, PKCE, Client Credentials, Password, Implicit, Device Code.
Oauth 2.0?
+
An authorization framework allowing third-party apps to access user
resources
without sharing passwords.
Oauth 2.1?
+
A simplification removing implicit and ROPC flows; PKCE required.
Oauth backchannel logout?
+
Mechanism to notify apps of user logout.
Oauth device flow?
+
Auth flow for devices without browsers.
Oauth grant types?
+
Common grant types: Authorization Code, Implicit, Password Credentials,
Client
Credentials. They define how clients obtain access tokens.
Oauth introspection endpoint?
+
API to check token validity for opaque tokens.
Oauth revocation endpoint?
+
API to revoke access or refresh tokens.
Oauth?
+
OAuth is an open-standard authorization protocol that allows third-party
apps to
access user resources without sharing credentials. It issues access tokens
to grant
limited access to resources.
Oauth2 used for?
+
Authorization, not authentication.
Oauth2 with sso integration?
+
OAuth2 with SSO enables a single login using OAuth’s token-based
authorization to
access multiple protected services.
Oidc claims?
+
Statements about a user (e.g., email, name).
Oidc created?
+
To enable secure user authentication using modern JSON/REST technology.
Oidc discovery document?
+
Well-known configuration containing endpoints and metadata.
Oidc federation?
+
Uses OIDC for federated identity.
Oidc flow is best for spas?
+
Auth Code Flow with PKCE.
Oidc in apple sign-in?
+
Apple Sign-In is based on OIDC standards.
Oidc in auth0?
+
Auth0 fully supports OIDC flows and JWT issuance.
Oidc in aws cognito?
+
Cognito provides OIDC-based hosted UI flows.
Oidc in azure ad?
+
Azure AD supports OIDC with Microsoft Identity platform.
Oidc in fusionauth?
+
FusionAuth supports OIDC, MFA, and OAuth2 flows.
Oidc in google identity?
+
Google uses OIDC for all user authentication.
Oidc in keycloak?
+
Keycloak is an open-source IdP supporting OIDC.
Oidc in okta?
+
Okta provides custom and default OIDC authorization servers.
Oidc in pingfederate?
+
PingFederate supports OIDC with OAuth AS extensions.
Oidc in salesforce?
+
Salesforce acts as an OIDC provider for SSO.
Oidc in sso?
+
OAuth2-based identity layer issuing ID tokens.
Oidc preferred over saml?
+
Lightweight JSON tokens, mobile-ready, modern architecture.
Oidc scopes?
+
Permissions for claims in ID Token/UserInfo.
Oidc vs api keys?
+
OIDC is secure and user-based; API keys are static secrets.
Oidc vs basic auth?
+
OIDC uses token-based modern auth; Basic Auth sends credentials each time.
Oidc vs jwt?
+
OIDC uses JWT; JWT is a token format, not a protocol.
Oidc vs kerberos?
+
OIDC = web/mobile; Kerberos = internal network protocol.
Oidc vs oauth device flow?
+
OIDC is for login; Device Flow is for non-browser devices.
Oidc vs oauth2?
+
OIDC adds authentication; OAuth2 only handles authorization.
Oidc vs password auth?
+
OIDC uses tokens; password auth uses credentials directly.
Oidc vs saml?
+
OIDC uses JSON/REST; SAML uses XML. OIDC suits mobile and modern apps.
Oidc vs ws-fed?
+
OIDC is modern JSON-based; WS-Fed is legacy Microsoft protocol.
Oidc?
+
OpenID Connect is an identity layer built on top of OAuth 2.0 to
authenticate users.
Okta api token?
+
Token used for administrative API calls.
Okta app integration?
+
Application configuration for SSO.
Okta asa?
+
Advanced Server Access for SSH/RDP identity access.
Okta authentication api?
+
REST API for user authentication and token issuance.
Okta authorization server?
+
Custom OAuth server controlling token issuance.
Okta identity engine?
+
New adaptive authentication platform.
Okta idp discovery?
+
Chooses correct IdP based on user attributes.
Okta inline hook?
+
Extend Okta flows with external logic.
Okta mfa?
+
Multi-step authentication including SMS, Push, TOTP.
Okta org?
+
Dedicated Okta tenant for an organization.
Okta risk-based authentication?
+
Dynamically challenges or blocks based on risk.
Okta sign-on policy?
+
Rules defining how users authenticate to applications.
Okta system log?
+
Audit log for events and authentication attempts.
Okta universal directory?
+
Directory service storing users, groups, and attributes.
Okta verify?
+
Mobile authenticator for push and TOTP.
Okta vs adfs?
+
Okta = cloud SaaS; ADFS = on-prem with heavy infrastructure.
Okta vs pingfederate?
+
Okta = cloud-first; Ping = enterprise customizable federation.
Okta workflow?
+
Automation engine for identity tasks.
Okta?
+
Identity platform supporting SAML SSO.
Okta?
+
Identity and access management provider for cloud applications.
Opaque token?
+
Token that requires introspection to validate.
Openid connect (oidc)?
+
OIDC is an identity layer on top of OAuth 2.0 for authentication, returning
an ID
token that provides user identity info.
Openid' scope?
+
Mandatory scope to enable OIDC.
Par (pushed authorization request)?
+
Client sends authorization details via a secure POST before redirect.
Par (pushed authorization requests)?
+
Securely sends auth request to IdP before redirect — prevents tampering.
Partial logout?
+
Only some apps logout.
Password credentials grant
+
User provides username/password directly to client; now discouraged due to
security
risks.
Password vaulting sso?
+
SSO by storing and auto-filling credentials.
Passwordless sso?
+
SSO without passwords using FIDO2/WebAuthn.
Persistent nameid?
+
Long-lived identifier for a user.
Phone' scope?
+
Access to phone and phone_verified.
Pingdirectory?
+
Directory used with PingFederate for user management.
Pingfederate authentication policy?
+
Controls how authentication decisions are made.
Pingfederate connection?
+
Configuration linking SP and IdP.
Pingfederate console?
+
Admin dashboard for configuration.
Pingfederate idp adapter?
+
Plugin to authenticate users (LDAP, Kerberos etc).
Pingfederate oauth as?
+
Acts as authorization server issuing tokens.
Pingfederate vs adfs?
+
Ping = more flexible; ADFS = Microsoft ecosystem-focused.
Pingfederate?
+
Enterprise IdP/SP platform supporting SAML.
Pingfederate?
+
Enterprise federation server for SSO and identity integration.
Pingone?
+
Cloud identity solution integrating with PingFederate.
Pkce extension?
+
Proof Key for Code Exchange — protects public clients.
Pkce introduced?
+
To prevent authorization code interception attacks.
Pkce?
+
Proof Key for Code Exchange; improves security for public clients.
Pkce?
+
Enhances OAuth2 security for public clients.
Policy contract?
+
Defines attributes shared with SP/IdP.
Post_logout_redirect_uri?
+
URL where user is redirected after logout.
Principle of least privilege?
+
Users are granted only the permissions necessary to perform their job
functions.
Privileged identity management?
+
Controls and audits privileged roles.
Problem does oauth 2.0 solve?
+
It enables secure delegated access using tokens instead of credentials.
Profile' scope?
+
Access to basic user attributes.
Prohibited in oidc?
+
Tokens through URL (except legacy implicit flow).
Proof-of-possession?
+
Tokens tied to a key so only holder with key can use them.
Protocol does azure ad support?
+
OIDC, OAuth2, SAML2, WS-Fed.
Protocol format does saml use?
+
XML.
Protocol is best for mobile apps?
+
OIDC and OAuth2.
Protocol is best for web apps?
+
SAML2 for enterprises, OIDC for modern apps.
Protocol uses json/jwt?
+
OIDC.
Protocol uses xml?
+
SAML2.
Protocols does adfs support?
+
SAML, WS-Fed, OAuth2, OIDC.
Protocols does okta support?
+
OIDC, OAuth2, SAML2, SCIM.
Protocols does pingfederate support?
+
OIDC, OAuth2, SAML2, WS-Trust.
Protocols support sso?
+
SAML2, OIDC, OAuth2, WS-Fed, Kerberos.
Public client?
+
Cannot securely store secrets — e.g., mobile, SPAs.
Public client?
+
Client without a secure place to store secrets (SPA, mobile app).
Rate limiting in cloud security?
+
Limits the number of requests to APIs or services to prevent abuse and DDoS
attacks.
Recipient attribute?
+
SP endpoint expected to receive the assertion.
Redirect uri?
+
Endpoint where authorization server sends tokens or codes.
Redirect_uri?
+
URL where tokens/codes are sent after login.
Redundancy in ha?
+
Duplication of critical components to avoid single points of failure, e.g.,
multiple
servers, networks, or databases.
Refresh token flow?
+
Used to obtain new access tokens silently.
Refresh token grace period?
+
Allows old token to work briefly during rotation.
Refresh token lifetime?
+
Can be days to months based on policy.
Refresh token rotation?
+
Each refresh returns a new token; old one invalidated.
Refresh token?
+
A long-lived token used to obtain new access tokens.
Refresh token?
+
Used to get new access tokens without re-login.
Refresh token?
+
A long-lived token used to get new access tokens.
Refresh tokens long lived?
+
To enable new access tokens without user interaction.
Registration endpoint?
+
Dynamic client registration.
Relationship between oauth2 and oidc?
+
OIDC extends OAuth2 by adding identity features.
Relaystate?
+
State parameter passed between SP and IdP to maintain context.
Relaystate?
+
Parameter that preserves return URL or context.
Relying party trust?
+
Configuration for apps that rely on ADFS for authentication.
Replay attack?
+
Reusing captured tokens.
Replay detected'?
+
Assertion already used before.
Reply/acs url?
+
Endpoint where Azure AD posts SAML responses.
Resource owner password grant (ropc)?
+
User sends username/password directly; insecure and deprecated.
Resource owner?
+
The user or entity owning the protected resource.
Resource server responsibility?
+
Validate tokens and expose APIs.
Resource server?
+
The API hosting the protected resources.
Response_mode?
+
Defines how tokens are returned (query, form_post, fragment).
Response_type?
+
Defines which tokens are returned (code, id_token, token).
Restrict redirect_uri?
+
Prevents token leakage to malicious URLs.
Risk-based authentication?
+
Adaptive authentication based on context.
Risk-based sso?
+
Challenges based on user risk profile.
Ropc flow?
+
Resource Owner Password Credentials — now discouraged.
Ropc used?
+
Legacy or highly trusted systems; not recommended.
Rotate certificates periodically?
+
Prevents long-term compromises.
Rotate secrets regularly?
+
Client secrets should be rotated periodically.
Rp-initiated logout?
+
Client logs the user out at IdP.
Rpo and rto?
+
RPO (Recovery Point Objective): max data loss allowed, RTO (Recovery Time
Objective): max downtime allowed during recovery
Saml 2.0?
+
A standard for exchanging authentication and authorization data using
XML-based
security assertions.
Saml attribute query?
+
SP querying user attributes via SOAP.
Saml authentication flow?
+
SP sends AuthnRequest → IdP authenticates → IdP sends assertion → SP
validates →
user logged in.
Saml binding?
+
Defines how SAML messages are transported over HTTP.
Saml federation?
+
Allows authentication across organizations.
Saml federation?
+
Establishes trust using SAML metadata.
Saml flow is more secure?
+
SP-initiated SSO due to request ID matching.
Saml in sso?
+
XML-based single sign-on protocol used in enterprises.
Saml is not good for mobile?
+
XML processing is heavy and not designed for mobile flows.
Saml logoutrequest?
+
Request to initiate logout across IdP and SP.
Saml metadata?
+
XML document describing IdP and SP configuration.
Saml profile?
+
Defines use cases like Web SSO, SLO, IdP proxying.
Saml response?
+
XML message containing the SAML assertion.
Saml response?
+
IdP's message containing user identity.
Saml single logout (slo)?
+
Logout from one system logs the user out of all SAML-connected systems.
Saml still used?
+
Strong enterprise adoption and compatibility with legacy systems.
Saml strength?
+
Federated SSO, enterprise security.
Saml weakness?
+
Complexity, XML overhead, slower than OIDC.
Saml?
+
Security Assertion Markup Language (SAML) is an XML-based standard for
exchanging
authentication and authorization data between an identity provider and
service
provider.
Scim provisioning in okta?
+
Automatic user account creation/deletion in apps.
Scim provisioning?
+
Automatic provisioning of users to cloud apps.
Scim?
+
Protocol for automated user provisioning.
Scim?
+
Automated user provisioning for SSO apps.
Scope restriction?
+
Limit token permissions to least privilege.
Scope?
+
Defines the level of access requested by the client.
Seamless sso?
+
Automatically signs in users on corporate devices.
Secrets management?
+
Securely stores and manages API keys, passwords, and certificates used by
cloud apps
and containers.
Security automation with devsecops?
+
Integrating security in CI/CD pipelines to automate scanning, testing, and
policy
enforcement during development.
Security context?
+
Session stored after validating assertion.
Security group vs network acl?
+
Security group is stateful; network ACL is stateless and applies at subnet
level.
Security group?
+
Security Groups act as virtual firewalls in cloud environments to control
inbound
and outbound traffic for VMs and containers.
Security groups in cloud?
+
Security groups act as virtual firewalls controlling inbound and outbound
traffic to
cloud resources.
Security information and event management (siem)?
+
SIEM collects analyzes and reports on security events across cloud
environments.
Security information and event management (siem)?
+
SIEM collects and analyzes logs in real-time to detect, alert, and respond
to
security threats.
Separate auth and resource servers?
+
Improves security and scales better.
Serverless security?
+
Serverless security addresses vulnerabilities in functions-as-a-service
(FaaS) and
managed backend services.
Serverless security?
+
Securing FaaS (Functions as a Service) involves identity policies, least
privilege
access, and monitoring event triggers.
Service provider (sp)?
+
SP is the application that relies on IdP for authentication and trusts the
IdP’s
tokens or assertions.
Service provider (sp)?
+
Relies on IdP for authentication.
Service provider (sp)?
+
An application that consumes SAML assertions and grants access.
Session endpoint?
+
Endpoint for session management.
Session federation?
+
Sharing session state across domains.
Session hijacking?
+
Stealing a valid session to impersonate a user.
Session in sso?
+
Stored authentication state allowing continuous access.
Session token vs id token?
+
Session = internal system token; ID token = external identity token.
Session_state?
+
Identifier for user session at IdP.
Shared responsibility model in aws?
+
AWS secures the cloud infrastructure; customers secure their data
applications and
configurations.
Shared responsibility model in azure?
+
Azure secures physical data centers; customers manage applications data and
identity.
Shared responsibility model in gcp?
+
GCP secures the infrastructure; customers secure workloads data and user
access.
Shared responsibility model?
+
It defines which security responsibilities belong to the cloud provider and
which to
the customer.
Should assertions be encrypted?
+
Yes, especially for sensitive data.
Should tokens be short-lived?
+
Reduces impact of compromise.
Signature validation?
+
Checks if signed by trusted IdP.
Signature verification fails?
+
Wrong certificate or XML manipulation.
Silent authentication?
+
Refreshes tokens without user interaction.
Single federation?
+
Using one IdP across multiple apps.
Single logout?
+
Logout from one app logs out from all federated apps.
Single sign-on (sso)?
+
SSO enables users to log in once and access multiple cloud applications
without
re-authentication.
Sla in cloud?
+
Service Level Agreement defines uptime guarantees, availability, and
performance
metrics with providers.
Slo is more reliable?
+
Back-channel — avoids browser failures.
Slo may fail?
+
SPs may ignore logout request or session mismatch.
Slo unreliable?
+
Different SP implementations and browser constraints.
Slo?
+
Single Logout — logs user out from all apps.
Slo?
+
Single Logout across all federated apps.
Sni support in adfs?
+
Allows multiple SSL certs on same host.
Soap binding?
+
Used for back-channel communication like logout.
Sp adapter?
+
Adapter to authenticate SP requests.
Sp federation?
+
One SP trusts multiple IdPs.
Sp in sso?
+
Service Provider — application consuming the identity.
Sp metadata url?
+
URL where IdP fetches SP metadata.
Sp?
+
Application that uses IdP authentication.
Sp-initiated sso?
+
Login initiated from Service Provider.
Sp-initiated sso?
+
User starts login at the Service Provider.
Ssl/tls in cloud?
+
SSL/TLS encrypts data in transit, ensuring secure communication between
clients and
cloud services.
Sso connector?
+
Pre-integrated SSO configuration for apps.
Sso improves identity governance?
+
Yes, ensures consistent user lifecycle management.
Sso in saml?
+
Single Sign-On enabling users to access multiple apps with one login.
Sso needed?
+
It improves user experience and security by eliminating repeated logins.
Sso provider?
+
A platform offering authentication and federation services.
Sso setup complex?
+
Requires certificates, metadata, mappings, and trust configuration.
Sso url?
+
Identity Provider endpoint that handles authentication requests.
Sso with adfs?
+
Supports SAML and WS-Fed for on-prem identity.
Sso with azure ad?
+
Uses SAML, OIDC, OAuth, and Conditional Access.
Sso with okta?
+
Supports SAML, OIDC, SCIM, and rich policy controls.
Sso with pingfederate?
+
Enterprise SSO with SAML, OAuth, and adaptive auth.
Sso?
+
SSO allows users to log in once and access multiple applications without
re-entering
credentials. It improves UX and security.
Sso?
+
Single sign-on allowing one login for multiple apps.
Sso?
+
Single Sign-On enabling access to multiple apps after one login.
Sso?
+
Single Sign-On allows a user to log in once and access multiple systems
without
logging in again.
State parameter?
+
Protects against CSRF attacks.
State parameter?
+
Protects against CSRF attacks.
Step-up authentication?
+
Requesting stronger authentication mid-session.
Sts?
+
Security Token Service issuing tokens.
Sub' claim?
+
Subject — unique identifier of the user.
Subjectconfirmationdata?
+
Contains conditions like recipient and expiration.
Surface controllers?
+
Surface controllers handle form submissions and page interactions in MVC
views for
Umbraco sites.
Tenant in azure ad?
+
A dedicated Azure AD instance for an organization.
Test slo compatibility?
+
Different SPs/IdPs implement SLO inconsistently.
Tls required for oidc?
+
Prevents token interception.
To check adfs logs?
+
Use Event Viewer under ADFS Admin logs.
To export metadata?
+
Access /FederationMetadata/2007-06/FederationMetadata.xml.
To extend umbraco functionality?
+
Use custom controllers, property editors, surface controllers, or packages.
To handle jwt expiration?
+
Use short-lived access tokens and refresh tokens to renew them without
re-authentication.
To implement role-based authorization with jwt?
+
Include roles in JWT claims and validate in the application to allow/deny
access to
resources.
To implement sso with umbraco?
+
Integrate with SAML/OIDC provider; configure Umbraco to trust the IdP,
enabling
centralized authentication.
To integrate oauth with umbraco?
+
Use OAuth packages or middleware to enable login with third-party providers.
Tokens
are verified in the Umbraco back-office.
To integrate oauth/jwt in angular or react with
umbraco
backend?
+
Frontend requests token via OAuth flow; backend validates JWT before serving
content
or API data.
To prevent replay attacks?
+
Use PoP tokens or nonce/PKCE mechanisms.
To prevent replay attacks?
+
Use timestamps, one-time use, and session validation.
To prevent replay attacks?
+
Use timestamps, nonce, and audience restrictions.
To prevent session hijacking?
+
Use secure cookies, TLS, and short sessions.
To prevent token hijacking?
+
Use HTTPS, short-lived tokens, PKCE, and secure storage.
To refresh jwt tokens?
+
Use refresh tokens to request a new access token without re-authentication.
Implement server-side validation for security.
To revoke jwt tokens?
+
Maintain a blacklist or short-lived tokens; revoke by invalidating refresh
tokens.
To secure microservices with jwt?
+
Each microservice validates the token signature, expiry, and claims,
ensuring
stateless and secure access.
To secure umbraco back-office?
+
Enable HTTPS, enforce strong passwords, MFA, and assign roles/permissions to
users.
To store access tokens?
+
Secure storage: keychain, secure enclave, or encrypted storage.
To update token-signing certificates?
+
Auto-rollover or manual certificate update.
Token accesses apis?
+
Access Token.
Token binding?
+
Binding tokens to TLS keys; prevents misuse.
Token binding?
+
Binds tokens to client to prevent misuse.
Token chaining?
+
Passing tokens between multiple services.
Token decryption certificate?
+
Certificate used to decrypt incoming tokens.
Token encryption?
+
Encrypts token contents for confidentiality.
Token endpoint?
+
Used to exchange authorization code for tokens.
Token exchange?
+
Exchange one token for another with different scopes.
Token exchange?
+
Exchanging one token for another under OIDC/OAuth2.
Token expiration?
+
Tokens expire after a predefined time to limit misuse.
Token expiration?
+
Tokens become invalid after time limit.
Token formats does okta issue?
+
JWT-based ID, access, refresh tokens.
Token hashing?
+
Hashing codes or values to prevent leakage.
Token hashing?
+
Hash embedded in ID Token to confirm token integrity.
Token hijacking?
+
Stealing tokens to impersonate users.
Token introspection?
+
Endpoint to check token validity.
Token introspection?
+
Checks validity of OAuth access tokens.
Token introspection?
+
Endpoint used to validate opaque tokens.
Token lifetime policy?
+
Rules controlling validity of issued tokens.
Token proves authentication?
+
ID Token.
Token renewal?
+
Extending session without login.
Token replay attack?
+
Attacker reuses a captured token to gain access.
Token replay attack?
+
Reusing a stolen assertion to impersonate a user.
Token revocation?
+
Invalidating a token before it expires.
Token revocation?
+
Endpoint to revoke refresh or access tokens.
Token scope?
+
Permissions embedded in the token.
Token signing certificate?
+
Certificate used to sign SAML assertions.
Token signing key?
+
Key used to sign JWT tokens.
Token signing?
+
Cryptographically signing tokens to prevent tampering.
Token types adfs issues?
+
SAML tokens, JWT tokens in OAuth/OIDC.
Token types does azure ad issue?
+
Access token, ID token, Refresh token.
Tokenization?
+
Tokenization replaces sensitive data with unique identifiers (tokens) to
reduce
exposure.
Transient nameid?
+
Short-lived identifier used once per session.
Transport does saml commonly use?
+
HTTP Redirect, HTTP POST, HTTP Artifact.
Trust establishment?
+
Exchange of metadata and certificates.
Types of grants
+
Authorization Code, Client Credentials, Password Credentials, Refresh Token,
and
Implicit (deprecated).
Types of groups exist?
+
Directory groups, imported groups, application groups.
Types of oidc clients?
+
Public and confidential clients.
Types of pingfederate connections?
+
SP connections, IdP connections.
Types of saml assertions?
+
Authentication, Authorization Decision, Attribute.
Types of slo?
+
Front-channel and back-channel.
Types of sso does azure ad support?
+
SAML, OIDC, OAuth, Password-based SSO.
Types of sso does okta support?
+
SAML, OIDC, password vaulting.
Umbraco content service?
+
Content Service API allows CRUD operations on content nodes
programmatically.
Unsolicited response?
+
IdP-initiated response not tied to AuthnRequest.
Url of oidc discovery?
+
/.well-known/openid-configuration.
Use artifact binding?
+
More secure, avoids sending assertion through browser.
Use https always?
+
Yes, required for OAuth to avoid token leakage.
Use https everywhere?
+
Required for secure SAML transmission.
Use https in sso?
+
Protects token transport.
Use ip restrictions?
+
Adds another protection layer.
Use long-lived refresh tokens?
+
Only with rotation and revocation.
Use oidc over saml?
+
For mobile, SPAs, APIs, and modern cloud systems.
Use pkce for public clients?
+
Always.
Use rate limiting?
+
Avoid abuse of authorization endpoints.
Use refresh token rotation?
+
Prevents stolen refresh tokens from being reused.
Use saml over oidc?
+
For enterprise SSO with legacy systems.
Use secure token storage?
+
Use OS-protected key stores.
Use short assertion lifetimes?
+
Mitigates replay risk.
Use short-lived access tokens?
+
Recommended for security and performance.
Use transient nameid?
+
Enhances privacy by avoiding long-term IDs.
Userinfo endpoint?
+
Returns user profile attributes.
Userinfo signature?
+
Signed UserInfo responses for extra security.
Validate audience restrictions?
+
Ensures assertion is meant for the SP.
Validate audience?
+
Ensures token is intended for the client.
Validate expiration?
+
Prevents using expired tokens.
Validate issuer and audience?
+
Must be validated on every API call.
Validate issuer?
+
Ensures token is from trusted identity provider.
Validate redirect uris?
+
Required to prevent redirects to malicious sites.
Validate timestamps?
+
Prevents replay attacks.
Virtual private cloud (vpc)?
+
VPC is an isolated cloud network with controlled access to resources.
Virtual private cloud (vpc)?
+
A VPC isolates cloud resources in a private network, controlling routing,
subnets,
and security policies.
Wap pre-authentication?
+
Validates user before forwarding to backend server.
X.509 certificate used for in saml?
+
To sign and encrypt assertions.
Xml encryption?
+
Encrypts assertion contents for confidentiality.
Xml signature?
+
Cryptographic signing of SAML assertions.
You configure claim rules?
+
Using rule templates or custom claims transformation.
You configure sp-initiated sso?
+
Enable SAML integration with proper ACS and Entity ID.
You deploy pingfederate?
+
On-prem VM, container, or cloud VM.
Zero downtime deployment?
+
Deploying updates without interrupting service by blue-green or rolling
deployment
strategies.
Zero trust security?
+
Zero trust assumes no implicit trust; all users and devices must be verified
before
accessing resources.
Zero-trust security?
+
Zero-trust assumes no implicit trust. Every request must be verified
regardless of
origin or location.
redirect uris be exact?
+
To prevent open redirect vulnerabilities.
Aaud' claim?
+
Audience — the application that token is meant for.
Access review?
+
Feature to periodically validate user access.
Access token lifetime?
+
Time before token expires, usually minutes.
Access token lifetime?
+
Default 60–90 minutes depending on policies.
Access token manager?
+
Component controlling token storage/expiry.
Access token?
+
A credential used to access protected resources.
Access token?
+
Grants access to APIs.
Access token?
+
A token used to access APIs.
Acr'?
+
Authentication Context Class Reference — indicates authentication strength.
Acs url?
+
Assertion Consumer Service URL for SP to receive SAML assertions.
Acs url?
+
Endpoint where SP receives SAML responses.
Active-active vs active-passive ha?
+
Active-Active: all nodes serve traffic simultaneously., Active-Passive: one
node is
primary, another is standby for failover.
Adaptive authentication?
+
Dynamic authentication based on risk.
Adaptive sso?
+
Applies dynamic authentication conditions.
Address' scope?
+
Access to user address attributes.
Adfs application group?
+
Collection of OAuth/OIDC clients.
Adfs farm?
+
Cluster of servers providing redundancy.
Adfs federation metadata?
+
XML describing ADFS endpoints and certificates.
Adfs proxy?
+
Enables external access to internal ADFS.
Adfs web application proxy?
+
Proxy enabling external access to ADFS.
Adfs?
+
Active Directory Federation Services implementing SAML.
Adfs?
+
Active Directory Federation Services: on-prem identity provider.
Advantages
+
Supports SSO, secure token-based access, scoped permissions, mobile/server
support,
and third-party integrations.
Algorithms does oidc use?
+
RS256, ES256, HS256.
Always sign assertions?
+
Yes, signing is mandatory for security.
Amr'?
+
Authentication Methods Reference — methods used for authentication.
Api security in cloud?
+
API security protects cloud APIs from misuse attacks and unauthorized
access.
App registration?
+
Configuration representing an application identity.
App role assignment?
+
Assign roles to users or groups for an app.
Apps must use pkce?
+
Mobile, SPAs, and any public clients.
Artifact resolution service?
+
Endpoint used to exchange artifact for assertion.
Assertion consumer service?
+
Endpoint where SP receives SAML responses.
Assertion in saml?
+
A package of security information issued by an Identity Provider.
Assertion signing?
+
Proof that assertion came from trusted IdP.
Attribute mapping in ping?
+
Mapping LDAP or internal attributes to SAML assertions.
Attribute mapping?
+
Mapping SAML attributes to SP identity fields.
Attribute mapping?
+
Mapping Okta attributes to app attributes.
Attribute mapping?
+
Mapping user attributes from IdP to SP.
Attribute release policy?
+
Rules governing which user data IdP sends.
Attributes secured?
+
By signing and optional encryption.
Attributestatement?
+
Part of assertion containing user attributes.
Audience claim?
+
Identifies the resource the token is valid for.
Audience mismatch'?
+
Assertion issued for wrong SP.
Audience restriction?
+
Ensures assertion is used only by intended SP.
Audience restriction?
+
Ensures tokens are used by intended SP.
Auth_time' claim?
+
Time the user was last authenticated.
Authentication api?
+
REST API enabling custom authentication UI.
Authentication methods does adfs support?
+
Windows auth, forms auth, certificate auth.
Authnrequest?
+
Authentication request from SP to IdP.
Authnrequest?
+
A request from SP to IdP to authenticate the user.
Authorization code flow secure?
+
Tokens issued directly to backend server, not exposed to browser.
Authorization code flow?
+
OAuth 2.0 flow for server-side apps; client exchanges an authorization code
for an
access token securely.
Authorization code flow?
+
A secure flow for server-side apps exchanging code for tokens.
Authorization code flow?
+
Exchanges code for tokens securely via backend.
Authorization code flow?
+
Most secure flow using server-side token exchange.
Authorization code grant
+
Used for web apps; user logs in, backend exchanges authorization code for
access
token securely.
Authorization endpoint?
+
Used to authenticate the user.
Authorization grant?
+
Credential representing user consent.
Authorization server responsibility?
+
Issue tokens, validate clients, manage scopes and consent.
Authorization server?
+
The server issuing access tokens and managing consent.
Auto healing in kubernetes?
+
Automatically restarts failed containers or reschedules pods to healthy
nodes to
ensure continuous availability.
Avoid idp-initiated sso?
+
SP-initiated is more secure.
Avoid implicit flow?
+
Yes, deprecated for security reasons.
Azure ad b2b?
+
Allows external identities to collaborate securely.
Azure ad b2c?
+
Identity platform for customer applications.
Azure ad connect?
+
Sync tool connecting on-prem AD with Azure AD.
Azure ad mfa?
+
Multi-factor authentication service to enhance security.
Azure ad saml?
+
Azure Active Directory supporting SAML-based SSO.
Azure ad vs adfs?
+
Azure AD = cloud; ADFS = on-prem federation.
Azure ad vs okta?
+
Azure AD is Microsoft cloud identity; Okta is independent IAM leader.
Azure ad vs pingfederate?
+
Azure AD = cloud-first; PingFederate = enterprise federation with granular
control.
Azure ad?
+
A cloud-based identity and access management service by Microsoft.
Back-channel logout?
+
Logout using server-to-server messages.
Back-channel logout?
+
Server-to-server logout notifications.
Back-channel slo?
+
Uses server-to-server calls for logout.
Backup strategy for cloud?
+
Regular snapshots, versioned backups, geo-replication, and automated
schedules
ensure data recovery.
Bearer token?
+
A bearer token is a type of access token that allows access to resources
when
presented. No additional verification is required besides the token itself.
Bearer token?
+
Token that grants access without additional proof.
Best practices for jwt?
+
Use HTTPS, short-lived tokens, refresh tokens, sign tokens, and avoid
storing
sensitive data in payload.
Best practices for oauth/jwt in production?
+
Use HTTPS, short-lived tokens, refresh tokens, secure storage, signature
verification, and proper logging/auditing.
Biggest benefit of sso?
+
User convenience and reduced login friction.
Biometric sso?
+
SSO authenticated via biometrics like fingerprint or face.
Can cookies break sso?
+
Yes, blocked cookies prevent session persistence.
Can jwt be revoked?
+
JWTs are stateless, so they cannot be revoked by default. Implement token
blacklisting or short expiration for control.
Can metadata expire?
+
Yes, metadata can have expiration to enforce updates.
Can pingfederate encrypt assertions?
+
Yes, full support for SAML encryption.
Can refresh tokens be revoked?
+
Yes, through revocation endpoints.
Can scopes control mfa?
+
Yes, using acr/amr claims.
Can sso reduce password reuse?
+
Yes, only one password is needed.
Can sso reduce phishing?
+
Yes, users rarely enter passwords.
Can umbraco support jwt authentication?
+
Yes, JWT middleware can secure API endpoints and allow stateless
authentication for
custom Umbraco APIs.
Cannot oauth2 replace saml?
+
OAuth2 does not authenticate users; needs OIDC.
Certificate rollover?
+
Updating certificates without service disruption.
Certificate rollover?
+
Rotation of signing certificates to maintain security.
Check_session_iframe?
+
Used to track session changes via iframe polling.
Claim in jwt?
+
Claims are pieces of information asserted about a subject (user) in the
token, e.g.,
sub, exp, role.
Claims provider trust?
+
Identity providers trusted by ADFS.
Client credentials flow?
+
Used for server-to-server authentication without user.
Client credentials flow?
+
Server-to-server authentication, not user login.
Client credentials grant
+
Used for machine-to-machine authentication without user involvement.
Client in oauth 2.0?
+
The application requesting access to a resource.
Client in oidc?
+
Application requesting tokens from IdP.
Client secret?
+
Confidential credential used by backend clients.
Client secret?
+
Credential used for confidential OAuth clients.
Client_id?
+
Unique identifier for the client.
Client_secret?
+
Secret only known to confidential clients.
Cloud access control?
+
Access control manages who can access cloud resources and what operations
they can
perform.
Cloud access key best practices?
+
Rotate keys use IAM roles avoid hardcoding keys and monitor usage.
Cloud access security broker (casb)?
+
CASB is a security solution placed between cloud users and services to
enforce
security policies.
Cloud access security broker (casb)?
+
CASB acts as a policy enforcement point between users and cloud services to
monitor
and protect sensitive data.
Cloud audit logging?
+
Audit logging records user activity configuration changes and security
events in
cloud platforms.
Cloud audit trail?
+
Audit trail logs record all user actions and system changes for
accountability and
compliance.
Cloud breach detection?
+
Breach detection identifies unauthorized access or compromise of cloud
resources.
Cloud compliance auditing?
+
Compliance auditing verifies cloud configurations and operations meet
regulatory
requirements.
Cloud compliance frameworks?
+
Frameworks include ISO 27001 SOC 2 HIPAA PCI DSS and GDPR.
Cloud compliance standards?
+
Standards like ISO 27001, SOC 2, GDPR, HIPAA ensure cloud providers meet
regulatory
security requirements.
Cloud data backup?
+
Data backup creates copies of cloud data to restore in case of loss or
corruption.
Cloud data classification?
+
Data classification categorizes cloud data by sensitivity to apply proper
security
controls.
Cloud data residency?
+
Data residency ensures cloud data is stored in specified geographic
locations to
comply with regulations.
Cloud ddos mitigation best practices?
+
Use distributed protection traffic filtering auto-scaling and monitoring.
Cloud disaster recovery?
+
Disaster recovery ensures cloud workloads can recover quickly from failures
or
attacks.
Cloud encryption best practices?
+
Use strong algorithms rotate keys encrypt in transit and at rest and protect
key
management.
Cloud encryption in transit and at rest?
+
In-transit encryption protects data during network transfer. At-rest
encryption
protects stored data on disk or database.
Cloud encryption key rotation?
+
Key rotation periodically updates encryption keys to reduce the risk of
compromise.
Cloud endpoint security best practices?
+
Install agents enforce policies monitor behavior and isolate compromised
endpoints.
Cloud endpoint security?
+
Endpoint security protects devices that access cloud resources from malware
breaches
or unauthorized access.
Cloud firewall best practices?
+
Use least privilege segment networks update rules regularly and log traffic.
Cloud firewall?
+
Cloud firewall is a network security service to filter and monitor traffic
to cloud
resources.
Cloud forensic investigation?
+
Cloud forensics investigates breaches or attacks to identify root causes and
affected assets.
Cloud identity federation vs sso?
+
Federation allows using external identities; SSO allows single
authentication across
multiple apps.
Cloud identity federation?
+
Allows users to access multiple cloud services using single identity,
enabling SSO
across providers.
Cloud identity management?
+
Cloud identity management handles user authentication authorization and
lifecycle in
cloud services.
Cloud incident management?
+
Incident management handles security events to minimize impact and prevent
recurrence.
Cloud incident response plan?
+
Plan outlines procedures roles and tools for responding to cloud security
incidents.
Cloud incident response?
+
Incident response is the process of detecting analyzing and mitigating
security
incidents in the cloud.
Cloud key management?
+
Cloud key management creates stores rotates and controls access to
cryptographic
keys.
Cloud key rotation policy?
+
Policy defines frequency and procedure for rotating encryption keys.
Cloud logging and monitoring?
+
Collects audit logs, metrics, and events to detect anomalies, unauthorized
access,
and security breaches.
Cloud logging best practices?
+
Centralize logs enable retention monitor for anomalies and secure log
storage.
Cloud logging retention policy?
+
Defines how long logs are stored and ensures they are archived securely for
compliance.
Cloud logging?
+
Cloud logging records user activity system events and access for auditing
and
monitoring.
Cloud malware protection?
+
Malware protection detects and removes malicious software from cloud
workloads and
endpoints.
Cloud misconfiguration?
+
Misconfiguration occurs when cloud resources are improperly configured
creating
security risks.
Cloud monitoring best practices?
+
Monitor critical assets configure alerts and integrate with SIEM and
incident
response.
Cloud monitoring?
+
Cloud monitoring tracks resource usage performance and security threats in
real
time.
Cloud monitoring?
+
Monitoring tools track performance, security events, and availability,
helping
identify issues proactively.
Cloud multi-factor authentication best practices?
+
Enable MFA for all users use strong methods like TOTP or hardware tokens.
Cloud native ha design?
+
Using redundancy, distributed systems, microservices, and auto-scaling to
achieve
high availability.
Cloud native security?
+
Security designed specifically for cloud services and microservices,
including
containers, Kubernetes, and serverless workloads.
Cloud network monitoring?
+
Network monitoring observes traffic flows detects anomalies and enforces
segmentation.
Cloud network segmentation?
+
Network segmentation isolates cloud workloads to reduce attack surfaces.
Cloud patch management?
+
Patch management updates cloud systems and applications to fix
vulnerabilities.
Cloud patch management?
+
Automated application of security patches to OS, software, and applications
running
in the cloud.
Cloud penetration testing policy?
+
Policy defines rules and approvals required before conducting penetration
tests on
cloud services.
Cloud penetration testing tools?
+
Tools include Kali Linux Metasploit Nmap Burp Suite and cloud
provider-native tools.
Cloud penetration testing?
+
Penetration testing simulates attacks on cloud systems to identify
vulnerabilities.
Cloud penetration testing?
+
Ethical testing to identify vulnerabilities and misconfigurations in cloud
infrastructure.
Cloud role-based access control (rbac)?
+
RBAC assigns permissions based on user roles to enforce least privilege.
Cloud secrets management?
+
Secrets management stores and controls access to sensitive information like
API keys
and passwords.
Cloud secure devops?
+
Secure DevOps integrates security into DevOps processes and CI/CD pipelines.
Cloud secure gateway?
+
Secure gateway controls and monitors access between users and cloud
applications.
Cloud security assessment?
+
Assessment evaluates cloud infrastructure configurations and practices
against
security standards.
Cloud security auditing?
+
Auditing evaluates cloud resources and policies to ensure security and
compliance.
Cloud security automation tools?
+
Tools include AWS Config Azure Security Center GCP Security Command Center
and
Terraform with security checks.
Cloud security automation?
+
Automation uses scripts or tools to enforce security policies and remediate
threats
automatically.
Cloud security automation?
+
Automates security checks, patching, and policy enforcement to reduce human
error
and improve speed.
Cloud security baseline?
+
Security baseline defines standard configurations and controls for cloud
environments.
Cloud security best practices?
+
Enforce IAM encryption monitoring logging patching least privilege and
incident
response.
Cloud security group best practices?
+
Use least privilege separate environments restrict inbound/outbound rules
and
monitor traffic.
Cloud security incident types?
+
Types include data breach misconfiguration account compromise malware
infection and
insider threats.
Cloud security monitoring tools?
+
Tools include AWS GuardDuty Azure Defender GCP Security Command Center and
third-party SIEM.
Cloud security orchestration?
+
Security orchestration automates workflows threat response and remediation
across
cloud systems.
Cloud security policy?
+
Policy defines rules standards and practices to protect cloud resources.
Cloud security posture management (cspm)?
+
CSPM continuously monitors cloud environments to detect misconfigurations
and
compliance risks.
Cloud security posture management (cspm)?
+
CSPM tools continuously monitor misconfigurations, vulnerabilities, and
compliance
risks in cloud environments.
Cloud security?
+
Cloud security is the set of policies technologies and controls designed to
protect
data applications and infrastructure in cloud environments.
Cloud security?
+
Cloud security involves policies, controls, procedures, and technologies
that
protect data, applications, and services in the cloud. It ensures
confidentiality,
integrity, and availability (CIA) of cloud resources.
Cloud siem?
+
Cloud SIEM centralizes log collection analysis alerting and reporting for
security
events.
Cloud threat detection?
+
Threat detection identifies malicious activity or anomalies in cloud
environments.
Cloud threat intelligence?
+
Threat intelligence provides data on current security threats and
vulnerabilities to
enhance cloud defenses.
Cloud threat modeling?
+
Threat modeling identifies potential threats and vulnerabilities in cloud
systems
and designs mitigation strategies.
Cloud threat modeling?
+
Identifying potential threats, vulnerabilities, and mitigation strategies
for cloud
architectures.
Cloud vpn?
+
Cloud VPN securely connects on-premises networks to cloud resources over
encrypted
tunnels.
Cloud vulnerability assessment?
+
It identifies security weaknesses in cloud infrastructure applications and
configurations.
Cloud vulnerability management?
+
Vulnerability management identifies prioritizes and remediates security
weaknesses.
Cloud vulnerability scanning?
+
Scanning detects security flaws in cloud infrastructure applications and
containers.
Cloud workload isolation?
+
Workload isolation separates applications or tenants to prevent lateral
movement of
threats.
Cloud workload protection platform (cwpp)?
+
CWPP provides security for workloads running across cloud VMs containers and
serverless environments.
Cloud-native security?
+
Cloud-native security integrates security controls directly into cloud
applications
and infrastructure.
Common saml attributes?
+
email, firstName, lastName, employeeID.
Compliance in cloud security?
+
Compliance ensures cloud deployments adhere to regulatory standards like
GDPR HIPAA
or PCI DSS.
Compliance monitoring in cloud?
+
Continuous auditing to ensure resources follow regulatory and internal
security
standards.
Conditional access?
+
Policies restricting token issuance based on conditions.
Conditional access?
+
Policy engine controlling access based on conditions.
Confidential client?
+
Client that securely stores secrets (backend server).
Configuration management in cloud security?
+
Configuration management ensures cloud resources are deployed securely and
consistently.
Consent screen?
+
UI shown to user listing requested permissions.
Container security?
+
Container security protects containerized applications and their
orchestration
platforms like Docker and Kubernetes.
Container security?
+
Securing containerized applications using image scanning, runtime
protection, and
least privilege.
Continuous compliance?
+
Automated monitoring of cloud resources to maintain compliance with
regulations like
HIPAA or GDPR.
Cookies relate to sso?
+
SSO often uses session cookies to maintain authenticated sessions across
multiple
apps or domains.
Credential stuffing protection?
+
OIDC frameworks block repeated unsuccessful logins.
Cross-domain sso?
+
SSO across different organizations.
Csrf state parameter?
+
Used to protect against CSRF attacks during authentication.
Custom scopes?
+
App-defined permissions for additional claims.
Data loss prevention (dlp)?
+
DLP prevents unauthorized access sharing or leakage of sensitive cloud data.
Data masking?
+
Hides sensitive data in non-production environments to protect privacy while
allowing application testing.
Ddos protection in cloud?
+
Defends cloud services against Distributed Denial of Service attacks using
mitigation, traffic filtering, and scaling.
Decentralized identity?
+
User-controlled identity using blockchain-based models.
Delegation?
+
Acting on behalf of a user with limited privileges.
Destination mismatch'?
+
Assertion sent to wrong ACS URL.
Device code flow?
+
Used by devices with no browser or limited input.
Device code flow?
+
Authentication for devices without browsers.
Diffbet access token and refresh token?
+
Access tokens are short-lived tokens for resource access. Refresh tokens are
long-lived and used to obtain new access tokens without re-authentication.
Diffbet app registration and enterprise application?
+
App Registration = app identity; Enterprise App = SSO configuration
instance.
Diffbet auth code and auth code + pkce?
+
PKCE adds code verifier & challenge for extra security.
Diffbet authentication and authorization?
+
Authentication verifies identity; authorization defines what resources an
authenticated user can access.
Diffbet authentication and authorization?
+
Authentication verifies identity; authorization verifies permissions.
Diffbet availability zone and region?
+
A Region is a geographical location. An Availability Zone (AZ) is an
isolated data
center within a region providing HA.
Diffbet dr and ha?
+
HA focuses on real-time availability and minimal downtime. DR is about
recovering
after a major failure or disaster, which may involve longer restoration
times.
Diffbet icontentservice and ipublishedcontent?
+
IContentService is used for editing/staging content. IPublishedContent is
for
reading published content efficiently.
Diffbet id_token and access_token?
+
ID token is for authentication; access token is for authorization.
Diffbet oauth 1.0 and 2.0?
+
OAuth 1.0 requires cryptographic signing; OAuth 2.0 uses bearer tokens,
simpler
flow, and supports multiple grant types like Authorization Code and Client
Credentials.
Diffbet oauth and openid connect?
+
OAuth is for authorization; OIDC is an authentication layer on top of OAuth
providing user identity.
Diffbet oauth scopes and claims?
+
Scopes define the permissions requested; claims define attributes about the
user or
session.
Diffbet par and jar?
+
PAR = push request; JAR = sign request.
Diffbet published content and draft content?
+
Draft content is editable but not visible to the public; published content
is live
on the website.
Diffbet saml and jwt?
+
SAML uses XML for identity assertions; JWT uses JSON. JWT is lighter and
easier for
APIs, while SAML is enterprise-oriented.
Diffbet saml and jwt?
+
SAML = XML assertions; JWT = JSON tokens.
Diffbet saml and oauth?
+
SAML is for SSO using XML; OAuth is authorization using JSON/REST.
Diffbet saml and oidc?
+
SAML uses XML and is enterprise-focused; OIDC uses JSON and supports modern
apps.
Diffbet sso and mfa?
+
SSO = one login across apps; MFA = additional security factors during login.
Diffbet sso and oauth?
+
SSO is mainly for authentication across apps. OAuth is for delegated
authorization
without sharing credentials.
Diffbet sso and password sync?
+
SSO shares authentication state; password sync copies passwords across
systems.
Diffbet sso and slo?
+
SSO = login across apps; SLO = logout across apps.
Diffbet stateless and stateful authentication?
+
JWT enables stateless authentication—server does not store session info.
Traditional
sessions are stateful, stored on the server.
Diffbet symmetric and asymmetric encryption?
+
Symmetric uses same key for encryption and decryption. Asymmetric uses
public/private key pairs. Asymmetric is used in secure key exchange.
Diffbet umbraco api controllers and mvc controllers?
+
API controllers return JSON or XML data for apps; MVC controllers render
views/templates.
Discovery document?
+
Well-known configuration endpoint for OIDC.
Discovery important?
+
Allows dynamic configuration of OIDC clients.
Distributed denial-of-service (ddos) protection?
+
DDoS protection mitigates attacks that overwhelm cloud services with
traffic.
Do access tokens depend on scopes?
+
Yes, scopes define API permissions.
Do all protocols support slo?
+
Yes, but implementations vary.
Do all sps support sso?
+
Not always — legacy apps may need custom connectors.
Do browsers impact sso?
+
Yes, privacy modes may block redirects/cookies.
Do not log tokens?
+
Never log access or refresh tokens.
Does adfs support mfa?
+
Yes, with built-in and external providers.
Does adfs support oauth2?
+
Yes, since ADFS 3.0.
Does adfs support saml sso?
+
Yes, as IdP and SP.
Does azure ad support saml?
+
Yes, SAML 2.0 with IdP-initiated and SP-initiated flows.
Does id token depend on scopes?
+
Yes, claims in ID Token depend on scopes.
Does jwt work?
+
Server generates JWT after authentication. Client stores it (usually in
local
storage). Subsequent requests include the token in the Authorization header
for
stateless authentication.
Does oidc support single logout?
+
Yes, through RP-Initiated and Front/Back-channel logout.
Does oidc support sso?
+
Yes, OIDC provides Single Sign-On functionality.
Does okta expose jwks?
+
/oauth2/v1/keys endpoint.
Does okta support password sync?
+
Yes, via provisioning connectors.
Does pingfederate issue jwt tokens?
+
Yes, for access and id tokens.
Does pingfederate support mfa?
+
Yes, via PingID or third-party integrations.
Does pingfederate support pkce?
+
Yes, for public clients.
Does pingfederate support saml sso?
+
Yes, both IdP and SP roles.
Does saml ensure security?
+
Uses XML signatures, encryption, certificates, and timestamps.
Does saml metadata contain?
+
Certificates, endpoints, SSO URLs, entity IDs.
Does saml stand for?
+
Security Assertion Markup Language.
Does saml use tokens?
+
Yes, SAML assertions are XML-based tokens.
Does silent logout mean?
+
Logout without redirecting the user.
Does slo fail?
+
Different implementations or expired sessions.
Does sso break?
+
Wrong certificates, clock skew, misconfigured endpoints.
Does sso enhance security?
+
Reduces password fatigue, centralizes authentication policies, enables MFA,
and
minimizes login-related vulnerabilities.
Does sso help in compliance?
+
Yes, supports SOC2, HIPAA, GDPR requirements.
Does sso improve auditability?
+
Centralized login logs.
Does sso improve security?
+
Reduces password fatigue, phishing risk, and enforces central policies.
Does sso improve security?
+
Centralized authentication and MFA enforcement.
Does sso increase productivity?
+
Yes, no repeated logins.
Does sso reduce attack surface?
+
Yes, fewer passwords and login endpoints.
Does sso reduce helpdesk calls?
+
Reduces password reset requests.
Does sso require accurate time sync?
+
Yes, tokens require clock accuracy.
Does sso require certificate management?
+
Yes, periodic rollover is required.
Does sso work?
+
A centralized identity provider authenticates the user, issues a token or
cookie,
and applications trust this token to grant access.
Domain federation?
+
Configures ADFS or external IdP to authenticate domain users.
Dpop?
+
Demonstration of Proof-of-Possession; prevents token theft misuse.
Dynamic client registration?
+
Allows clients to auto-register at IdP.
Dynamic group?
+
Group with rule-based membership.
Email' scope?
+
Access to user email and email_verified.
Encode saml messages?
+
To ensure safe transport via URLs or POST.
Encrypt sensitive attributes?
+
Highly recommended.
Encryption at rest?
+
Encryption at rest protects stored data using cryptographic techniques.
Encryption errors occur?
+
Incorrect certificate or key mismatch.
Encryption in cloud?
+
Encryption protects data in transit and at rest using algorithms like AES or
RSA. It
prevents unauthorized access to sensitive cloud data.
Encryption in transit?
+
Encryption in transit protects data as it travels over networks between
cloud
services or users.
End_session endpoint?
+
Used for OIDC logout operations.
Endpoint security in cloud?
+
Protects client devices, VMs, and containers from malware, unauthorized
access, and
vulnerabilities.
Enforce mfa?
+
Improves security for sensitive resources.
Enterprise application?
+
Represents an SP configuration used for SSO.
Enterprise sso?
+
SSO for employees using enterprise IdPs.
Entity category?
+
Classification of SP/IdP capabilities.
Entity id?
+
A unique identifier for SP or IdP in SAML.
Example of federation hub?
+
Azure AD, ADFS, Okta, PingFederate.
Exp' claim?
+
Expiration timestamp.
Expired assertion'?
+
Assertion outside NotOnOrAfter time.
Explain auto scaling.
+
Auto Scaling automatically adjusts compute resources based on demand,
improving
availability and cost efficiency.
Explain bastion host.
+
A Bastion host is a secure jump server used to access instances in private
networks.
Explain cloud firewall.
+
Cloud firewalls filter network traffic at the edge or VM level, enforcing
security
rules to prevent unauthorized access.
Explain disaster recovery in cloud.
+
Disaster Recovery (DR) is a set of processes to restore cloud applications
and data
after failures. It involves backups, replication, multi-region deployment,
and
failover strategies.
Failover in cloud?
+
Automatic switching to a redundant system when a primary system fails,
ensuring
service continuity.
Fapi?
+
Financial grade API security profile for OIDC/OAuth2.
Fault tolerance in cloud?
+
Fault tolerance ensures the system continues functioning despite component
failures
using redundancy and failover.
Federated identity?
+
Using external identity providers like Google or Azure AD.
Federation hub?
+
Central IdP connecting multiple SPs.
Federation in azure ad?
+
Using ADFS or external IdPs for authentication.
Federation in sso?
+
Trust relationship enabling cross-domain authentication.
Federation metadata?
+
Configuration XML exchanged between IdP and SP.
Federation?
+
Trust between identity providers and service providers.
Fine-grained authorization?
+
Scoped permissions down to resource-level.
Flow is best for iot devices?
+
Device Code flow.
Flow is best for machine-to-machine?
+
Client Credentials.
Flow is best for mobile?
+
Authorization Code with PKCE.
Flow is best for spas?
+
Authorization Code with PKCE (Implicit avoided).
Flow is more secure?
+
SP-initiated, due to request ID validation.
Flow should spas use?
+
Authorization Code Flow with PKCE.
Flow supports refresh tokens?
+
Authorization Code Flow and Hybrid Flow.
Flow supports sso?
+
Authorization Code or Hybrid flow via OIDC.
Flows does azure ad support?
+
Auth Code, PKCE, Client Credentials, Device Code, ROPC.
Format are oauth tokens?
+
Typically JWT or opaque tokens.
Format does oidc use?
+
JSON, REST APIs, and JWT tokens.
Formats can access tokens use?
+
JWT or opaque format.
Formats can id tokens use?
+
Always JWT.
Frontchannel logout?
+
Logout performed via the browser using redirects.
Front-channel logout?
+
Logout via browser redirects.
Front-channel logout?
+
Browser-based logout using redirects.
Front-channel slo?
+
Uses browser redirects for logout.
Global logout?
+
Logout from entire identity federation.
Grant type
+
Defines how the client collects and exchanges access tokens.
Graph api?
+
API to manage users, groups, and apps.
Happens if idp is down during slo?
+
SPs may not logout properly.
Haproxy in cloud?
+
HAProxy is a load balancer and proxy server that supports high availability
and
failover.
High availability (ha) in cloud?
+
HA ensures that cloud services remain accessible with minimal downtime. It
uses
redundancy, failover mechanisms, and load balancing to maintain continuous
operations.
Home realm discovery?
+
Identifies which IdP user belongs to.
Home realm discovery?
+
Choosing correct IdP based on the user.
Http artifact binding?
+
Message reference is sent, not entire assertion.
Http post binding?
+
SAML message sent through an HTML form post.
Http redirect binding?
+
SAML message is sent via URL query string.
Https requirement?
+
OAuth 2.0 must use HTTPS for all communication.
Hybrid cloud security?
+
Hybrid cloud security protects workloads and data across on-premises and
cloud
environments.
Hybrid flow?
+
Combination of implicit + authorization code (OIDC).
Hybrid flow?
+
Combination of Implicit and Authorization Code flows.
Iam in cloud security?
+
Identity and Access Management controls who can access cloud resources and
what
actions they can perform.
Iam in cloud security?
+
Identity and Access Management controls who can access cloud resources and
what they
can do. It includes authentication, authorization, roles, policies, and MFA.
Iat' claim?
+
Issued-at timestamp.
Id token signature?
+
Verifies integrity and authenticity.
Id token?
+
JWT token containing authentication details.
Id token?
+
A JWT containing identity information about the user.
Id_token?
+
OIDC token containing user identity claims.
Id_token_hint?
+
Hint for logout identifying user's ID Token.
Identifier (entity id)?
+
SP unique identifier configured in Azure AD.
Identity brokering?
+
IdP sits between user and multiple IdPs.
Identity federation?
+
Identity federation allows users to access multiple cloud services using a
single
identity.
Identity federation?
+
A trust relationship allowing different systems to share authentication.
Identity hub?
+
A centralized identity broker connecting many IdPs.
Identity protection?
+
Detects risky logins and risky users.
Identity provider (idp)?
+
An IdP is a trusted service that authenticates users and issues tokens or
assertions
for SSO.
Identity provider (idp)?
+
Authenticates users and issues claims.
Identity provider (idp)?
+
A service that authenticates a user and issues SAML assertions.
Identity token validation?
+
Ensuring token signature, audience, and issuer are correct.
Idp discovery?
+
Selecting the correct identity provider for login.
Idp federation?
+
One IdP authenticates users for many SPs.
Idp in sso?
+
Identity Provider — authenticates the user.
Idp metadata url?
+
URL where SP fetches IdP metadata.
Idp proxying?
+
IdP acting as intermediary between user and another IdP.
Idp?
+
System that authenticates users and issues tokens/assertions.
Idp-initiated sso?
+
Login initiated from Identity Provider.
Idp-initiated sso?
+
User starts login at the Identity Provider.
Immutable infrastructure?
+
Infrastructure that is never modified after deployment, only replaced. It
ensures
consistency and security.
Impersonation?
+
User acting as another identity — dangerous and restricted.
Implicit flow deprecated?
+
Exposes tokens to browser and insecure environments.
Implicit flow deprecated?
+
Less secure, exposes tokens in browser URL.
Implicit flow?
+
Legacy browser-based flow without backend; not recommended.
Implicit flow?
+
Old flow that returns tokens via browser fragments.
Implicit grant flow?
+
OAuth 2.0 flow for client-side apps where tokens are returned directly
without
client secret.
Implicit vs code flow?
+
Code Flow more secure; Implicit deprecated.
Incremental consent?
+
Requesting only partial permissions at first.
Inresponseto attribute?
+
Links the response to the matching AuthnRequest.
Inresponseto missing'?
+
IdP did not include request ID; insecure for SP-initiated.
Introspection endpoint?
+
Used to validate opaque access tokens.
Intrusion detection and prevention (ids/ips)?
+
IDS/IPS monitors network traffic for malicious activity, raising alerts or
blocking
threats.
Intrusion detection system (ids)?
+
IDS monitors cloud traffic for malicious activity or policy violations.
Intrusion prevention system (ips)?
+
IPS not only detects but also blocks malicious traffic in real time.
Invalid signature' error?
+
Assertion signature mismatch or wrong certificate.
Is jwt used in microservices?
+
JWT allows secure stateless communication between microservices, with each
service
verifying the token without a central session store.
Is jwt verified?
+
Server uses the secret or public key to verify the token’s signature and
validity,
ensuring it was issued by a trusted source.
Is more reliable — front or back channel?
+
Back-channel, because it avoids browser issues.
Is oauth 2.0 for authentication?
+
Not by design; it's for authorization. OIDC adds authentication.
Is oauth 2.0 stateful or stateless?
+
Can be either, depending on token type and architecture.
Is oidc authentication or authorization?
+
OIDC is authentication; OAuth2 is authorization.
Is oidc stateless or stateful?
+
Stateless — relies on JWT tokens.
Is oidc suitable for mobile apps?
+
Yes, highly optimized for mobile clients.
Is saml used for authentication or authorization?
+
Primarily authentication; asserts user identity to SP.
Is sso a single point of failure?
+
Yes, if IdP is down, login for all apps fails.
Is sso for authentication or authorization?
+
SSO is primarily for authentication.
Is sso latency-prone?
+
Yes, due to redirects and token validation.
Is token expiry handled in oauth?
+
Access tokens have a short TTL; refresh tokens are used to request a new
access
token without user interaction.
Iss' claim?
+
Issuer identifier.
Issuer claim?
+
Identifies authorization server that issued the token.
Issuer mismatch'?
+
Incorrect IdP entity ID used.
Jar (jwt authorization request)?
+
Authorization request packaged as signed JWT.
Jarm?
+
JWT-secured Authorization Response Mode — adds signing to auth responses.
Just-in-time provisioning?
+
Provision user accounts at login time.
Just-in-time provisioning?
+
User is created automatically during login.
Jwks endpoint?
+
JSON Web Key Set for token verification keys.
Jwks uri?
+
Endpoint serving public keys for validating tokens.
Jwks?
+
JSON Web Key Set for validating tokens.
Jwt header?
+
Header specifies the signing algorithm (e.g., HS256) and token type (JWT).
Jwt kid field?
+
Key ID to identify which signing key to use.
Jwt payload?
+
The payload contains claims, which are statements about the user or session
(e.g.,
user ID, roles, expiration).
Jwt signature?
+
The signature ensures the token’s integrity. It is generated using a secret
(HMAC)
or private key (RSA/ECDSA).
Jwt signature?
+
Cryptographic signature verifying authenticity.
Jwt token?
+
Self-contained token with claims.
Jwt?
+
JSON Web Token (JWT) is a compact, URL-safe token format used to securely
transmit
claims between parties. It includes a header, payload, and signature.
Jwt?
+
JSON Web Token — compact, signed token.
Kerberos?
+
Network authentication protocol used in Windows SSO.
Key components of cloud security?
+
Key components include identity and access management (IAM) data protection
network
security monitoring and compliance.
Key management service (kms)?
+
KMS is a cloud service for creating managing and controlling encryption keys
securely.
Key management service (kms)?
+
KMS securely creates, stores, and rotates encryption keys for cloud
resources.
Kubernetes role in ha?
+
Kubernetes provides HA by managing pods across multiple nodes, self-healing,
and
load balancing.
Limit attribute sharing?
+
Minimize data to reduce privacy risk.
Limit scopes?
+
Yes, always follow least privilege.
Load balancer?
+
A load balancer distributes incoming traffic across multiple servers to
ensure high
availability and performance.
Logging & auditing in cloud security?
+
Captures user actions and system events to detect breaches, analyze
incidents, and
meet compliance.
Logout method is most reliable?
+
Back-channel logout.
Main cloud security challenges?
+
Challenges include data breaches insecure APIs misconfigured cloud services
insider
threats and compliance issues.
Main types of cloud security?
+
Includes Data Security, Network Security, Identity & Access Management
(IAM),
Application Security, and Endpoint Security. It protects cloud workloads
from
breaches and vulnerabilities.
Metadata important?
+
Ensures both IdP and SP trust each other and understand endpoints.
Metadata signature?
+
Indicates authenticity of metadata file.
Mfa in oauth?
+
Additional step enforced by authorization server.
Microsegmentation in cloud security?
+
Divides networks into smaller segments to isolate workloads and minimize
lateral
attack movement.
Microsoft graph permissions?
+
Scopes that define what an app can access.
Monitor saml logs?
+
Detects anomalies and attacks.
Mtls in oauth?
+
Mutual TLS binding tokens to client certificates.
Multi-cloud security?
+
Multi-cloud security manages security consistently across multiple cloud
providers.
Multi-factor authentication (mfa)?
+
MFA requires multiple forms of verification to access cloud resources
enhancing
security.
Multi-factor authentication (mfa)?
+
MFA requires two or more verification methods to access cloud resources,
enhancing
security beyond passwords.
Multi-federation?
+
Multiple IdPs serving different user groups.
Multi-region deployment?
+
Deploying resources in multiple regions improves disaster recovery,
redundancy, and
availability.
Multi-tenant app?
+
App serving multiple organizations with separate identities.
Multi-tenant identity?
+
Multiple tenants share identity infrastructure.
Nameid formats?
+
EmailAddress, Persistent, Transient, Unspecified.
Nameid?
+
Unique identifier for the user in SAML.
Nameidmapping?
+
Mapping NameIDs between IdP and SP.
Network acl?
+
Network ACL is a stateless firewall used to control traffic at the subnet
level.
Network acl?
+
A Network Access Control List controls traffic at the subnet level. It
provides an
additional layer beyond security groups.
Nonce' claim?
+
Used to prevent replay attacks.
Nonce used for?
+
To prevent replay attacks.
Nonce used for?
+
Prevents replay attacks.
Nonce?
+
Unique value used in ID token to prevent replay.
Not to store tokens?
+
LocalStorage or unencrypted browser memory.
Notbefore claim?
+
Defines earliest time the assertion is valid.
Notonorafter claim?
+
Expiration time of assertion.
Oauth 2
+
OAuth 2 is an open authorization framework enabling secure access delegation
without
sharing passwords.
Oauth 2.0 grant types?
+
Auth Code, PKCE, Client Credentials, Password, Implicit, Device Code.
Oauth 2.0?
+
An authorization framework allowing third-party apps to access user
resources
without sharing passwords.
Oauth 2.1?
+
A simplification removing implicit and ROPC flows; PKCE required.
Oauth backchannel logout?
+
Mechanism to notify apps of user logout.
Oauth device flow?
+
Auth flow for devices without browsers.
Oauth grant types?
+
Common grant types: Authorization Code, Implicit, Password Credentials,
Client
Credentials. They define how clients obtain access tokens.
Oauth introspection endpoint?
+
API to check token validity for opaque tokens.
Oauth revocation endpoint?
+
API to revoke access or refresh tokens.
Oauth?
+
OAuth is an open-standard authorization protocol that allows third-party
apps to
access user resources without sharing credentials. It issues access tokens
to grant
limited access to resources.
Oauth2 used for?
+
Authorization, not authentication.
Oauth2 with sso integration?
+
OAuth2 with SSO enables a single login using OAuth’s token-based
authorization to
access multiple protected services.
Oidc claims?
+
Statements about a user (e.g., email, name).
Oidc created?
+
To enable secure user authentication using modern JSON/REST technology.
Oidc discovery document?
+
Well-known configuration containing endpoints and metadata.
Oidc federation?
+
Uses OIDC for federated identity.
Oidc flow is best for spas?
+
Auth Code Flow with PKCE.
Oidc in apple sign-in?
+
Apple Sign-In is based on OIDC standards.
Oidc in auth0?
+
Auth0 fully supports OIDC flows and JWT issuance.
Oidc in aws cognito?
+
Cognito provides OIDC-based hosted UI flows.
Oidc in azure ad?
+
Azure AD supports OIDC with Microsoft Identity platform.
Oidc in fusionauth?
+
FusionAuth supports OIDC, MFA, and OAuth2 flows.
Oidc in google identity?
+
Google uses OIDC for all user authentication.
Oidc in keycloak?
+
Keycloak is an open-source IdP supporting OIDC.
Oidc in okta?
+
Okta provides custom and default OIDC authorization servers.
Oidc in pingfederate?
+
PingFederate supports OIDC with OAuth AS extensions.
Oidc in salesforce?
+
Salesforce acts as an OIDC provider for SSO.
Oidc in sso?
+
OAuth2-based identity layer issuing ID tokens.
Oidc preferred over saml?
+
Lightweight JSON tokens, mobile-ready, modern architecture.
Oidc scopes?
+
Permissions for claims in ID Token/UserInfo.
Oidc vs api keys?
+
OIDC is secure and user-based; API keys are static secrets.
Oidc vs basic auth?
+
OIDC uses token-based modern auth; Basic Auth sends credentials each time.
Oidc vs jwt?
+
OIDC uses JWT; JWT is a token format, not a protocol.
Oidc vs kerberos?
+
OIDC = web/mobile; Kerberos = internal network protocol.
Oidc vs oauth device flow?
+
OIDC is for login; Device Flow is for non-browser devices.
Oidc vs oauth2?
+
OIDC adds authentication; OAuth2 only handles authorization.
Oidc vs password auth?
+
OIDC uses tokens; password auth uses credentials directly.
Oidc vs saml?
+
OIDC uses JSON/REST; SAML uses XML. OIDC suits mobile and modern apps.
Oidc vs ws-fed?
+
OIDC is modern JSON-based; WS-Fed is legacy Microsoft protocol.
Oidc?
+
OpenID Connect is an identity layer built on top of OAuth 2.0 to
authenticate users.
Okta api token?
+
Token used for administrative API calls.
Okta app integration?
+
Application configuration for SSO.
Okta asa?
+
Advanced Server Access for SSH/RDP identity access.
Okta authentication api?
+
REST API for user authentication and token issuance.
Okta authorization server?
+
Custom OAuth server controlling token issuance.
Okta identity engine?
+
New adaptive authentication platform.
Okta idp discovery?
+
Chooses correct IdP based on user attributes.
Okta inline hook?
+
Extend Okta flows with external logic.
Okta mfa?
+
Multi-step authentication including SMS, Push, TOTP.
Okta org?
+
Dedicated Okta tenant for an organization.
Okta risk-based authentication?
+
Dynamically challenges or blocks based on risk.
Okta sign-on policy?
+
Rules defining how users authenticate to applications.
Okta system log?
+
Audit log for events and authentication attempts.
Okta universal directory?
+
Directory service storing users, groups, and attributes.
Okta verify?
+
Mobile authenticator for push and TOTP.
Okta vs adfs?
+
Okta = cloud SaaS; ADFS = on-prem with heavy infrastructure.
Okta vs pingfederate?
+
Okta = cloud-first; Ping = enterprise customizable federation.
Okta workflow?
+
Automation engine for identity tasks.
Okta?
+
Identity platform supporting SAML SSO.
Okta?
+
Identity and access management provider for cloud applications.
Opaque token?
+
Token that requires introspection to validate.
Openid connect (oidc)?
+
OIDC is an identity layer on top of OAuth 2.0 for authentication, returning
an ID
token that provides user identity info.
Openid' scope?
+
Mandatory scope to enable OIDC.
Par (pushed authorization request)?
+
Client sends authorization details via a secure POST before redirect.
Par (pushed authorization requests)?
+
Securely sends auth request to IdP before redirect — prevents tampering.
Partial logout?
+
Only some apps logout.
Password credentials grant
+
User provides username/password directly to client; now discouraged due to
security
risks.
Password vaulting sso?
+
SSO by storing and auto-filling credentials.
Passwordless sso?
+
SSO without passwords using FIDO2/WebAuthn.
Persistent nameid?
+
Long-lived identifier for a user.
Phone' scope?
+
Access to phone and phone_verified.
Pingdirectory?
+
Directory used with PingFederate for user management.
Pingfederate authentication policy?
+
Controls how authentication decisions are made.
Pingfederate connection?
+
Configuration linking SP and IdP.
Pingfederate console?
+
Admin dashboard for configuration.
Pingfederate idp adapter?
+
Plugin to authenticate users (LDAP, Kerberos etc).
Pingfederate oauth as?
+
Acts as authorization server issuing tokens.
Pingfederate vs adfs?
+
Ping = more flexible; ADFS = Microsoft ecosystem-focused.
Pingfederate?
+
Enterprise IdP/SP platform supporting SAML.
Pingfederate?
+
Enterprise federation server for SSO and identity integration.
Pingone?
+
Cloud identity solution integrating with PingFederate.
Pkce extension?
+
Proof Key for Code Exchange — protects public clients.
Pkce introduced?
+
To prevent authorization code interception attacks.
Pkce?
+
Proof Key for Code Exchange; improves security for public clients.
Pkce?
+
Enhances OAuth2 security for public clients.
Policy contract?
+
Defines attributes shared with SP/IdP.
Post_logout_redirect_uri?
+
URL where user is redirected after logout.
Principle of least privilege?
+
Users are granted only the permissions necessary to perform their job
functions.
Privileged identity management?
+
Controls and audits privileged roles.
Problem does oauth 2.0 solve?
+
It enables secure delegated access using tokens instead of credentials.
Profile' scope?
+
Access to basic user attributes.
Prohibited in oidc?
+
Tokens through URL (except legacy implicit flow).
Proof-of-possession?
+
Tokens tied to a key so only holder with key can use them.
Protocol does azure ad support?
+
OIDC, OAuth2, SAML2, WS-Fed.
Protocol format does saml use?
+
XML.
Protocol is best for mobile apps?
+
OIDC and OAuth2.
Protocol is best for web apps?
+
SAML2 for enterprises, OIDC for modern apps.
Protocol uses json/jwt?
+
OIDC.
Protocol uses xml?
+
SAML2.
Protocols does adfs support?
+
SAML, WS-Fed, OAuth2, OIDC.
Protocols does okta support?
+
OIDC, OAuth2, SAML2, SCIM.
Protocols does pingfederate support?
+
OIDC, OAuth2, SAML2, WS-Trust.
Protocols support sso?
+
SAML2, OIDC, OAuth2, WS-Fed, Kerberos.
Public client?
+
Cannot securely store secrets — e.g., mobile, SPAs.
Public client?
+
Client without a secure place to store secrets (SPA, mobile app).
Rate limiting in cloud security?
+
Limits the number of requests to APIs or services to prevent abuse and DDoS
attacks.
Recipient attribute?
+
SP endpoint expected to receive the assertion.
Redirect uri?
+
Endpoint where authorization server sends tokens or codes.
Redirect_uri?
+
URL where tokens/codes are sent after login.
Redundancy in ha?
+
Duplication of critical components to avoid single points of failure, e.g.,
multiple
servers, networks, or databases.
Refresh token flow?
+
Used to obtain new access tokens silently.
Refresh token grace period?
+
Allows old token to work briefly during rotation.
Refresh token lifetime?
+
Can be days to months based on policy.
Refresh token rotation?
+
Each refresh returns a new token; old one invalidated.
Refresh token?
+
A long-lived token used to obtain new access tokens.
Refresh token?
+
Used to get new access tokens without re-login.
Refresh token?
+
A long-lived token used to get new access tokens.
Refresh tokens long lived?
+
To enable new access tokens without user interaction.
Registration endpoint?
+
Dynamic client registration.
Relationship between oauth2 and oidc?
+
OIDC extends OAuth2 by adding identity features.
Relaystate?
+
State parameter passed between SP and IdP to maintain context.
Relaystate?
+
Parameter that preserves return URL or context.
Relying party trust?
+
Configuration for apps that rely on ADFS for authentication.
Replay attack?
+
Reusing captured tokens.
Replay detected'?
+
Assertion already used before.
Reply/acs url?
+
Endpoint where Azure AD posts SAML responses.
Resource owner password grant (ropc)?
+
User sends username/password directly; insecure and deprecated.
Resource owner?
+
The user or entity owning the protected resource.
Resource server responsibility?
+
Validate tokens and expose APIs.
Resource server?
+
The API hosting the protected resources.
Response_mode?
+
Defines how tokens are returned (query, form_post, fragment).
Response_type?
+
Defines which tokens are returned (code, id_token, token).
Restrict redirect_uri?
+
Prevents token leakage to malicious URLs.
Risk-based authentication?
+
Adaptive authentication based on context.
Risk-based sso?
+
Challenges based on user risk profile.
Ropc flow?
+
Resource Owner Password Credentials — now discouraged.
Ropc used?
+
Legacy or highly trusted systems; not recommended.
Rotate certificates periodically?
+
Prevents long-term compromises.
Rotate secrets regularly?
+
Client secrets should be rotated periodically.
Rp-initiated logout?
+
Client logs the user out at IdP.
Rpo and rto?
+
RPO (Recovery Point Objective): max data loss allowed, RTO (Recovery Time
Objective): max downtime allowed during recovery
Saml 2.0?
+
A standard for exchanging authentication and authorization data using
XML-based
security assertions.
Saml attribute query?
+
SP querying user attributes via SOAP.
Saml authentication flow?
+
SP sends AuthnRequest → IdP authenticates → IdP sends assertion → SP
validates →
user logged in.
Saml binding?
+
Defines how SAML messages are transported over HTTP.
Saml federation?
+
Allows authentication across organizations.
Saml federation?
+
Establishes trust using SAML metadata.
Saml flow is more secure?
+
SP-initiated SSO due to request ID matching.
Saml in sso?
+
XML-based single sign-on protocol used in enterprises.
Saml is not good for mobile?
+
XML processing is heavy and not designed for mobile flows.
Saml logoutrequest?
+
Request to initiate logout across IdP and SP.
Saml metadata?
+
XML document describing IdP and SP configuration.
Saml profile?
+
Defines use cases like Web SSO, SLO, IdP proxying.
Saml response?
+
XML message containing the SAML assertion.
Saml response?
+
IdP's message containing user identity.
Saml single logout (slo)?
+
Logout from one system logs the user out of all SAML-connected systems.
Saml still used?
+
Strong enterprise adoption and compatibility with legacy systems.
Saml strength?
+
Federated SSO, enterprise security.
Saml weakness?
+
Complexity, XML overhead, slower than OIDC.
Saml?
+
Security Assertion Markup Language (SAML) is an XML-based standard for
exchanging
authentication and authorization data between an identity provider and
service
provider.
Scim provisioning in okta?
+
Automatic user account creation/deletion in apps.
Scim provisioning?
+
Automatic provisioning of users to cloud apps.
Scim?
+
Protocol for automated user provisioning.
Scim?
+
Automated user provisioning for SSO apps.
Scope restriction?
+
Limit token permissions to least privilege.
Scope?
+
Defines the level of access requested by the client.
Seamless sso?
+
Automatically signs in users on corporate devices.
Secrets management?
+
Securely stores and manages API keys, passwords, and certificates used by
cloud apps
and containers.
Security automation with devsecops?
+
Integrating security in CI/CD pipelines to automate scanning, testing, and
policy
enforcement during development.
Security context?
+
Session stored after validating assertion.
Security group vs network acl?
+
Security group is stateful; network ACL is stateless and applies at subnet
level.
Security group?
+
Security Groups act as virtual firewalls in cloud environments to control
inbound
and outbound traffic for VMs and containers.
Security groups in cloud?
+
Security groups act as virtual firewalls controlling inbound and outbound
traffic to
cloud resources.
Security information and event management (siem)?
+
SIEM collects analyzes and reports on security events across cloud
environments.
Security information and event management (siem)?
+
SIEM collects and analyzes logs in real-time to detect, alert, and respond
to
security threats.
Separate auth and resource servers?
+
Improves security and scales better.
Serverless security?
+
Serverless security addresses vulnerabilities in functions-as-a-service
(FaaS) and
managed backend services.
Serverless security?
+
Securing FaaS (Functions as a Service) involves identity policies, least
privilege
access, and monitoring event triggers.
Service provider (sp)?
+
SP is the application that relies on IdP for authentication and trusts the
IdP’s
tokens or assertions.
Service provider (sp)?
+
Relies on IdP for authentication.
Service provider (sp)?
+
An application that consumes SAML assertions and grants access.
Session endpoint?
+
Endpoint for session management.
Session federation?
+
Sharing session state across domains.
Session hijacking?
+
Stealing a valid session to impersonate a user.
Session in sso?
+
Stored authentication state allowing continuous access.
Session token vs id token?
+
Session = internal system token; ID token = external identity token.
Session_state?
+
Identifier for user session at IdP.
Shared responsibility model in aws?
+
AWS secures the cloud infrastructure; customers secure their data
applications and
configurations.
Shared responsibility model in azure?
+
Azure secures physical data centers; customers manage applications data and
identity.
Shared responsibility model in gcp?
+
GCP secures the infrastructure; customers secure workloads data and user
access.
Shared responsibility model?
+
It defines which security responsibilities belong to the cloud provider and
which to
the customer.
Should assertions be encrypted?
+
Yes, especially for sensitive data.
Should tokens be short-lived?
+
Reduces impact of compromise.
Signature validation?
+
Checks if signed by trusted IdP.
Signature verification fails?
+
Wrong certificate or XML manipulation.
Silent authentication?
+
Refreshes tokens without user interaction.
Single federation?
+
Using one IdP across multiple apps.
Single logout?
+
Logout from one app logs out from all federated apps.
Single sign-on (sso)?
+
SSO enables users to log in once and access multiple cloud applications
without
re-authentication.
Sla in cloud?
+
Service Level Agreement defines uptime guarantees, availability, and
performance
metrics with providers.
Slo is more reliable?
+
Back-channel — avoids browser failures.
Slo may fail?
+
SPs may ignore logout request or session mismatch.
Slo unreliable?
+
Different SP implementations and browser constraints.
Slo?
+
Single Logout — logs user out from all apps.
Slo?
+
Single Logout across all federated apps.
Sni support in adfs?
+
Allows multiple SSL certs on same host.
Soap binding?
+
Used for back-channel communication like logout.
Sp adapter?
+
Adapter to authenticate SP requests.
Sp federation?
+
One SP trusts multiple IdPs.
Sp in sso?
+
Service Provider — application consuming the identity.
Sp metadata url?
+
URL where IdP fetches SP metadata.
Sp?
+
Application that uses IdP authentication.
Sp-initiated sso?
+
Login initiated from Service Provider.
Sp-initiated sso?
+
User starts login at the Service Provider.
Ssl/tls in cloud?
+
SSL/TLS encrypts data in transit, ensuring secure communication between
clients and
cloud services.
Sso connector?
+
Pre-integrated SSO configuration for apps.
Sso improves identity governance?
+
Yes, ensures consistent user lifecycle management.
Sso in saml?
+
Single Sign-On enabling users to access multiple apps with one login.
Sso needed?
+
It improves user experience and security by eliminating repeated logins.
Sso provider?
+
A platform offering authentication and federation services.
Sso setup complex?
+
Requires certificates, metadata, mappings, and trust configuration.
Sso url?
+
Identity Provider endpoint that handles authentication requests.
Sso with adfs?
+
Supports SAML and WS-Fed for on-prem identity.
Sso with azure ad?
+
Uses SAML, OIDC, OAuth, and Conditional Access.
Sso with okta?
+
Supports SAML, OIDC, SCIM, and rich policy controls.
Sso with pingfederate?
+
Enterprise SSO with SAML, OAuth, and adaptive auth.
Sso?
+
SSO allows users to log in once and access multiple applications without
re-entering
credentials. It improves UX and security.
Sso?
+
Single sign-on allowing one login for multiple apps.
Sso?
+
Single Sign-On enabling access to multiple apps after one login.
Sso?
+
Single Sign-On allows a user to log in once and access multiple systems
without
logging in again.
State parameter?
+
Protects against CSRF attacks.
State parameter?
+
Protects against CSRF attacks.
Step-up authentication?
+
Requesting stronger authentication mid-session.
Sts?
+
Security Token Service issuing tokens.
Sub' claim?
+
Subject — unique identifier of the user.
Subjectconfirmationdata?
+
Contains conditions like recipient and expiration.
Surface controllers?
+
Surface controllers handle form submissions and page interactions in MVC
views for
Umbraco sites.
Tenant in azure ad?
+
A dedicated Azure AD instance for an organization.
Test slo compatibility?
+
Different SPs/IdPs implement SLO inconsistently.
Tls required for oidc?
+
Prevents token interception.
To check adfs logs?
+
Use Event Viewer under ADFS Admin logs.
To export metadata?
+
Access /FederationMetadata/2007-06/FederationMetadata.xml.
To extend umbraco functionality?
+
Use custom controllers, property editors, surface controllers, or packages.
To handle jwt expiration?
+
Use short-lived access tokens and refresh tokens to renew them without
re-authentication.
To implement role-based authorization with jwt?
+
Include roles in JWT claims and validate in the application to allow/deny
access to
resources.
To implement sso with umbraco?
+
Integrate with SAML/OIDC provider; configure Umbraco to trust the IdP,
enabling
centralized authentication.
To integrate oauth with umbraco?
+
Use OAuth packages or middleware to enable login with third-party providers.
Tokens
are verified in the Umbraco back-office.
To integrate oauth/jwt in angular or react with
umbraco
backend?
+
Frontend requests token via OAuth flow; backend validates JWT before serving
content
or API data.
To prevent replay attacks?
+
Use PoP tokens or nonce/PKCE mechanisms.
To prevent replay attacks?
+
Use timestamps, one-time use, and session validation.
To prevent replay attacks?
+
Use timestamps, nonce, and audience restrictions.
To prevent session hijacking?
+
Use secure cookies, TLS, and short sessions.
To prevent token hijacking?
+
Use HTTPS, short-lived tokens, PKCE, and secure storage.
To refresh jwt tokens?
+
Use refresh tokens to request a new access token without re-authentication.
Implement server-side validation for security.
To revoke jwt tokens?
+
Maintain a blacklist or short-lived tokens; revoke by invalidating refresh
tokens.
To secure microservices with jwt?
+
Each microservice validates the token signature, expiry, and claims,
ensuring
stateless and secure access.
To secure umbraco back-office?
+
Enable HTTPS, enforce strong passwords, MFA, and assign roles/permissions to
users.
To store access tokens?
+
Secure storage: keychain, secure enclave, or encrypted storage.
To update token-signing certificates?
+
Auto-rollover or manual certificate update.
Token accesses apis?
+
Access Token.
Token binding?
+
Binding tokens to TLS keys; prevents misuse.
Token binding?
+
Binds tokens to client to prevent misuse.
Token chaining?
+
Passing tokens between multiple services.
Token decryption certificate?
+
Certificate used to decrypt incoming tokens.
Token encryption?
+
Encrypts token contents for confidentiality.
Token endpoint?
+
Used to exchange authorization code for tokens.
Token exchange?
+
Exchange one token for another with different scopes.
Token exchange?
+
Exchanging one token for another under OIDC/OAuth2.
Token expiration?
+
Tokens expire after a predefined time to limit misuse.
Token expiration?
+
Tokens become invalid after time limit.
Token formats does okta issue?
+
JWT-based ID, access, refresh tokens.
Token hashing?
+
Hashing codes or values to prevent leakage.
Token hashing?
+
Hash embedded in ID Token to confirm token integrity.
Token hijacking?
+
Stealing tokens to impersonate users.
Token introspection?
+
Endpoint to check token validity.
Token introspection?
+
Checks validity of OAuth access tokens.
Token introspection?
+
Endpoint used to validate opaque tokens.
Token lifetime policy?
+
Rules controlling validity of issued tokens.
Token proves authentication?
+
ID Token.
Token renewal?
+
Extending session without login.
Token replay attack?
+
Attacker reuses a captured token to gain access.
Token replay attack?
+
Reusing a stolen assertion to impersonate a user.
Token revocation?
+
Invalidating a token before it expires.
Token revocation?
+
Endpoint to revoke refresh or access tokens.
Token scope?
+
Permissions embedded in the token.
Token signing certificate?
+
Certificate used to sign SAML assertions.
Token signing key?
+
Key used to sign JWT tokens.
Token signing?
+
Cryptographically signing tokens to prevent tampering.
Token types adfs issues?
+
SAML tokens, JWT tokens in OAuth/OIDC.
Token types does azure ad issue?
+
Access token, ID token, Refresh token.
Tokenization?
+
Tokenization replaces sensitive data with unique identifiers (tokens) to
reduce
exposure.
Transient nameid?
+
Short-lived identifier used once per session.
Transport does saml commonly use?
+
HTTP Redirect, HTTP POST, HTTP Artifact.
Trust establishment?
+
Exchange of metadata and certificates.
Types of grants
+
Authorization Code, Client Credentials, Password Credentials, Refresh Token,
and
Implicit (deprecated).
Types of groups exist?
+
Directory groups, imported groups, application groups.
Types of oidc clients?
+
Public and confidential clients.
Types of pingfederate connections?
+
SP connections, IdP connections.
Types of saml assertions?
+
Authentication, Authorization Decision, Attribute.
Types of slo?
+
Front-channel and back-channel.
Types of sso does azure ad support?
+
SAML, OIDC, OAuth, Password-based SSO.
Types of sso does okta support?
+
SAML, OIDC, password vaulting.
Umbraco content service?
+
Content Service API allows CRUD operations on content nodes
programmatically.
Unsolicited response?
+
IdP-initiated response not tied to AuthnRequest.
Url of oidc discovery?
+
/.well-known/openid-configuration.
Use artifact binding?
+
More secure, avoids sending assertion through browser.
Use https always?
+
Yes, required for OAuth to avoid token leakage.
Use https everywhere?
+
Required for secure SAML transmission.
Use https in sso?
+
Protects token transport.
Use ip restrictions?
+
Adds another protection layer.
Use long-lived refresh tokens?
+
Only with rotation and revocation.
Use oidc over saml?
+
For mobile, SPAs, APIs, and modern cloud systems.
Use pkce for public clients?
+
Always.
Use rate limiting?
+
Avoid abuse of authorization endpoints.
Use refresh token rotation?
+
Prevents stolen refresh tokens from being reused.
Use saml over oidc?
+
For enterprise SSO with legacy systems.
Use secure token storage?
+
Use OS-protected key stores.
Use short assertion lifetimes?
+
Mitigates replay risk.
Use short-lived access tokens?
+
Recommended for security and performance.
Use transient nameid?
+
Enhances privacy by avoiding long-term IDs.
Userinfo endpoint?
+
Returns user profile attributes.
Userinfo signature?
+
Signed UserInfo responses for extra security.
Validate audience restrictions?
+
Ensures assertion is meant for the SP.
Validate audience?
+
Ensures token is intended for the client.
Validate expiration?
+
Prevents using expired tokens.
Validate issuer and audience?
+
Must be validated on every API call.
Validate issuer?
+
Ensures token is from trusted identity provider.
Validate redirect uris?
+
Required to prevent redirects to malicious sites.
Validate timestamps?
+
Prevents replay attacks.
Virtual private cloud (vpc)?
+
VPC is an isolated cloud network with controlled access to resources.
Virtual private cloud (vpc)?
+
A VPC isolates cloud resources in a private network, controlling routing,
subnets,
and security policies.
Wap pre-authentication?
+
Validates user before forwarding to backend server.
X.509 certificate used for in saml?
+
To sign and encrypt assertions.
Xml encryption?
+
Encrypts assertion contents for confidentiality.
Xml signature?
+
Cryptographic signing of SAML assertions.
You configure claim rules?
+
Using rule templates or custom claims transformation.
You configure sp-initiated sso?
+
Enable SAML integration with proper ACS and Entity ID.
You deploy pingfederate?
+
On-prem VM, container, or cloud VM.
Zero downtime deployment?
+
Deploying updates without interrupting service by blue-green or rolling
deployment
strategies.
Zero trust security?
+
Zero trust assumes no implicit trust; all users and devices must be verified
before
accessing resources.
Zero-trust security?
+
Zero-trust assumes no implicit trust. Every request must be verified
regardless of
origin or location.
redirect uris be exact?
+
To prevent open redirect vulnerabilities.
Aaud' claim?
+
Audience — the application that token is meant for.
Access review?
+
Feature to periodically validate user access.
Access token lifetime?
+
Time before token expires, usually minutes.
Access token lifetime?
+
Default 60–90 minutes depending on policies.
Access token manager?
+
Component controlling token storage/expiry.
Access token?
+
A credential used to access protected resources.
Access token?
+
Grants access to APIs.
Access token?
+
A token used to access APIs.
Acr'?
+
Authentication Context Class Reference — indicates authentication strength.
Acs url?
+
Assertion Consumer Service URL for SP to receive SAML assertions.
Acs url?
+
Endpoint where SP receives SAML responses.
Active-active vs active-passive ha?
+
Active-Active: all nodes serve traffic simultaneously., Active-Passive: one
node is
primary, another is standby for failover.
Adaptive authentication?
+
Dynamic authentication based on risk.
Adaptive sso?
+
Applies dynamic authentication conditions.
Address' scope?
+
Access to user address attributes.
Adfs application group?
+
Collection of OAuth/OIDC clients.
Adfs farm?
+
Cluster of servers providing redundancy.
Adfs federation metadata?
+
XML describing ADFS endpoints and certificates.
Adfs proxy?
+
Enables external access to internal ADFS.
Adfs web application proxy?
+
Proxy enabling external access to ADFS.
Adfs?
+
Active Directory Federation Services implementing SAML.
Adfs?
+
Active Directory Federation Services: on-prem identity provider.
Advantages
+
Supports SSO, secure token-based access, scoped permissions, mobile/server
support,
and third-party integrations.
Algorithms does oidc use?
+
RS256, ES256, HS256.
Always sign assertions?
+
Yes, signing is mandatory for security.
Amr'?
+
Authentication Methods Reference — methods used for authentication.
Api security in cloud?
+
API security protects cloud APIs from misuse attacks and unauthorized
access.
App registration?
+
Configuration representing an application identity.
App role assignment?
+
Assign roles to users or groups for an app.
Apps must use pkce?
+
Mobile, SPAs, and any public clients.
Artifact resolution service?
+
Endpoint used to exchange artifact for assertion.
Assertion consumer service?
+
Endpoint where SP receives SAML responses.
Assertion in saml?
+
A package of security information issued by an Identity Provider.
Assertion signing?
+
Proof that assertion came from trusted IdP.
Attribute mapping in ping?
+
Mapping LDAP or internal attributes to SAML assertions.
Attribute mapping?
+
Mapping SAML attributes to SP identity fields.
Attribute mapping?
+
Mapping Okta attributes to app attributes.
Attribute mapping?
+
Mapping user attributes from IdP to SP.
Attribute release policy?
+
Rules governing which user data IdP sends.
Attributes secured?
+
By signing and optional encryption.
Attributestatement?
+
Part of assertion containing user attributes.
Audience claim?
+
Identifies the resource the token is valid for.
Audience mismatch'?
+
Assertion issued for wrong SP.
Audience restriction?
+
Ensures assertion is used only by intended SP.
Audience restriction?
+
Ensures tokens are used by intended SP.
Auth_time' claim?
+
Time the user was last authenticated.
Authentication api?
+
REST API enabling custom authentication UI.
Authentication methods does adfs support?
+
Windows auth, forms auth, certificate auth.
Authnrequest?
+
Authentication request from SP to IdP.
Authnrequest?
+
A request from SP to IdP to authenticate the user.
Authorization code flow secure?
+
Tokens issued directly to backend server, not exposed to browser.
Authorization code flow?
+
OAuth 2.0 flow for server-side apps; client exchanges an authorization code
for an
access token securely.
Authorization code flow?
+
A secure flow for server-side apps exchanging code for tokens.
Authorization code flow?
+
Exchanges code for tokens securely via backend.
Authorization code flow?
+
Most secure flow using server-side token exchange.
Authorization code grant
+
Used for web apps; user logs in, backend exchanges authorization code for
access
token securely.
Authorization endpoint?
+
Used to authenticate the user.
Authorization grant?
+
Credential representing user consent.
Authorization server responsibility?
+
Issue tokens, validate clients, manage scopes and consent.
Authorization server?
+
The server issuing access tokens and managing consent.
Auto healing in kubernetes?
+
Automatically restarts failed containers or reschedules pods to healthy
nodes to
ensure continuous availability.
Avoid idp-initiated sso?
+
SP-initiated is more secure.
Avoid implicit flow?
+
Yes, deprecated for security reasons.
Azure ad b2b?
+
Allows external identities to collaborate securely.
Azure ad b2c?
+
Identity platform for customer applications.
Azure ad connect?
+
Sync tool connecting on-prem AD with Azure AD.
Azure ad mfa?
+
Multi-factor authentication service to enhance security.
Azure ad saml?
+
Azure Active Directory supporting SAML-based SSO.
Azure ad vs adfs?
+
Azure AD = cloud; ADFS = on-prem federation.
Azure ad vs okta?
+
Azure AD is Microsoft cloud identity; Okta is independent IAM leader.
Azure ad vs pingfederate?
+
Azure AD = cloud-first; PingFederate = enterprise federation with granular
control.
Azure ad?
+
A cloud-based identity and access management service by Microsoft.
Back-channel logout?
+
Logout using server-to-server messages.
Back-channel logout?
+
Server-to-server logout notifications.
Back-channel slo?
+
Uses server-to-server calls for logout.
Backup strategy for cloud?
+
Regular snapshots, versioned backups, geo-replication, and automated
schedules
ensure data recovery.
Bearer token?
+
A bearer token is a type of access token that allows access to resources
when
presented. No additional verification is required besides the token itself.
Bearer token?
+
Token that grants access without additional proof.
Best practices for jwt?
+
Use HTTPS, short-lived tokens, refresh tokens, sign tokens, and avoid
storing
sensitive data in payload.
Best practices for oauth/jwt in production?
+
Use HTTPS, short-lived tokens, refresh tokens, secure storage, signature
verification, and proper logging/auditing.
Biggest benefit of sso?
+
User convenience and reduced login friction.
Biometric sso?
+
SSO authenticated via biometrics like fingerprint or face.
Can cookies break sso?
+
Yes, blocked cookies prevent session persistence.
Can jwt be revoked?
+
JWTs are stateless, so they cannot be revoked by default. Implement token
blacklisting or short expiration for control.
Can metadata expire?
+
Yes, metadata can have expiration to enforce updates.
Can pingfederate encrypt assertions?
+
Yes, full support for SAML encryption.
Can refresh tokens be revoked?
+
Yes, through revocation endpoints.
Can scopes control mfa?
+
Yes, using acr/amr claims.
Can sso reduce password reuse?
+
Yes, only one password is needed.
Can sso reduce phishing?
+
Yes, users rarely enter passwords.
Can umbraco support jwt authentication?
+
Yes, JWT middleware can secure API endpoints and allow stateless
authentication for
custom Umbraco APIs.
Cannot oauth2 replace saml?
+
OAuth2 does not authenticate users; needs OIDC.
Certificate rollover?
+
Updating certificates without service disruption.
Certificate rollover?
+
Rotation of signing certificates to maintain security.
Check_session_iframe?
+
Used to track session changes via iframe polling.
Claim in jwt?
+
Claims are pieces of information asserted about a subject (user) in the
token, e.g.,
sub, exp, role.
Claims provider trust?
+
Identity providers trusted by ADFS.
Client credentials flow?
+
Used for server-to-server authentication without user.
Client credentials flow?
+
Server-to-server authentication, not user login.
Client credentials grant
+
Used for machine-to-machine authentication without user involvement.
Client in oauth 2.0?
+
The application requesting access to a resource.
Client in oidc?
+
Application requesting tokens from IdP.
Client secret?
+
Confidential credential used by backend clients.
Client secret?
+
Credential used for confidential OAuth clients.
Client_id?
+
Unique identifier for the client.
Client_secret?
+
Secret only known to confidential clients.
Cloud access control?
+
Access control manages who can access cloud resources and what operations
they can
perform.
Cloud access key best practices?
+
Rotate keys use IAM roles avoid hardcoding keys and monitor usage.
Cloud access security broker (casb)?
+
CASB is a security solution placed between cloud users and services to
enforce
security policies.
Cloud access security broker (casb)?
+
CASB acts as a policy enforcement point between users and cloud services to
monitor
and protect sensitive data.
Cloud audit logging?
+
Audit logging records user activity configuration changes and security
events in
cloud platforms.
Cloud audit trail?
+
Audit trail logs record all user actions and system changes for
accountability and
compliance.
Cloud breach detection?
+
Breach detection identifies unauthorized access or compromise of cloud
resources.
Cloud compliance auditing?
+
Compliance auditing verifies cloud configurations and operations meet
regulatory
requirements.
Cloud compliance frameworks?
+
Frameworks include ISO 27001 SOC 2 HIPAA PCI DSS and GDPR.
Cloud compliance standards?
+
Standards like ISO 27001, SOC 2, GDPR, HIPAA ensure cloud providers meet
regulatory
security requirements.
Cloud data backup?
+
Data backup creates copies of cloud data to restore in case of loss or
corruption.
Cloud data classification?
+
Data classification categorizes cloud data by sensitivity to apply proper
security
controls.
Cloud data residency?
+
Data residency ensures cloud data is stored in specified geographic
locations to
comply with regulations.
Cloud ddos mitigation best practices?
+
Use distributed protection traffic filtering auto-scaling and monitoring.
Cloud disaster recovery?
+
Disaster recovery ensures cloud workloads can recover quickly from failures
or
attacks.
Cloud encryption best practices?
+
Use strong algorithms rotate keys encrypt in transit and at rest and protect
key
management.
Cloud encryption in transit and at rest?
+
In-transit encryption protects data during network transfer. At-rest
encryption
protects stored data on disk or database.
Cloud encryption key rotation?
+
Key rotation periodically updates encryption keys to reduce the risk of
compromise.
Cloud endpoint security best practices?
+
Install agents enforce policies monitor behavior and isolate compromised
endpoints.
Cloud endpoint security?
+
Endpoint security protects devices that access cloud resources from malware
breaches
or unauthorized access.
Cloud firewall best practices?
+
Use least privilege segment networks update rules regularly and log traffic.
Cloud firewall?
+
Cloud firewall is a network security service to filter and monitor traffic
to cloud
resources.
Cloud forensic investigation?
+
Cloud forensics investigates breaches or attacks to identify root causes and
affected assets.
Cloud identity federation vs sso?
+
Federation allows using external identities; SSO allows single
authentication across
multiple apps.
Cloud identity federation?
+
Allows users to access multiple cloud services using single identity,
enabling SSO
across providers.
Cloud identity management?
+
Cloud identity management handles user authentication authorization and
lifecycle in
cloud services.
Cloud incident management?
+
Incident management handles security events to minimize impact and prevent
recurrence.
Cloud incident response plan?
+
Plan outlines procedures roles and tools for responding to cloud security
incidents.
Cloud incident response?
+
Incident response is the process of detecting analyzing and mitigating
security
incidents in the cloud.
Cloud key management?
+
Cloud key management creates stores rotates and controls access to
cryptographic
keys.
Cloud key rotation policy?
+
Policy defines frequency and procedure for rotating encryption keys.
Cloud logging and monitoring?
+
Collects audit logs, metrics, and events to detect anomalies, unauthorized
access,
and security breaches.
Cloud logging best practices?
+
Centralize logs enable retention monitor for anomalies and secure log
storage.
Cloud logging retention policy?
+
Defines how long logs are stored and ensures they are archived securely for
compliance.
Cloud logging?
+
Cloud logging records user activity system events and access for auditing
and
monitoring.
Cloud malware protection?
+
Malware protection detects and removes malicious software from cloud
workloads and
endpoints.
Cloud misconfiguration?
+
Misconfiguration occurs when cloud resources are improperly configured
creating
security risks.
Cloud monitoring best practices?
+
Monitor critical assets configure alerts and integrate with SIEM and
incident
response.
Cloud monitoring?
+
Cloud monitoring tracks resource usage performance and security threats in
real
time.
Cloud monitoring?
+
Monitoring tools track performance, security events, and availability,
helping
identify issues proactively.
Cloud multi-factor authentication best practices?
+
Enable MFA for all users use strong methods like TOTP or hardware tokens.
Cloud native ha design?
+
Using redundancy, distributed systems, microservices, and auto-scaling to
achieve
high availability.
Cloud native security?
+
Security designed specifically for cloud services and microservices,
including
containers, Kubernetes, and serverless workloads.
Cloud network monitoring?
+
Network monitoring observes traffic flows detects anomalies and enforces
segmentation.
Cloud network segmentation?
+
Network segmentation isolates cloud workloads to reduce attack surfaces.
Cloud patch management?
+
Patch management updates cloud systems and applications to fix
vulnerabilities.
Cloud patch management?
+
Automated application of security patches to OS, software, and applications
running
in the cloud.
Cloud penetration testing policy?
+
Policy defines rules and approvals required before conducting penetration
tests on
cloud services.
Cloud penetration testing tools?
+
Tools include Kali Linux Metasploit Nmap Burp Suite and cloud
provider-native tools.
Cloud penetration testing?
+
Penetration testing simulates attacks on cloud systems to identify
vulnerabilities.
Cloud penetration testing?
+
Ethical testing to identify vulnerabilities and misconfigurations in cloud
infrastructure.
Cloud role-based access control (rbac)?
+
RBAC assigns permissions based on user roles to enforce least privilege.
Cloud secrets management?
+
Secrets management stores and controls access to sensitive information like
API keys
and passwords.
Cloud secure devops?
+
Secure DevOps integrates security into DevOps processes and CI/CD pipelines.
Cloud secure gateway?
+
Secure gateway controls and monitors access between users and cloud
applications.
Cloud security assessment?
+
Assessment evaluates cloud infrastructure configurations and practices
against
security standards.
Cloud security auditing?
+
Auditing evaluates cloud resources and policies to ensure security and
compliance.
Cloud security automation tools?
+
Tools include AWS Config Azure Security Center GCP Security Command Center
and
Terraform with security checks.
Cloud security automation?
+
Automation uses scripts or tools to enforce security policies and remediate
threats
automatically.
Cloud security automation?
+
Automates security checks, patching, and policy enforcement to reduce human
error
and improve speed.
Cloud security baseline?
+
Security baseline defines standard configurations and controls for cloud
environments.
Cloud security best practices?
+
Enforce IAM encryption monitoring logging patching least privilege and
incident
response.
Cloud security group best practices?
+
Use least privilege separate environments restrict inbound/outbound rules
and
monitor traffic.
Cloud security incident types?
+
Types include data breach misconfiguration account compromise malware
infection and
insider threats.
Cloud security monitoring tools?
+
Tools include AWS GuardDuty Azure Defender GCP Security Command Center and
third-party SIEM.
Cloud security orchestration?
+
Security orchestration automates workflows threat response and remediation
across
cloud systems.
Cloud security policy?
+
Policy defines rules standards and practices to protect cloud resources.
Cloud security posture management (cspm)?
+
CSPM continuously monitors cloud environments to detect misconfigurations
and
compliance risks.
Cloud security posture management (cspm)?
+
CSPM tools continuously monitor misconfigurations, vulnerabilities, and
compliance
risks in cloud environments.
Cloud security?
+
Cloud security is the set of policies technologies and controls designed to
protect
data applications and infrastructure in cloud environments.
Cloud security?
+
Cloud security involves policies, controls, procedures, and technologies
that
protect data, applications, and services in the cloud. It ensures
confidentiality,
integrity, and availability (CIA) of cloud resources.
Cloud siem?
+
Cloud SIEM centralizes log collection analysis alerting and reporting for
security
events.
Cloud threat detection?
+
Threat detection identifies malicious activity or anomalies in cloud
environments.
Cloud threat intelligence?
+
Threat intelligence provides data on current security threats and
vulnerabilities to
enhance cloud defenses.
Cloud threat modeling?
+
Threat modeling identifies potential threats and vulnerabilities in cloud
systems
and designs mitigation strategies.
Cloud threat modeling?
+
Identifying potential threats, vulnerabilities, and mitigation strategies
for cloud
architectures.
Cloud vpn?
+
Cloud VPN securely connects on-premises networks to cloud resources over
encrypted
tunnels.
Cloud vulnerability assessment?
+
It identifies security weaknesses in cloud infrastructure applications and
configurations.
Cloud vulnerability management?
+
Vulnerability management identifies prioritizes and remediates security
weaknesses.
Cloud vulnerability scanning?
+
Scanning detects security flaws in cloud infrastructure applications and
containers.
Cloud workload isolation?
+
Workload isolation separates applications or tenants to prevent lateral
movement of
threats.
Cloud workload protection platform (cwpp)?
+
CWPP provides security for workloads running across cloud VMs containers and
serverless environments.
Cloud-native security?
+
Cloud-native security integrates security controls directly into cloud
applications
and infrastructure.
Common saml attributes?
+
email, firstName, lastName, employeeID.
Compliance in cloud security?
+
Compliance ensures cloud deployments adhere to regulatory standards like
GDPR HIPAA
or PCI DSS.
Compliance monitoring in cloud?
+
Continuous auditing to ensure resources follow regulatory and internal
security
standards.
Conditional access?
+
Policies restricting token issuance based on conditions.
Conditional access?
+
Policy engine controlling access based on conditions.
Confidential client?
+
Client that securely stores secrets (backend server).
Configuration management in cloud security?
+
Configuration management ensures cloud resources are deployed securely and
consistently.
Consent screen?
+
UI shown to user listing requested permissions.
Container security?
+
Container security protects containerized applications and their
orchestration
platforms like Docker and Kubernetes.
Container security?
+
Securing containerized applications using image scanning, runtime
protection, and
least privilege.
Continuous compliance?
+
Automated monitoring of cloud resources to maintain compliance with
regulations like
HIPAA or GDPR.
Cookies relate to sso?
+
SSO often uses session cookies to maintain authenticated sessions across
multiple
apps or domains.
Credential stuffing protection?
+
OIDC frameworks block repeated unsuccessful logins.
Cross-domain sso?
+
SSO across different organizations.
Csrf state parameter?
+
Used to protect against CSRF attacks during authentication.
Custom scopes?
+
App-defined permissions for additional claims.
Data loss prevention (dlp)?
+
DLP prevents unauthorized access sharing or leakage of sensitive cloud data.
Data masking?
+
Hides sensitive data in non-production environments to protect privacy while
allowing application testing.
Ddos protection in cloud?
+
Defends cloud services against Distributed Denial of Service attacks using
mitigation, traffic filtering, and scaling.
Decentralized identity?
+
User-controlled identity using blockchain-based models.
Delegation?
+
Acting on behalf of a user with limited privileges.
Destination mismatch'?
+
Assertion sent to wrong ACS URL.
Device code flow?
+
Used by devices with no browser or limited input.
Device code flow?
+
Authentication for devices without browsers.
Diffbet access token and refresh token?
+
Access tokens are short-lived tokens for resource access. Refresh tokens are
long-lived and used to obtain new access tokens without re-authentication.
Diffbet app registration and enterprise application?
+
App Registration = app identity; Enterprise App = SSO configuration
instance.
Diffbet auth code and auth code + pkce?
+
PKCE adds code verifier & challenge for extra security.
Diffbet authentication and authorization?
+
Authentication verifies identity; authorization defines what resources an
authenticated user can access.
Diffbet authentication and authorization?
+
Authentication verifies identity; authorization verifies permissions.
Diffbet availability zone and region?
+
A Region is a geographical location. An Availability Zone (AZ) is an
isolated data
center within a region providing HA.
Diffbet dr and ha?
+
HA focuses on real-time availability and minimal downtime. DR is about
recovering
after a major failure or disaster, which may involve longer restoration
times.
Diffbet icontentservice and ipublishedcontent?
+
IContentService is used for editing/staging content. IPublishedContent is
for
reading published content efficiently.
Diffbet id_token and access_token?
+
ID token is for authentication; access token is for authorization.
Diffbet oauth 1.0 and 2.0?
+
OAuth 1.0 requires cryptographic signing; OAuth 2.0 uses bearer tokens,
simpler
flow, and supports multiple grant types like Authorization Code and Client
Credentials.
Diffbet oauth and openid connect?
+
OAuth is for authorization; OIDC is an authentication layer on top of OAuth
providing user identity.
Diffbet oauth scopes and claims?
+
Scopes define the permissions requested; claims define attributes about the
user or
session.
Diffbet par and jar?
+
PAR = push request; JAR = sign request.
Diffbet published content and draft content?
+
Draft content is editable but not visible to the public; published content
is live
on the website.
Diffbet saml and jwt?
+
SAML uses XML for identity assertions; JWT uses JSON. JWT is lighter and
easier for
APIs, while SAML is enterprise-oriented.
Diffbet saml and jwt?
+
SAML = XML assertions; JWT = JSON tokens.
Diffbet saml and oauth?
+
SAML is for SSO using XML; OAuth is authorization using JSON/REST.
Diffbet saml and oidc?
+
SAML uses XML and is enterprise-focused; OIDC uses JSON and supports modern
apps.
Diffbet sso and mfa?
+
SSO = one login across apps; MFA = additional security factors during login.
Diffbet sso and oauth?
+
SSO is mainly for authentication across apps. OAuth is for delegated
authorization
without sharing credentials.
Diffbet sso and password sync?
+
SSO shares authentication state; password sync copies passwords across
systems.
Diffbet sso and slo?
+
SSO = login across apps; SLO = logout across apps.
Diffbet stateless and stateful authentication?
+
JWT enables stateless authentication—server does not store session info.
Traditional
sessions are stateful, stored on the server.
Diffbet symmetric and asymmetric encryption?
+
Symmetric uses same key for encryption and decryption. Asymmetric uses
public/private key pairs. Asymmetric is used in secure key exchange.
Diffbet umbraco api controllers and mvc controllers?
+
API controllers return JSON or XML data for apps; MVC controllers render
views/templates.
Discovery document?
+
Well-known configuration endpoint for OIDC.
Discovery important?
+
Allows dynamic configuration of OIDC clients.
Distributed denial-of-service (ddos) protection?
+
DDoS protection mitigates attacks that overwhelm cloud services with
traffic.
Do access tokens depend on scopes?
+
Yes, scopes define API permissions.
Do all protocols support slo?
+
Yes, but implementations vary.
Do all sps support sso?
+
Not always — legacy apps may need custom connectors.
Do browsers impact sso?
+
Yes, privacy modes may block redirects/cookies.
Do not log tokens?
+
Never log access or refresh tokens.
Does adfs support mfa?
+
Yes, with built-in and external providers.
Does adfs support oauth2?
+
Yes, since ADFS 3.0.
Does adfs support saml sso?
+
Yes, as IdP and SP.
Does azure ad support saml?
+
Yes, SAML 2.0 with IdP-initiated and SP-initiated flows.
Does id token depend on scopes?
+
Yes, claims in ID Token depend on scopes.
Does jwt work?
+
Server generates JWT after authentication. Client stores it (usually in
local
storage). Subsequent requests include the token in the Authorization header
for
stateless authentication.
Does oidc support single logout?
+
Yes, through RP-Initiated and Front/Back-channel logout.
Does oidc support sso?
+
Yes, OIDC provides Single Sign-On functionality.
Does okta expose jwks?
+
/oauth2/v1/keys endpoint.
Does okta support password sync?
+
Yes, via provisioning connectors.
Does pingfederate issue jwt tokens?
+
Yes, for access and id tokens.
Does pingfederate support mfa?
+
Yes, via PingID or third-party integrations.
Does pingfederate support pkce?
+
Yes, for public clients.
Does pingfederate support saml sso?
+
Yes, both IdP and SP roles.
Does saml ensure security?
+
Uses XML signatures, encryption, certificates, and timestamps.
Does saml metadata contain?
+
Certificates, endpoints, SSO URLs, entity IDs.
Does saml stand for?
+
Security Assertion Markup Language.
Does saml use tokens?
+
Yes, SAML assertions are XML-based tokens.
Does silent logout mean?
+
Logout without redirecting the user.
Does slo fail?
+
Different implementations or expired sessions.
Does sso break?
+
Wrong certificates, clock skew, misconfigured endpoints.
Does sso enhance security?
+
Reduces password fatigue, centralizes authentication policies, enables MFA,
and
minimizes login-related vulnerabilities.
Does sso help in compliance?
+
Yes, supports SOC2, HIPAA, GDPR requirements.
Does sso improve auditability?
+
Centralized login logs.
Does sso improve security?
+
Reduces password fatigue, phishing risk, and enforces central policies.
Does sso improve security?
+
Centralized authentication and MFA enforcement.
Does sso increase productivity?
+
Yes, no repeated logins.
Does sso reduce attack surface?
+
Yes, fewer passwords and login endpoints.
Does sso reduce helpdesk calls?
+
Reduces password reset requests.
Does sso require accurate time sync?
+
Yes, tokens require clock accuracy.
Does sso require certificate management?
+
Yes, periodic rollover is required.
Does sso work?
+
A centralized identity provider authenticates the user, issues a token or
cookie,
and applications trust this token to grant access.
Domain federation?
+
Configures ADFS or external IdP to authenticate domain users.
Dpop?
+
Demonstration of Proof-of-Possession; prevents token theft misuse.
Dynamic client registration?
+
Allows clients to auto-register at IdP.
Dynamic group?
+
Group with rule-based membership.
Email' scope?
+
Access to user email and email_verified.
Encode saml messages?
+
To ensure safe transport via URLs or POST.
Encrypt sensitive attributes?
+
Highly recommended.
Encryption at rest?
+
Encryption at rest protects stored data using cryptographic techniques.
Encryption errors occur?
+
Incorrect certificate or key mismatch.
Encryption in cloud?
+
Encryption protects data in transit and at rest using algorithms like AES or
RSA. It
prevents unauthorized access to sensitive cloud data.
Encryption in transit?
+
Encryption in transit protects data as it travels over networks between
cloud
services or users.
End_session endpoint?
+
Used for OIDC logout operations.
Endpoint security in cloud?
+
Protects client devices, VMs, and containers from malware, unauthorized
access, and
vulnerabilities.
Enforce mfa?
+
Improves security for sensitive resources.
Enterprise application?
+
Represents an SP configuration used for SSO.
Enterprise sso?
+
SSO for employees using enterprise IdPs.
Entity category?
+
Classification of SP/IdP capabilities.
Entity id?
+
A unique identifier for SP or IdP in SAML.
Example of federation hub?
+
Azure AD, ADFS, Okta, PingFederate.
Exp' claim?
+
Expiration timestamp.
Expired assertion'?
+
Assertion outside NotOnOrAfter time.
Explain auto scaling.
+
Auto Scaling automatically adjusts compute resources based on demand,
improving
availability and cost efficiency.
Explain bastion host.
+
A Bastion host is a secure jump server used to access instances in private
networks.
Explain cloud firewall.
+
Cloud firewalls filter network traffic at the edge or VM level, enforcing
security
rules to prevent unauthorized access.
Explain disaster recovery in cloud.
+
Disaster Recovery (DR) is a set of processes to restore cloud applications
and data
after failures. It involves backups, replication, multi-region deployment,
and
failover strategies.
Failover in cloud?
+
Automatic switching to a redundant system when a primary system fails,
ensuring
service continuity.
Fapi?
+
Financial grade API security profile for OIDC/OAuth2.
Fault tolerance in cloud?
+
Fault tolerance ensures the system continues functioning despite component
failures
using redundancy and failover.
Federated identity?
+
Using external identity providers like Google or Azure AD.
Federation hub?
+
Central IdP connecting multiple SPs.
Federation in azure ad?
+
Using ADFS or external IdPs for authentication.
Federation in sso?
+
Trust relationship enabling cross-domain authentication.
Federation metadata?
+
Configuration XML exchanged between IdP and SP.
Federation?
+
Trust between identity providers and service providers.
Fine-grained authorization?
+
Scoped permissions down to resource-level.
Flow is best for iot devices?
+
Device Code flow.
Flow is best for machine-to-machine?
+
Client Credentials.
Flow is best for mobile?
+
Authorization Code with PKCE.
Flow is best for spas?
+
Authorization Code with PKCE (Implicit avoided).
Flow is more secure?
+
SP-initiated, due to request ID validation.
Flow should spas use?
+
Authorization Code Flow with PKCE.
Flow supports refresh tokens?
+
Authorization Code Flow and Hybrid Flow.
Flow supports sso?
+
Authorization Code or Hybrid flow via OIDC.
Flows does azure ad support?
+
Auth Code, PKCE, Client Credentials, Device Code, ROPC.
Format are oauth tokens?
+
Typically JWT or opaque tokens.
Format does oidc use?
+
JSON, REST APIs, and JWT tokens.
Formats can access tokens use?
+
JWT or opaque format.
Formats can id tokens use?
+
Always JWT.
Frontchannel logout?
+
Logout performed via the browser using redirects.
Front-channel logout?
+
Logout via browser redirects.
Front-channel logout?
+
Browser-based logout using redirects.
Front-channel slo?
+
Uses browser redirects for logout.
Global logout?
+
Logout from entire identity federation.
Grant type
+
Defines how the client collects and exchanges access tokens.
Graph api?
+
API to manage users, groups, and apps.
Happens if idp is down during slo?
+
SPs may not logout properly.
Haproxy in cloud?
+
HAProxy is a load balancer and proxy server that supports high availability
and
failover.
High availability (ha) in cloud?
+
HA ensures that cloud services remain accessible with minimal downtime. It
uses
redundancy, failover mechanisms, and load balancing to maintain continuous
operations.
Home realm discovery?
+
Identifies which IdP user belongs to.
Home realm discovery?
+
Choosing correct IdP based on the user.
Http artifact binding?
+
Message reference is sent, not entire assertion.
Http post binding?
+
SAML message sent through an HTML form post.
Http redirect binding?
+
SAML message is sent via URL query string.
Https requirement?
+
OAuth 2.0 must use HTTPS for all communication.
Hybrid cloud security?
+
Hybrid cloud security protects workloads and data across on-premises and
cloud
environments.
Hybrid flow?
+
Combination of implicit + authorization code (OIDC).
Hybrid flow?
+
Combination of Implicit and Authorization Code flows.
Iam in cloud security?
+
Identity and Access Management controls who can access cloud resources and
what
actions they can perform.
Iam in cloud security?
+
Identity and Access Management controls who can access cloud resources and
what they
can do. It includes authentication, authorization, roles, policies, and MFA.
Iat' claim?
+
Issued-at timestamp.
Id token signature?
+
Verifies integrity and authenticity.
Id token?
+
JWT token containing authentication details.
Id token?
+
A JWT containing identity information about the user.
Id_token?
+
OIDC token containing user identity claims.
Id_token_hint?
+
Hint for logout identifying user's ID Token.
Identifier (entity id)?
+
SP unique identifier configured in Azure AD.
Identity brokering?
+
IdP sits between user and multiple IdPs.
Identity federation?
+
Identity federation allows users to access multiple cloud services using a
single
identity.
Identity federation?
+
A trust relationship allowing different systems to share authentication.
Identity hub?
+
A centralized identity broker connecting many IdPs.
Identity protection?
+
Detects risky logins and risky users.
Identity provider (idp)?
+
An IdP is a trusted service that authenticates users and issues tokens or
assertions
for SSO.
Identity provider (idp)?
+
Authenticates users and issues claims.
Identity provider (idp)?
+
A service that authenticates a user and issues SAML assertions.
Identity token validation?
+
Ensuring token signature, audience, and issuer are correct.
Idp discovery?
+
Selecting the correct identity provider for login.
Idp federation?
+
One IdP authenticates users for many SPs.
Idp in sso?
+
Identity Provider — authenticates the user.
Idp metadata url?
+
URL where SP fetches IdP metadata.
Idp proxying?
+
IdP acting as intermediary between user and another IdP.
Idp?
+
System that authenticates users and issues tokens/assertions.
Idp-initiated sso?
+
Login initiated from Identity Provider.
Idp-initiated sso?
+
User starts login at the Identity Provider.
Immutable infrastructure?
+
Infrastructure that is never modified after deployment, only replaced. It
ensures
consistency and security.
Impersonation?
+
User acting as another identity — dangerous and restricted.
Implicit flow deprecated?
+
Exposes tokens to browser and insecure environments.
Implicit flow deprecated?
+
Less secure, exposes tokens in browser URL.
Implicit flow?
+
Legacy browser-based flow without backend; not recommended.
Implicit flow?
+
Old flow that returns tokens via browser fragments.
Implicit grant flow?
+
OAuth 2.0 flow for client-side apps where tokens are returned directly
without
client secret.
Implicit vs code flow?
+
Code Flow more secure; Implicit deprecated.
Incremental consent?
+
Requesting only partial permissions at first.
Inresponseto attribute?
+
Links the response to the matching AuthnRequest.
Inresponseto missing'?
+
IdP did not include request ID; insecure for SP-initiated.
Introspection endpoint?
+
Used to validate opaque access tokens.
Intrusion detection and prevention (ids/ips)?
+
IDS/IPS monitors network traffic for malicious activity, raising alerts or
blocking
threats.
Intrusion detection system (ids)?
+
IDS monitors cloud traffic for malicious activity or policy violations.
Intrusion prevention system (ips)?
+
IPS not only detects but also blocks malicious traffic in real time.
Invalid signature' error?
+
Assertion signature mismatch or wrong certificate.
Is jwt used in microservices?
+
JWT allows secure stateless communication between microservices, with each
service
verifying the token without a central session store.
Is jwt verified?
+
Server uses the secret or public key to verify the token’s signature and
validity,
ensuring it was issued by a trusted source.
Is more reliable — front or back channel?
+
Back-channel, because it avoids browser issues.
Is oauth 2.0 for authentication?
+
Not by design; it's for authorization. OIDC adds authentication.
Is oauth 2.0 stateful or stateless?
+
Can be either, depending on token type and architecture.
Is oidc authentication or authorization?
+
OIDC is authentication; OAuth2 is authorization.
Is oidc stateless or stateful?
+
Stateless — relies on JWT tokens.
Is oidc suitable for mobile apps?
+
Yes, highly optimized for mobile clients.
Is saml used for authentication or authorization?
+
Primarily authentication; asserts user identity to SP.
Is sso a single point of failure?
+
Yes, if IdP is down, login for all apps fails.
Is sso for authentication or authorization?
+
SSO is primarily for authentication.
Is sso latency-prone?
+
Yes, due to redirects and token validation.
Is token expiry handled in oauth?
+
Access tokens have a short TTL; refresh tokens are used to request a new
access
token without user interaction.
Iss' claim?
+
Issuer identifier.
Issuer claim?
+
Identifies authorization server that issued the token.
Issuer mismatch'?
+
Incorrect IdP entity ID used.
Jar (jwt authorization request)?
+
Authorization request packaged as signed JWT.
Jarm?
+
JWT-secured Authorization Response Mode — adds signing to auth responses.
Just-in-time provisioning?
+
Provision user accounts at login time.
Just-in-time provisioning?
+
User is created automatically during login.
Jwks endpoint?
+
JSON Web Key Set for token verification keys.
Jwks uri?
+
Endpoint serving public keys for validating tokens.
Jwks?
+
JSON Web Key Set for validating tokens.
Jwt header?
+
Header specifies the signing algorithm (e.g., HS256) and token type (JWT).
Jwt kid field?
+
Key ID to identify which signing key to use.
Jwt payload?
+
The payload contains claims, which are statements about the user or session
(e.g.,
user ID, roles, expiration).
Jwt signature?
+
The signature ensures the token’s integrity. It is generated using a secret
(HMAC)
or private key (RSA/ECDSA).
Jwt signature?
+
Cryptographic signature verifying authenticity.
Jwt token?
+
Self-contained token with claims.
Jwt?
+
JSON Web Token (JWT) is a compact, URL-safe token format used to securely
transmit
claims between parties. It includes a header, payload, and signature.
Jwt?
+
JSON Web Token — compact, signed token.
Kerberos?
+
Network authentication protocol used in Windows SSO.
Key components of cloud security?
+
Key components include identity and access management (IAM) data protection
network
security monitoring and compliance.
Key management service (kms)?
+
KMS is a cloud service for creating managing and controlling encryption keys
securely.
Key management service (kms)?
+
KMS securely creates, stores, and rotates encryption keys for cloud
resources.
Kubernetes role in ha?
+
Kubernetes provides HA by managing pods across multiple nodes, self-healing,
and
load balancing.
Limit attribute sharing?
+
Minimize data to reduce privacy risk.
Limit scopes?
+
Yes, always follow least privilege.
Load balancer?
+
A load balancer distributes incoming traffic across multiple servers to
ensure high
availability and performance.
Logging & auditing in cloud security?
+
Captures user actions and system events to detect breaches, analyze
incidents, and
meet compliance.
Logout method is most reliable?
+
Back-channel logout.
Main cloud security challenges?
+
Challenges include data breaches insecure APIs misconfigured cloud services
insider
threats and compliance issues.
Main types of cloud security?
+
Includes Data Security, Network Security, Identity & Access Management
(IAM),
Application Security, and Endpoint Security. It protects cloud workloads
from
breaches and vulnerabilities.
Metadata important?
+
Ensures both IdP and SP trust each other and understand endpoints.
Metadata signature?
+
Indicates authenticity of metadata file.
Mfa in oauth?
+
Additional step enforced by authorization server.
Microsegmentation in cloud security?
+
Divides networks into smaller segments to isolate workloads and minimize
lateral
attack movement.
Microsoft graph permissions?
+
Scopes that define what an app can access.
Monitor saml logs?
+
Detects anomalies and attacks.
Mtls in oauth?
+
Mutual TLS binding tokens to client certificates.
Multi-cloud security?
+
Multi-cloud security manages security consistently across multiple cloud
providers.
Multi-factor authentication (mfa)?
+
MFA requires multiple forms of verification to access cloud resources
enhancing
security.
Multi-factor authentication (mfa)?
+
MFA requires two or more verification methods to access cloud resources,
enhancing
security beyond passwords.
Multi-federation?
+
Multiple IdPs serving different user groups.
Multi-region deployment?
+
Deploying resources in multiple regions improves disaster recovery,
redundancy, and
availability.
Multi-tenant app?
+
App serving multiple organizations with separate identities.
Multi-tenant identity?
+
Multiple tenants share identity infrastructure.
Nameid formats?
+
EmailAddress, Persistent, Transient, Unspecified.
Nameid?
+
Unique identifier for the user in SAML.
Nameidmapping?
+
Mapping NameIDs between IdP and SP.
Network acl?
+
Network ACL is a stateless firewall used to control traffic at the subnet
level.
Network acl?
+
A Network Access Control List controls traffic at the subnet level. It
provides an
additional layer beyond security groups.
Nonce' claim?
+
Used to prevent replay attacks.
Nonce used for?
+
To prevent replay attacks.
Nonce used for?
+
Prevents replay attacks.
Nonce?
+
Unique value used in ID token to prevent replay.
Not to store tokens?
+
LocalStorage or unencrypted browser memory.
Notbefore claim?
+
Defines earliest time the assertion is valid.
Notonorafter claim?
+
Expiration time of assertion.
Oauth 2
+
OAuth 2 is an open authorization framework enabling secure access delegation
without
sharing passwords.
Oauth 2.0 grant types?
+
Auth Code, PKCE, Client Credentials, Password, Implicit, Device Code.
Oauth 2.0?
+
An authorization framework allowing third-party apps to access user
resources
without sharing passwords.
Oauth 2.1?
+
A simplification removing implicit and ROPC flows; PKCE required.
Oauth backchannel logout?
+
Mechanism to notify apps of user logout.
Oauth device flow?
+
Auth flow for devices without browsers.
Oauth grant types?
+
Common grant types: Authorization Code, Implicit, Password Credentials,
Client
Credentials. They define how clients obtain access tokens.
Oauth introspection endpoint?
+
API to check token validity for opaque tokens.
Oauth revocation endpoint?
+
API to revoke access or refresh tokens.
Oauth?
+
OAuth is an open-standard authorization protocol that allows third-party
apps to
access user resources without sharing credentials. It issues access tokens
to grant
limited access to resources.
Oauth2 used for?
+
Authorization, not authentication.
Oauth2 with sso integration?
+
OAuth2 with SSO enables a single login using OAuth’s token-based
authorization to
access multiple protected services.
Oidc claims?
+
Statements about a user (e.g., email, name).
Oidc created?
+
To enable secure user authentication using modern JSON/REST technology.
Oidc discovery document?
+
Well-known configuration containing endpoints and metadata.
Oidc federation?
+
Uses OIDC for federated identity.
Oidc flow is best for spas?
+
Auth Code Flow with PKCE.
Oidc in apple sign-in?
+
Apple Sign-In is based on OIDC standards.
Oidc in auth0?
+
Auth0 fully supports OIDC flows and JWT issuance.
Oidc in aws cognito?
+
Cognito provides OIDC-based hosted UI flows.
Oidc in azure ad?
+
Azure AD supports OIDC with Microsoft Identity platform.
Oidc in fusionauth?
+
FusionAuth supports OIDC, MFA, and OAuth2 flows.
Oidc in google identity?
+
Google uses OIDC for all user authentication.
Oidc in keycloak?
+
Keycloak is an open-source IdP supporting OIDC.
Oidc in okta?
+
Okta provides custom and default OIDC authorization servers.
Oidc in pingfederate?
+
PingFederate supports OIDC with OAuth AS extensions.
Oidc in salesforce?
+
Salesforce acts as an OIDC provider for SSO.
Oidc in sso?
+
OAuth2-based identity layer issuing ID tokens.
Oidc preferred over saml?
+
Lightweight JSON tokens, mobile-ready, modern architecture.
Oidc scopes?
+
Permissions for claims in ID Token/UserInfo.
Oidc vs api keys?
+
OIDC is secure and user-based; API keys are static secrets.
Oidc vs basic auth?
+
OIDC uses token-based modern auth; Basic Auth sends credentials each time.
Oidc vs jwt?
+
OIDC uses JWT; JWT is a token format, not a protocol.
Oidc vs kerberos?
+
OIDC = web/mobile; Kerberos = internal network protocol.
Oidc vs oauth device flow?
+
OIDC is for login; Device Flow is for non-browser devices.
Oidc vs oauth2?
+
OIDC adds authentication; OAuth2 only handles authorization.
Oidc vs password auth?
+
OIDC uses tokens; password auth uses credentials directly.
Oidc vs saml?
+
OIDC uses JSON/REST; SAML uses XML. OIDC suits mobile and modern apps.
Oidc vs ws-fed?
+
OIDC is modern JSON-based; WS-Fed is legacy Microsoft protocol.
Oidc?
+
OpenID Connect is an identity layer built on top of OAuth 2.0 to
authenticate users.
Okta api token?
+
Token used for administrative API calls.
Okta app integration?
+
Application configuration for SSO.
Okta asa?
+
Advanced Server Access for SSH/RDP identity access.
Okta authentication api?
+
REST API for user authentication and token issuance.
Okta authorization server?
+
Custom OAuth server controlling token issuance.
Okta identity engine?
+
New adaptive authentication platform.
Okta idp discovery?
+
Chooses correct IdP based on user attributes.
Okta inline hook?
+
Extend Okta flows with external logic.
Okta mfa?
+
Multi-step authentication including SMS, Push, TOTP.
Okta org?
+
Dedicated Okta tenant for an organization.
Okta risk-based authentication?
+
Dynamically challenges or blocks based on risk.
Okta sign-on policy?
+
Rules defining how users authenticate to applications.
Okta system log?
+
Audit log for events and authentication attempts.
Okta universal directory?
+
Directory service storing users, groups, and attributes.
Okta verify?
+
Mobile authenticator for push and TOTP.
Okta vs adfs?
+
Okta = cloud SaaS; ADFS = on-prem with heavy infrastructure.
Okta vs pingfederate?
+
Okta = cloud-first; Ping = enterprise customizable federation.
Okta workflow?
+
Automation engine for identity tasks.
Okta?
+
Identity platform supporting SAML SSO.
Okta?
+
Identity and access management provider for cloud applications.
Opaque token?
+
Token that requires introspection to validate.
Openid connect (oidc)?
+
OIDC is an identity layer on top of OAuth 2.0 for authentication, returning
an ID
token that provides user identity info.
Openid' scope?
+
Mandatory scope to enable OIDC.
Par (pushed authorization request)?
+
Client sends authorization details via a secure POST before redirect.
Par (pushed authorization requests)?
+
Securely sends auth request to IdP before redirect — prevents tampering.
Partial logout?
+
Only some apps logout.
Password credentials grant
+
User provides username/password directly to client; now discouraged due to
security
risks.
Password vaulting sso?
+
SSO by storing and auto-filling credentials.
Passwordless sso?
+
SSO without passwords using FIDO2/WebAuthn.
Persistent nameid?
+
Long-lived identifier for a user.
Phone' scope?
+
Access to phone and phone_verified.
Pingdirectory?
+
Directory used with PingFederate for user management.
Pingfederate authentication policy?
+
Controls how authentication decisions are made.
Pingfederate connection?
+
Configuration linking SP and IdP.
Pingfederate console?
+
Admin dashboard for configuration.
Pingfederate idp adapter?
+
Plugin to authenticate users (LDAP, Kerberos etc).
Pingfederate oauth as?
+
Acts as authorization server issuing tokens.
Pingfederate vs adfs?
+
Ping = more flexible; ADFS = Microsoft ecosystem-focused.
Pingfederate?
+
Enterprise IdP/SP platform supporting SAML.
Pingfederate?
+
Enterprise federation server for SSO and identity integration.
Pingone?
+
Cloud identity solution integrating with PingFederate.
Pkce extension?
+
Proof Key for Code Exchange — protects public clients.
Pkce introduced?
+
To prevent authorization code interception attacks.
Pkce?
+
Proof Key for Code Exchange; improves security for public clients.
Pkce?
+
Enhances OAuth2 security for public clients.
Policy contract?
+
Defines attributes shared with SP/IdP.
Post_logout_redirect_uri?
+
URL where user is redirected after logout.
Principle of least privilege?
+
Users are granted only the permissions necessary to perform their job
functions.
Privileged identity management?
+
Controls and audits privileged roles.
Problem does oauth 2.0 solve?
+
It enables secure delegated access using tokens instead of credentials.
Profile' scope?
+
Access to basic user attributes.
Prohibited in oidc?
+
Tokens through URL (except legacy implicit flow).
Proof-of-possession?
+
Tokens tied to a key so only holder with key can use them.
Protocol does azure ad support?
+
OIDC, OAuth2, SAML2, WS-Fed.
Protocol format does saml use?
+
XML.
Protocol is best for mobile apps?
+
OIDC and OAuth2.
Protocol is best for web apps?
+
SAML2 for enterprises, OIDC for modern apps.
Protocol uses json/jwt?
+
OIDC.
Protocol uses xml?
+
SAML2.
Protocols does adfs support?
+
SAML, WS-Fed, OAuth2, OIDC.
Protocols does okta support?
+
OIDC, OAuth2, SAML2, SCIM.
Protocols does pingfederate support?
+
OIDC, OAuth2, SAML2, WS-Trust.
Protocols support sso?
+
SAML2, OIDC, OAuth2, WS-Fed, Kerberos.
Public client?
+
Cannot securely store secrets — e.g., mobile, SPAs.
Public client?
+
Client without a secure place to store secrets (SPA, mobile app).
Rate limiting in cloud security?
+
Limits the number of requests to APIs or services to prevent abuse and DDoS
attacks.
Recipient attribute?
+
SP endpoint expected to receive the assertion.
Redirect uri?
+
Endpoint where authorization server sends tokens or codes.
Redirect_uri?
+
URL where tokens/codes are sent after login.
Redundancy in ha?
+
Duplication of critical components to avoid single points of failure, e.g.,
multiple
servers, networks, or databases.
Refresh token flow?
+
Used to obtain new access tokens silently.
Refresh token grace period?
+
Allows old token to work briefly during rotation.
Refresh token lifetime?
+
Can be days to months based on policy.
Refresh token rotation?
+
Each refresh returns a new token; old one invalidated.
Refresh token?
+
A long-lived token used to obtain new access tokens.
Refresh token?
+
Used to get new access tokens without re-login.
Refresh token?
+
A long-lived token used to get new access tokens.
Refresh tokens long lived?
+
To enable new access tokens without user interaction.
Registration endpoint?
+
Dynamic client registration.
Relationship between oauth2 and oidc?
+
OIDC extends OAuth2 by adding identity features.
Relaystate?
+
State parameter passed between SP and IdP to maintain context.
Relaystate?
+
Parameter that preserves return URL or context.
Relying party trust?
+
Configuration for apps that rely on ADFS for authentication.
Replay attack?
+
Reusing captured tokens.
Replay detected'?
+
Assertion already used before.
Reply/acs url?
+
Endpoint where Azure AD posts SAML responses.
Resource owner password grant (ropc)?
+
User sends username/password directly; insecure and deprecated.
Resource owner?
+
The user or entity owning the protected resource.
Resource server responsibility?
+
Validate tokens and expose APIs.
Resource server?
+
The API hosting the protected resources.
Response_mode?
+
Defines how tokens are returned (query, form_post, fragment).
Response_type?
+
Defines which tokens are returned (code, id_token, token).
Restrict redirect_uri?
+
Prevents token leakage to malicious URLs.
Risk-based authentication?
+
Adaptive authentication based on context.
Risk-based sso?
+
Challenges based on user risk profile.
Ropc flow?
+
Resource Owner Password Credentials — now discouraged.
Ropc used?
+
Legacy or highly trusted systems; not recommended.
Rotate certificates periodically?
+
Prevents long-term compromises.
Rotate secrets regularly?
+
Client secrets should be rotated periodically.
Rp-initiated logout?
+
Client logs the user out at IdP.
Rpo and rto?
+
RPO (Recovery Point Objective): max data loss allowed, RTO (Recovery Time
Objective): max downtime allowed during recovery
Saml 2.0?
+
A standard for exchanging authentication and authorization data using
XML-based
security assertions.
Saml attribute query?
+
SP querying user attributes via SOAP.
Saml authentication flow?
+
SP sends AuthnRequest → IdP authenticates → IdP sends assertion → SP
validates →
user logged in.
Saml binding?
+
Defines how SAML messages are transported over HTTP.
Saml federation?
+
Allows authentication across organizations.
Saml federation?
+
Establishes trust using SAML metadata.
Saml flow is more secure?
+
SP-initiated SSO due to request ID matching.
Saml in sso?
+
XML-based single sign-on protocol used in enterprises.
Saml is not good for mobile?
+
XML processing is heavy and not designed for mobile flows.
Saml logoutrequest?
+
Request to initiate logout across IdP and SP.
Saml metadata?
+
XML document describing IdP and SP configuration.
Saml profile?
+
Defines use cases like Web SSO, SLO, IdP proxying.
Saml response?
+
XML message containing the SAML assertion.
Saml response?
+
IdP's message containing user identity.
Saml single logout (slo)?
+
Logout from one system logs the user out of all SAML-connected systems.
Saml still used?
+
Strong enterprise adoption and compatibility with legacy systems.
Saml strength?
+
Federated SSO, enterprise security.
Saml weakness?
+
Complexity, XML overhead, slower than OIDC.
Saml?
+
Security Assertion Markup Language (SAML) is an XML-based standard for
exchanging
authentication and authorization data between an identity provider and
service
provider.
Scim provisioning in okta?
+
Automatic user account creation/deletion in apps.
Scim provisioning?
+
Automatic provisioning of users to cloud apps.
Scim?
+
Protocol for automated user provisioning.
Scim?
+
Automated user provisioning for SSO apps.
Scope restriction?
+
Limit token permissions to least privilege.
Scope?
+
Defines the level of access requested by the client.
Seamless sso?
+
Automatically signs in users on corporate devices.
Secrets management?
+
Securely stores and manages API keys, passwords, and certificates used by
cloud apps
and containers.
Security automation with devsecops?
+
Integrating security in CI/CD pipelines to automate scanning, testing, and
policy
enforcement during development.
Security context?
+
Session stored after validating assertion.
Security group vs network acl?
+
Security group is stateful; network ACL is stateless and applies at subnet
level.
Security group?
+
Security Groups act as virtual firewalls in cloud environments to control
inbound
and outbound traffic for VMs and containers.
Security groups in cloud?
+
Security groups act as virtual firewalls controlling inbound and outbound
traffic to
cloud resources.
Security information and event management (siem)?
+
SIEM collects analyzes and reports on security events across cloud
environments.
Security information and event management (siem)?
+
SIEM collects and analyzes logs in real-time to detect, alert, and respond
to
security threats.
Separate auth and resource servers?
+
Improves security and scales better.
Serverless security?
+
Serverless security addresses vulnerabilities in functions-as-a-service
(FaaS) and
managed backend services.
Serverless security?
+
Securing FaaS (Functions as a Service) involves identity policies, least
privilege
access, and monitoring event triggers.
Service provider (sp)?
+
SP is the application that relies on IdP for authentication and trusts the
IdP’s
tokens or assertions.
Service provider (sp)?
+
Relies on IdP for authentication.
Service provider (sp)?
+
An application that consumes SAML assertions and grants access.
Session endpoint?
+
Endpoint for session management.
Session federation?
+
Sharing session state across domains.
Session hijacking?
+
Stealing a valid session to impersonate a user.
Session in sso?
+
Stored authentication state allowing continuous access.
Session token vs id token?
+
Session = internal system token; ID token = external identity token.
Session_state?
+
Identifier for user session at IdP.
Shared responsibility model in aws?
+
AWS secures the cloud infrastructure; customers secure their data
applications and
configurations.
Shared responsibility model in azure?
+
Azure secures physical data centers; customers manage applications data and
identity.
Shared responsibility model in gcp?
+
GCP secures the infrastructure; customers secure workloads data and user
access.
Shared responsibility model?
+
It defines which security responsibilities belong to the cloud provider and
which to
the customer.
Should assertions be encrypted?
+
Yes, especially for sensitive data.
Should tokens be short-lived?
+
Reduces impact of compromise.
Signature validation?
+
Checks if signed by trusted IdP.
Signature verification fails?
+
Wrong certificate or XML manipulation.
Silent authentication?
+
Refreshes tokens without user interaction.
Single federation?
+
Using one IdP across multiple apps.
Single logout?
+
Logout from one app logs out from all federated apps.
Single sign-on (sso)?
+
SSO enables users to log in once and access multiple cloud applications
without
re-authentication.
Sla in cloud?
+
Service Level Agreement defines uptime guarantees, availability, and
performance
metrics with providers.
Slo is more reliable?
+
Back-channel — avoids browser failures.
Slo may fail?
+
SPs may ignore logout request or session mismatch.
Slo unreliable?
+
Different SP implementations and browser constraints.
Slo?
+
Single Logout — logs user out from all apps.
Slo?
+
Single Logout across all federated apps.
Sni support in adfs?
+
Allows multiple SSL certs on same host.
Soap binding?
+
Used for back-channel communication like logout.
Sp adapter?
+
Adapter to authenticate SP requests.
Sp federation?
+
One SP trusts multiple IdPs.
Sp in sso?
+
Service Provider — application consuming the identity.
Sp metadata url?
+
URL where IdP fetches SP metadata.
Sp?
+
Application that uses IdP authentication.
Sp-initiated sso?
+
Login initiated from Service Provider.
Sp-initiated sso?
+
User starts login at the Service Provider.
Ssl/tls in cloud?
+
SSL/TLS encrypts data in transit, ensuring secure communication between
clients and
cloud services.
Sso connector?
+
Pre-integrated SSO configuration for apps.
Sso improves identity governance?
+
Yes, ensures consistent user lifecycle management.
Sso in saml?
+
Single Sign-On enabling users to access multiple apps with one login.
Sso needed?
+
It improves user experience and security by eliminating repeated logins.
Sso provider?
+
A platform offering authentication and federation services.
Sso setup complex?
+
Requires certificates, metadata, mappings, and trust configuration.
Sso url?
+
Identity Provider endpoint that handles authentication requests.
Sso with adfs?
+
Supports SAML and WS-Fed for on-prem identity.
Sso with azure ad?
+
Uses SAML, OIDC, OAuth, and Conditional Access.
Sso with okta?
+
Supports SAML, OIDC, SCIM, and rich policy controls.
Sso with pingfederate?
+
Enterprise SSO with SAML, OAuth, and adaptive auth.
Sso?
+
SSO allows users to log in once and access multiple applications without
re-entering
credentials. It improves UX and security.
Sso?
+
Single sign-on allowing one login for multiple apps.
Sso?
+
Single Sign-On enabling access to multiple apps after one login.
Sso?
+
Single Sign-On allows a user to log in once and access multiple systems
without
logging in again.
State parameter?
+
Protects against CSRF attacks.
State parameter?
+
Protects against CSRF attacks.
Step-up authentication?
+
Requesting stronger authentication mid-session.
Sts?
+
Security Token Service issuing tokens.
Sub' claim?
+
Subject — unique identifier of the user.
Subjectconfirmationdata?
+
Contains conditions like recipient and expiration.
Surface controllers?
+
Surface controllers handle form submissions and page interactions in MVC
views for
Umbraco sites.
Tenant in azure ad?
+
A dedicated Azure AD instance for an organization.
Test slo compatibility?
+
Different SPs/IdPs implement SLO inconsistently.
Tls required for oidc?
+
Prevents token interception.
To check adfs logs?
+
Use Event Viewer under ADFS Admin logs.
To export metadata?
+
Access /FederationMetadata/2007-06/FederationMetadata.xml.
To extend umbraco functionality?
+
Use custom controllers, property editors, surface controllers, or packages.
To handle jwt expiration?
+
Use short-lived access tokens and refresh tokens to renew them without
re-authentication.
To implement role-based authorization with jwt?
+
Include roles in JWT claims and validate in the application to allow/deny
access to
resources.
To implement sso with umbraco?
+
Integrate with SAML/OIDC provider; configure Umbraco to trust the IdP,
enabling
centralized authentication.
To integrate oauth with umbraco?
+
Use OAuth packages or middleware to enable login with third-party providers.
Tokens
are verified in the Umbraco back-office.
To integrate oauth/jwt in angular or react with
umbraco
backend?
+
Frontend requests token via OAuth flow; backend validates JWT before serving
content
or API data.
To prevent replay attacks?
+
Use PoP tokens or nonce/PKCE mechanisms.
To prevent replay attacks?
+
Use timestamps, one-time use, and session validation.
To prevent replay attacks?
+
Use timestamps, nonce, and audience restrictions.
To prevent session hijacking?
+
Use secure cookies, TLS, and short sessions.
To prevent token hijacking?
+
Use HTTPS, short-lived tokens, PKCE, and secure storage.
To refresh jwt tokens?
+
Use refresh tokens to request a new access token without re-authentication.
Implement server-side validation for security.
To revoke jwt tokens?
+
Maintain a blacklist or short-lived tokens; revoke by invalidating refresh
tokens.
To secure microservices with jwt?
+
Each microservice validates the token signature, expiry, and claims,
ensuring
stateless and secure access.
To secure umbraco back-office?
+
Enable HTTPS, enforce strong passwords, MFA, and assign roles/permissions to
users.
To store access tokens?
+
Secure storage: keychain, secure enclave, or encrypted storage.
To update token-signing certificates?
+
Auto-rollover or manual certificate update.
Token accesses apis?
+
Access Token.
Token binding?
+
Binding tokens to TLS keys; prevents misuse.
Token binding?
+
Binds tokens to client to prevent misuse.
Token chaining?
+
Passing tokens between multiple services.
Token decryption certificate?
+
Certificate used to decrypt incoming tokens.
Token encryption?
+
Encrypts token contents for confidentiality.
Token endpoint?
+
Used to exchange authorization code for tokens.
Token exchange?
+
Exchange one token for another with different scopes.
Token exchange?
+
Exchanging one token for another under OIDC/OAuth2.
Token expiration?
+
Tokens expire after a predefined time to limit misuse.
Token expiration?
+
Tokens become invalid after time limit.
Token formats does okta issue?
+
JWT-based ID, access, refresh tokens.
Token hashing?
+
Hashing codes or values to prevent leakage.
Token hashing?
+
Hash embedded in ID Token to confirm token integrity.
Token hijacking?
+
Stealing tokens to impersonate users.
Token introspection?
+
Endpoint to check token validity.
Token introspection?
+
Checks validity of OAuth access tokens.
Token introspection?
+
Endpoint used to validate opaque tokens.
Token lifetime policy?
+
Rules controlling validity of issued tokens.
Token proves authentication?
+
ID Token.
Token renewal?
+
Extending session without login.
Token replay attack?
+
Attacker reuses a captured token to gain access.
Token replay attack?
+
Reusing a stolen assertion to impersonate a user.
Token revocation?
+
Invalidating a token before it expires.
Token revocation?
+
Endpoint to revoke refresh or access tokens.
Token scope?
+
Permissions embedded in the token.
Token signing certificate?
+
Certificate used to sign SAML assertions.
Token signing key?
+
Key used to sign JWT tokens.
Token signing?
+
Cryptographically signing tokens to prevent tampering.
Token types adfs issues?
+
SAML tokens, JWT tokens in OAuth/OIDC.
Token types does azure ad issue?
+
Access token, ID token, Refresh token.
Tokenization?
+
Tokenization replaces sensitive data with unique identifiers (tokens) to
reduce
exposure.
Transient nameid?
+
Short-lived identifier used once per session.
Transport does saml commonly use?
+
HTTP Redirect, HTTP POST, HTTP Artifact.
Trust establishment?
+
Exchange of metadata and certificates.
Types of grants
+
Authorization Code, Client Credentials, Password Credentials, Refresh Token,
and
Implicit (deprecated).
Types of groups exist?
+
Directory groups, imported groups, application groups.
Types of oidc clients?
+
Public and confidential clients.
Types of pingfederate connections?
+
SP connections, IdP connections.
Types of saml assertions?
+
Authentication, Authorization Decision, Attribute.
Types of slo?
+
Front-channel and back-channel.
Types of sso does azure ad support?
+
SAML, OIDC, OAuth, Password-based SSO.
Types of sso does okta support?
+
SAML, OIDC, password vaulting.
Umbraco content service?
+
Content Service API allows CRUD operations on content nodes
programmatically.
Unsolicited response?
+
IdP-initiated response not tied to AuthnRequest.
Url of oidc discovery?
+
/.well-known/openid-configuration.
Use artifact binding?
+
More secure, avoids sending assertion through browser.
Use https always?
+
Yes, required for OAuth to avoid token leakage.
Use https everywhere?
+
Required for secure SAML transmission.
Use https in sso?
+
Protects token transport.
Use ip restrictions?
+
Adds another protection layer.
Use long-lived refresh tokens?
+
Only with rotation and revocation.
Use oidc over saml?
+
For mobile, SPAs, APIs, and modern cloud systems.
Use pkce for public clients?
+
Always.
Use rate limiting?
+
Avoid abuse of authorization endpoints.
Use refresh token rotation?
+
Prevents stolen refresh tokens from being reused.
Use saml over oidc?
+
For enterprise SSO with legacy systems.
Use secure token storage?
+
Use OS-protected key stores.
Use short assertion lifetimes?
+
Mitigates replay risk.
Use short-lived access tokens?
+
Recommended for security and performance.
Use transient nameid?
+
Enhances privacy by avoiding long-term IDs.
Userinfo endpoint?
+
Returns user profile attributes.
Userinfo signature?
+
Signed UserInfo responses for extra security.
Validate audience restrictions?
+
Ensures assertion is meant for the SP.
Validate audience?
+
Ensures token is intended for the client.
Validate expiration?
+
Prevents using expired tokens.
Validate issuer and audience?
+
Must be validated on every API call.
Validate issuer?
+
Ensures token is from trusted identity provider.
Validate redirect uris?
+
Required to prevent redirects to malicious sites.
Validate timestamps?
+
Prevents replay attacks.
Virtual private cloud (vpc)?
+
VPC is an isolated cloud network with controlled access to resources.
Virtual private cloud (vpc)?
+
A VPC isolates cloud resources in a private network, controlling routing,
subnets,
and security policies.
Wap pre-authentication?
+
Validates user before forwarding to backend server.
X.509 certificate used for in saml?
+
To sign and encrypt assertions.
Xml encryption?
+
Encrypts assertion contents for confidentiality.
Xml signature?
+
Cryptographic signing of SAML assertions.
You configure claim rules?
+
Using rule templates or custom claims transformation.
You configure sp-initiated sso?
+
Enable SAML integration with proper ACS and Entity ID.
You deploy pingfederate?
+
On-prem VM, container, or cloud VM.
Zero downtime deployment?
+
Deploying updates without interrupting service by blue-green or rolling
deployment
strategies.
Zero trust security?
+
Zero trust assumes no implicit trust; all users and devices must be verified
before
accessing resources.
Zero-trust security?
+
Zero-trust assumes no implicit trust. Every request must be verified
regardless of
origin or location.
redirect uris be exact?
+
To prevent open redirect vulnerabilities.
Aaud' claim?
+
Audience — the application that token is meant for.
Access review?
+
Feature to periodically validate user access.
Access token lifetime?
+
Time before token expires, usually minutes.
Access token lifetime?
+
Default 60–90 minutes depending on policies.
Access token manager?
+
Component controlling token storage/expiry.
Access token?
+
A credential used to access protected resources.
Access token?
+
Grants access to APIs.
Access token?
+
A token used to access APIs.
Acr'?
+
Authentication Context Class Reference — indicates authentication strength.
Acs url?
+
Assertion Consumer Service URL for SP to receive SAML assertions.
Acs url?
+
Endpoint where SP receives SAML responses.
Active-active vs active-passive ha?
+
Active-Active: all nodes serve traffic simultaneously., Active-Passive: one
node is
primary, another is standby for failover.
Adaptive authentication?
+
Dynamic authentication based on risk.
Adaptive sso?
+
Applies dynamic authentication conditions.
Address' scope?
+
Access to user address attributes.
Adfs application group?
+
Collection of OAuth/OIDC clients.
Adfs farm?
+
Cluster of servers providing redundancy.
Adfs federation metadata?
+
XML describing ADFS endpoints and certificates.
Adfs proxy?
+
Enables external access to internal ADFS.
Adfs web application proxy?
+
Proxy enabling external access to ADFS.
Adfs?
+
Active Directory Federation Services implementing SAML.
Adfs?
+
Active Directory Federation Services: on-prem identity provider.
Advantages
+
Supports SSO, secure token-based access, scoped permissions, mobile/server
support,
and third-party integrations.
Algorithms does oidc use?
+
RS256, ES256, HS256.
Always sign assertions?
+
Yes, signing is mandatory for security.
Amr'?
+
Authentication Methods Reference — methods used for authentication.
Api security in cloud?
+
API security protects cloud APIs from misuse attacks and unauthorized
access.
App registration?
+
Configuration representing an application identity.
App role assignment?
+
Assign roles to users or groups for an app.
Apps must use pkce?
+
Mobile, SPAs, and any public clients.
Artifact resolution service?
+
Endpoint used to exchange artifact for assertion.
Assertion consumer service?
+
Endpoint where SP receives SAML responses.
Assertion in saml?
+
A package of security information issued by an Identity Provider.
Assertion signing?
+
Proof that assertion came from trusted IdP.
Attribute mapping in ping?
+
Mapping LDAP or internal attributes to SAML assertions.
Attribute mapping?
+
Mapping SAML attributes to SP identity fields.
Attribute mapping?
+
Mapping Okta attributes to app attributes.
Attribute mapping?
+
Mapping user attributes from IdP to SP.
Attribute release policy?
+
Rules governing which user data IdP sends.
Attributes secured?
+
By signing and optional encryption.
Attributestatement?
+
Part of assertion containing user attributes.
Audience claim?
+
Identifies the resource the token is valid for.
Audience mismatch'?
+
Assertion issued for wrong SP.
Audience restriction?
+
Ensures assertion is used only by intended SP.
Audience restriction?
+
Ensures tokens are used by intended SP.
Auth_time' claim?
+
Time the user was last authenticated.
Authentication api?
+
REST API enabling custom authentication UI.
Authentication methods does adfs support?
+
Windows auth, forms auth, certificate auth.
Authnrequest?
+
Authentication request from SP to IdP.
Authnrequest?
+
A request from SP to IdP to authenticate the user.
Authorization code flow secure?
+
Tokens issued directly to backend server, not exposed to browser.
Authorization code flow?
+
OAuth 2.0 flow for server-side apps; client exchanges an authorization code
for an
access token securely.
Authorization code flow?
+
A secure flow for server-side apps exchanging code for tokens.
Authorization code flow?
+
Exchanges code for tokens securely via backend.
Authorization code flow?
+
Most secure flow using server-side token exchange.
Authorization code grant
+
Used for web apps; user logs in, backend exchanges authorization code for
access
token securely.
Authorization endpoint?
+
Used to authenticate the user.
Authorization grant?
+
Credential representing user consent.
Authorization server responsibility?
+
Issue tokens, validate clients, manage scopes and consent.
Authorization server?
+
The server issuing access tokens and managing consent.
Auto healing in kubernetes?
+
Automatically restarts failed containers or reschedules pods to healthy
nodes to
ensure continuous availability.
Avoid idp-initiated sso?
+
SP-initiated is more secure.
Avoid implicit flow?
+
Yes, deprecated for security reasons.
Azure ad b2b?
+
Allows external identities to collaborate securely.
Azure ad b2c?
+
Identity platform for customer applications.
Azure ad connect?
+
Sync tool connecting on-prem AD with Azure AD.
Azure ad mfa?
+
Multi-factor authentication service to enhance security.
Azure ad saml?
+
Azure Active Directory supporting SAML-based SSO.
Azure ad vs adfs?
+
Azure AD = cloud; ADFS = on-prem federation.
Azure ad vs okta?
+
Azure AD is Microsoft cloud identity; Okta is independent IAM leader.
Azure ad vs pingfederate?
+
Azure AD = cloud-first; PingFederate = enterprise federation with granular
control.
Azure ad?
+
A cloud-based identity and access management service by Microsoft.
Back-channel logout?
+
Logout using server-to-server messages.
Back-channel logout?
+
Server-to-server logout notifications.
Back-channel slo?
+
Uses server-to-server calls for logout.
Backup strategy for cloud?
+
Regular snapshots, versioned backups, geo-replication, and automated
schedules
ensure data recovery.
Bearer token?
+
A bearer token is a type of access token that allows access to resources
when
presented. No additional verification is required besides the token itself.
Bearer token?
+
Token that grants access without additional proof.
Best practices for jwt?
+
Use HTTPS, short-lived tokens, refresh tokens, sign tokens, and avoid
storing
sensitive data in payload.
Best practices for oauth/jwt in production?
+
Use HTTPS, short-lived tokens, refresh tokens, secure storage, signature
verification, and proper logging/auditing.
Biggest benefit of sso?
+
User convenience and reduced login friction.
Biometric sso?
+
SSO authenticated via biometrics like fingerprint or face.
Can cookies break sso?
+
Yes, blocked cookies prevent session persistence.
Can jwt be revoked?
+
JWTs are stateless, so they cannot be revoked by default. Implement token
blacklisting or short expiration for control.
Can metadata expire?
+
Yes, metadata can have expiration to enforce updates.
Can pingfederate encrypt assertions?
+
Yes, full support for SAML encryption.
Can refresh tokens be revoked?
+
Yes, through revocation endpoints.
Can scopes control mfa?
+
Yes, using acr/amr claims.
Can sso reduce password reuse?
+
Yes, only one password is needed.
Can sso reduce phishing?
+
Yes, users rarely enter passwords.
Can umbraco support jwt authentication?
+
Yes, JWT middleware can secure API endpoints and allow stateless
authentication for
custom Umbraco APIs.
Cannot oauth2 replace saml?
+
OAuth2 does not authenticate users; needs OIDC.
Certificate rollover?
+
Updating certificates without service disruption.
Certificate rollover?
+
Rotation of signing certificates to maintain security.
Check_session_iframe?
+
Used to track session changes via iframe polling.
Claim in jwt?
+
Claims are pieces of information asserted about a subject (user) in the
token, e.g.,
sub, exp, role.
Claims provider trust?
+
Identity providers trusted by ADFS.
Client credentials flow?
+
Used for server-to-server authentication without user.
Client credentials flow?
+
Server-to-server authentication, not user login.
Client credentials grant
+
Used for machine-to-machine authentication without user involvement.
Client in oauth 2.0?
+
The application requesting access to a resource.
Client in oidc?
+
Application requesting tokens from IdP.
Client secret?
+
Confidential credential used by backend clients.
Client secret?
+
Credential used for confidential OAuth clients.
Client_id?
+
Unique identifier for the client.
Client_secret?
+
Secret only known to confidential clients.
Cloud access control?
+
Access control manages who can access cloud resources and what operations
they can
perform.
Cloud access key best practices?
+
Rotate keys use IAM roles avoid hardcoding keys and monitor usage.
Cloud access security broker (casb)?
+
CASB is a security solution placed between cloud users and services to
enforce
security policies.
Cloud access security broker (casb)?
+
CASB acts as a policy enforcement point between users and cloud services to
monitor
and protect sensitive data.
Cloud audit logging?
+
Audit logging records user activity configuration changes and security
events in
cloud platforms.
Cloud audit trail?
+
Audit trail logs record all user actions and system changes for
accountability and
compliance.
Cloud breach detection?
+
Breach detection identifies unauthorized access or compromise of cloud
resources.
Cloud compliance auditing?
+
Compliance auditing verifies cloud configurations and operations meet
regulatory
requirements.
Cloud compliance frameworks?
+
Frameworks include ISO 27001 SOC 2 HIPAA PCI DSS and GDPR.
Cloud compliance standards?
+
Standards like ISO 27001, SOC 2, GDPR, HIPAA ensure cloud providers meet
regulatory
security requirements.
Cloud data backup?
+
Data backup creates copies of cloud data to restore in case of loss or
corruption.
Cloud data classification?
+
Data classification categorizes cloud data by sensitivity to apply proper
security
controls.
Cloud data residency?
+
Data residency ensures cloud data is stored in specified geographic
locations to
comply with regulations.
Cloud ddos mitigation best practices?
+
Use distributed protection traffic filtering auto-scaling and monitoring.
Cloud disaster recovery?
+
Disaster recovery ensures cloud workloads can recover quickly from failures
or
attacks.
Cloud encryption best practices?
+
Use strong algorithms rotate keys encrypt in transit and at rest and protect
key
management.
Cloud encryption in transit and at rest?
+
In-transit encryption protects data during network transfer. At-rest
encryption
protects stored data on disk or database.
Cloud encryption key rotation?
+
Key rotation periodically updates encryption keys to reduce the risk of
compromise.
Cloud endpoint security best practices?
+
Install agents enforce policies monitor behavior and isolate compromised
endpoints.
Cloud endpoint security?
+
Endpoint security protects devices that access cloud resources from malware
breaches
or unauthorized access.
Cloud firewall best practices?
+
Use least privilege segment networks update rules regularly and log traffic.
Cloud firewall?
+
Cloud firewall is a network security service to filter and monitor traffic
to cloud
resources.
Cloud forensic investigation?
+
Cloud forensics investigates breaches or attacks to identify root causes and
affected assets.
Cloud identity federation vs sso?
+
Federation allows using external identities; SSO allows single
authentication across
multiple apps.
Cloud identity federation?
+
Allows users to access multiple cloud services using single identity,
enabling SSO
across providers.
Cloud identity management?
+
Cloud identity management handles user authentication authorization and
lifecycle in
cloud services.
Cloud incident management?
+
Incident management handles security events to minimize impact and prevent
recurrence.
Cloud incident response plan?
+
Plan outlines procedures roles and tools for responding to cloud security
incidents.
Cloud incident response?
+
Incident response is the process of detecting analyzing and mitigating
security
incidents in the cloud.
Cloud key management?
+
Cloud key management creates stores rotates and controls access to
cryptographic
keys.
Cloud key rotation policy?
+
Policy defines frequency and procedure for rotating encryption keys.
Cloud logging and monitoring?
+
Collects audit logs, metrics, and events to detect anomalies, unauthorized
access,
and security breaches.
Cloud logging best practices?
+
Centralize logs enable retention monitor for anomalies and secure log
storage.
Cloud logging retention policy?
+
Defines how long logs are stored and ensures they are archived securely for
compliance.
Cloud logging?
+
Cloud logging records user activity system events and access for auditing
and
monitoring.
Cloud malware protection?
+
Malware protection detects and removes malicious software from cloud
workloads and
endpoints.
Cloud misconfiguration?
+
Misconfiguration occurs when cloud resources are improperly configured
creating
security risks.
Cloud monitoring best practices?
+
Monitor critical assets configure alerts and integrate with SIEM and
incident
response.
Cloud monitoring?
+
Cloud monitoring tracks resource usage performance and security threats in
real
time.
Cloud monitoring?
+
Monitoring tools track performance, security events, and availability,
helping
identify issues proactively.
Cloud multi-factor authentication best practices?
+
Enable MFA for all users use strong methods like TOTP or hardware tokens.
Cloud native ha design?
+
Using redundancy, distributed systems, microservices, and auto-scaling to
achieve
high availability.
Cloud native security?
+
Security designed specifically for cloud services and microservices,
including
containers, Kubernetes, and serverless workloads.
Cloud network monitoring?
+
Network monitoring observes traffic flows detects anomalies and enforces
segmentation.
Cloud network segmentation?
+
Network segmentation isolates cloud workloads to reduce attack surfaces.
Cloud patch management?
+
Patch management updates cloud systems and applications to fix
vulnerabilities.
Cloud patch management?
+
Automated application of security patches to OS, software, and applications
running
in the cloud.
Cloud penetration testing policy?
+
Policy defines rules and approvals required before conducting penetration
tests on
cloud services.
Cloud penetration testing tools?
+
Tools include Kali Linux Metasploit Nmap Burp Suite and cloud
provider-native tools.
Cloud penetration testing?
+
Penetration testing simulates attacks on cloud systems to identify
vulnerabilities.
Cloud penetration testing?
+
Ethical testing to identify vulnerabilities and misconfigurations in cloud
infrastructure.
Cloud role-based access control (rbac)?
+
RBAC assigns permissions based on user roles to enforce least privilege.
Cloud secrets management?
+
Secrets management stores and controls access to sensitive information like
API keys
and passwords.
Cloud secure devops?
+
Secure DevOps integrates security into DevOps processes and CI/CD pipelines.
Cloud secure gateway?
+
Secure gateway controls and monitors access between users and cloud
applications.
Cloud security assessment?
+
Assessment evaluates cloud infrastructure configurations and practices
against
security standards.
Cloud security auditing?
+
Auditing evaluates cloud resources and policies to ensure security and
compliance.
Cloud security automation tools?
+
Tools include AWS Config Azure Security Center GCP Security Command Center
and
Terraform with security checks.
Cloud security automation?
+
Automation uses scripts or tools to enforce security policies and remediate
threats
automatically.
Cloud security automation?
+
Automates security checks, patching, and policy enforcement to reduce human
error
and improve speed.
Cloud security baseline?
+
Security baseline defines standard configurations and controls for cloud
environments.
Cloud security best practices?
+
Enforce IAM encryption monitoring logging patching least privilege and
incident
response.
Cloud security group best practices?
+
Use least privilege separate environments restrict inbound/outbound rules
and
monitor traffic.
Cloud security incident types?
+
Types include data breach misconfiguration account compromise malware
infection and
insider threats.
Cloud security monitoring tools?
+
Tools include AWS GuardDuty Azure Defender GCP Security Command Center and
third-party SIEM.
Cloud security orchestration?
+
Security orchestration automates workflows threat response and remediation
across
cloud systems.
Cloud security policy?
+
Policy defines rules standards and practices to protect cloud resources.
Cloud security posture management (cspm)?
+
CSPM continuously monitors cloud environments to detect misconfigurations
and
compliance risks.
Cloud security posture management (cspm)?
+
CSPM tools continuously monitor misconfigurations, vulnerabilities, and
compliance
risks in cloud environments.
Cloud security?
+
Cloud security is the set of policies technologies and controls designed to
protect
data applications and infrastructure in cloud environments.
Cloud security?
+
Cloud security involves policies, controls, procedures, and technologies
that
protect data, applications, and services in the cloud. It ensures
confidentiality,
integrity, and availability (CIA) of cloud resources.
Cloud siem?
+
Cloud SIEM centralizes log collection analysis alerting and reporting for
security
events.
Cloud threat detection?
+
Threat detection identifies malicious activity or anomalies in cloud
environments.
Cloud threat intelligence?
+
Threat intelligence provides data on current security threats and
vulnerabilities to
enhance cloud defenses.
Cloud threat modeling?
+
Threat modeling identifies potential threats and vulnerabilities in cloud
systems
and designs mitigation strategies.
Cloud threat modeling?
+
Identifying potential threats, vulnerabilities, and mitigation strategies
for cloud
architectures.
Cloud vpn?
+
Cloud VPN securely connects on-premises networks to cloud resources over
encrypted
tunnels.
Cloud vulnerability assessment?
+
It identifies security weaknesses in cloud infrastructure applications and
configurations.
Cloud vulnerability management?
+
Vulnerability management identifies prioritizes and remediates security
weaknesses.
Cloud vulnerability scanning?
+
Scanning detects security flaws in cloud infrastructure applications and
containers.
Cloud workload isolation?
+
Workload isolation separates applications or tenants to prevent lateral
movement of
threats.
Cloud workload protection platform (cwpp)?
+
CWPP provides security for workloads running across cloud VMs containers and
serverless environments.
Cloud-native security?
+
Cloud-native security integrates security controls directly into cloud
applications
and infrastructure.
Common saml attributes?
+
email, firstName, lastName, employeeID.
Compliance in cloud security?
+
Compliance ensures cloud deployments adhere to regulatory standards like
GDPR HIPAA
or PCI DSS.
Compliance monitoring in cloud?
+
Continuous auditing to ensure resources follow regulatory and internal
security
standards.
Conditional access?
+
Policies restricting token issuance based on conditions.
Conditional access?
+
Policy engine controlling access based on conditions.
Confidential client?
+
Client that securely stores secrets (backend server).
Configuration management in cloud security?
+
Configuration management ensures cloud resources are deployed securely and
consistently.
Consent screen?
+
UI shown to user listing requested permissions.
Container security?
+
Container security protects containerized applications and their
orchestration
platforms like Docker and Kubernetes.
Container security?
+
Securing containerized applications using image scanning, runtime
protection, and
least privilege.
Continuous compliance?
+
Automated monitoring of cloud resources to maintain compliance with
regulations like
HIPAA or GDPR.
Cookies relate to sso?
+
SSO often uses session cookies to maintain authenticated sessions across
multiple
apps or domains.
Credential stuffing protection?
+
OIDC frameworks block repeated unsuccessful logins.
Cross-domain sso?
+
SSO across different organizations.
Csrf state parameter?
+
Used to protect against CSRF attacks during authentication.
Custom scopes?
+
App-defined permissions for additional claims.
Data loss prevention (dlp)?
+
DLP prevents unauthorized access sharing or leakage of sensitive cloud data.
Data masking?
+
Hides sensitive data in non-production environments to protect privacy while
allowing application testing.
Ddos protection in cloud?
+
Defends cloud services against Distributed Denial of Service attacks using
mitigation, traffic filtering, and scaling.
Decentralized identity?
+
User-controlled identity using blockchain-based models.
Delegation?
+
Acting on behalf of a user with limited privileges.
Destination mismatch'?
+
Assertion sent to wrong ACS URL.
Device code flow?
+
Used by devices with no browser or limited input.
Device code flow?
+
Authentication for devices without browsers.
Diffbet access token and refresh token?
+
Access tokens are short-lived tokens for resource access. Refresh tokens are
long-lived and used to obtain new access tokens without re-authentication.
Diffbet app registration and enterprise application?
+
App Registration = app identity; Enterprise App = SSO configuration
instance.
Diffbet auth code and auth code + pkce?
+
PKCE adds code verifier & challenge for extra security.
Diffbet authentication and authorization?
+
Authentication verifies identity; authorization defines what resources an
authenticated user can access.
Diffbet authentication and authorization?
+
Authentication verifies identity; authorization verifies permissions.
Diffbet availability zone and region?
+
A Region is a geographical location. An Availability Zone (AZ) is an
isolated data
center within a region providing HA.
Diffbet dr and ha?
+
HA focuses on real-time availability and minimal downtime. DR is about
recovering
after a major failure or disaster, which may involve longer restoration
times.
Diffbet icontentservice and ipublishedcontent?
+
IContentService is used for editing/staging content. IPublishedContent is
for
reading published content efficiently.
Diffbet id_token and access_token?
+
ID token is for authentication; access token is for authorization.
Diffbet oauth 1.0 and 2.0?
+
OAuth 1.0 requires cryptographic signing; OAuth 2.0 uses bearer tokens,
simpler
flow, and supports multiple grant types like Authorization Code and Client
Credentials.
Diffbet oauth and openid connect?
+
OAuth is for authorization; OIDC is an authentication layer on top of OAuth
providing user identity.
Diffbet oauth scopes and claims?
+
Scopes define the permissions requested; claims define attributes about the
user or
session.
Diffbet par and jar?
+
PAR = push request; JAR = sign request.
Diffbet published content and draft content?
+
Draft content is editable but not visible to the public; published content
is live
on the website.
Diffbet saml and jwt?
+
SAML uses XML for identity assertions; JWT uses JSON. JWT is lighter and
easier for
APIs, while SAML is enterprise-oriented.
Diffbet saml and jwt?
+
SAML = XML assertions; JWT = JSON tokens.
Diffbet saml and oauth?
+
SAML is for SSO using XML; OAuth is authorization using JSON/REST.
Diffbet saml and oidc?
+
SAML uses XML and is enterprise-focused; OIDC uses JSON and supports modern
apps.
Diffbet sso and mfa?
+
SSO = one login across apps; MFA = additional security factors during login.
Diffbet sso and oauth?
+
SSO is mainly for authentication across apps. OAuth is for delegated
authorization
without sharing credentials.
Diffbet sso and password sync?
+
SSO shares authentication state; password sync copies passwords across
systems.
Diffbet sso and slo?
+
SSO = login across apps; SLO = logout across apps.
Diffbet stateless and stateful authentication?
+
JWT enables stateless authentication—server does not store session info.
Traditional
sessions are stateful, stored on the server.
Diffbet symmetric and asymmetric encryption?
+
Symmetric uses same key for encryption and decryption. Asymmetric uses
public/private key pairs. Asymmetric is used in secure key exchange.
Diffbet umbraco api controllers and mvc controllers?
+
API controllers return JSON or XML data for apps; MVC controllers render
views/templates.
Discovery document?
+
Well-known configuration endpoint for OIDC.
Discovery important?
+
Allows dynamic configuration of OIDC clients.
Distributed denial-of-service (ddos) protection?
+
DDoS protection mitigates attacks that overwhelm cloud services with
traffic.
Do access tokens depend on scopes?
+
Yes, scopes define API permissions.
Do all protocols support slo?
+
Yes, but implementations vary.
Do all sps support sso?
+
Not always — legacy apps may need custom connectors.
Do browsers impact sso?
+
Yes, privacy modes may block redirects/cookies.
Do not log tokens?
+
Never log access or refresh tokens.
Does adfs support mfa?
+
Yes, with built-in and external providers.
Does adfs support oauth2?
+
Yes, since ADFS 3.0.
Does adfs support saml sso?
+
Yes, as IdP and SP.
Does azure ad support saml?
+
Yes, SAML 2.0 with IdP-initiated and SP-initiated flows.
Does id token depend on scopes?
+
Yes, claims in ID Token depend on scopes.
Does jwt work?
+
Server generates JWT after authentication. Client stores it (usually in
local
storage). Subsequent requests include the token in the Authorization header
for
stateless authentication.
Does oidc support single logout?
+
Yes, through RP-Initiated and Front/Back-channel logout.
Does oidc support sso?
+
Yes, OIDC provides Single Sign-On functionality.
Does okta expose jwks?
+
/oauth2/v1/keys endpoint.
Does okta support password sync?
+
Yes, via provisioning connectors.
Does pingfederate issue jwt tokens?
+
Yes, for access and id tokens.
Does pingfederate support mfa?
+
Yes, via PingID or third-party integrations.
Does pingfederate support pkce?
+
Yes, for public clients.
Does pingfederate support saml sso?
+
Yes, both IdP and SP roles.
Does saml ensure security?
+
Uses XML signatures, encryption, certificates, and timestamps.
Does saml metadata contain?
+
Certificates, endpoints, SSO URLs, entity IDs.
Does saml stand for?
+
Security Assertion Markup Language.
Does saml use tokens?
+
Yes, SAML assertions are XML-based tokens.
Does silent logout mean?
+
Logout without redirecting the user.
Does slo fail?
+
Different implementations or expired sessions.
Does sso break?
+
Wrong certificates, clock skew, misconfigured endpoints.
Does sso enhance security?
+
Reduces password fatigue, centralizes authentication policies, enables MFA,
and
minimizes login-related vulnerabilities.
Does sso help in compliance?
+
Yes, supports SOC2, HIPAA, GDPR requirements.
Does sso improve auditability?
+
Centralized login logs.
Does sso improve security?
+
Reduces password fatigue, phishing risk, and enforces central policies.
Does sso improve security?
+
Centralized authentication and MFA enforcement.
Does sso increase productivity?
+
Yes, no repeated logins.
Does sso reduce attack surface?
+
Yes, fewer passwords and login endpoints.
Does sso reduce helpdesk calls?
+
Reduces password reset requests.
Does sso require accurate time sync?
+
Yes, tokens require clock accuracy.
Does sso require certificate management?
+
Yes, periodic rollover is required.
Does sso work?
+
A centralized identity provider authenticates the user, issues a token or
cookie,
and applications trust this token to grant access.
Domain federation?
+
Configures ADFS or external IdP to authenticate domain users.
Dpop?
+
Demonstration of Proof-of-Possession; prevents token theft misuse.
Dynamic client registration?
+
Allows clients to auto-register at IdP.
Dynamic group?
+
Group with rule-based membership.
Email' scope?
+
Access to user email and email_verified.
Encode saml messages?
+
To ensure safe transport via URLs or POST.
Encrypt sensitive attributes?
+
Highly recommended.
Encryption at rest?
+
Encryption at rest protects stored data using cryptographic techniques.
Encryption errors occur?
+
Incorrect certificate or key mismatch.
Encryption in cloud?
+
Encryption protects data in transit and at rest using algorithms like AES or
RSA. It
prevents unauthorized access to sensitive cloud data.
Encryption in transit?
+
Encryption in transit protects data as it travels over networks between
cloud
services or users.
End_session endpoint?
+
Used for OIDC logout operations.
Endpoint security in cloud?
+
Protects client devices, VMs, and containers from malware, unauthorized
access, and
vulnerabilities.
Enforce mfa?
+
Improves security for sensitive resources.
Enterprise application?
+
Represents an SP configuration used for SSO.
Enterprise sso?
+
SSO for employees using enterprise IdPs.
Entity category?
+
Classification of SP/IdP capabilities.
Entity id?
+
A unique identifier for SP or IdP in SAML.
Example of federation hub?
+
Azure AD, ADFS, Okta, PingFederate.
Exp' claim?
+
Expiration timestamp.
Expired assertion'?
+
Assertion outside NotOnOrAfter time.
Explain auto scaling.
+
Auto Scaling automatically adjusts compute resources based on demand,
improving
availability and cost efficiency.
Explain bastion host.
+
A Bastion host is a secure jump server used to access instances in private
networks.
Explain cloud firewall.
+
Cloud firewalls filter network traffic at the edge or VM level, enforcing
security
rules to prevent unauthorized access.
Explain disaster recovery in cloud.
+
Disaster Recovery (DR) is a set of processes to restore cloud applications
and data
after failures. It involves backups, replication, multi-region deployment,
and
failover strategies.
Failover in cloud?
+
Automatic switching to a redundant system when a primary system fails,
ensuring
service continuity.
Fapi?
+
Financial grade API security profile for OIDC/OAuth2.
Fault tolerance in cloud?
+
Fault tolerance ensures the system continues functioning despite component
failures
using redundancy and failover.
Federated identity?
+
Using external identity providers like Google or Azure AD.
Federation hub?
+
Central IdP connecting multiple SPs.
Federation in azure ad?
+
Using ADFS or external IdPs for authentication.
Federation in sso?
+
Trust relationship enabling cross-domain authentication.
Federation metadata?
+
Configuration XML exchanged between IdP and SP.
Federation?
+
Trust between identity providers and service providers.
Fine-grained authorization?
+
Scoped permissions down to resource-level.
Flow is best for iot devices?
+
Device Code flow.
Flow is best for machine-to-machine?
+
Client Credentials.
Flow is best for mobile?
+
Authorization Code with PKCE.
Flow is best for spas?
+
Authorization Code with PKCE (Implicit avoided).
Flow is more secure?
+
SP-initiated, due to request ID validation.
Flow should spas use?
+
Authorization Code Flow with PKCE.
Flow supports refresh tokens?
+
Authorization Code Flow and Hybrid Flow.
Flow supports sso?
+
Authorization Code or Hybrid flow via OIDC.
Flows does azure ad support?
+
Auth Code, PKCE, Client Credentials, Device Code, ROPC.
Format are oauth tokens?
+
Typically JWT or opaque tokens.
Format does oidc use?
+
JSON, REST APIs, and JWT tokens.
Formats can access tokens use?
+
JWT or opaque format.
Formats can id tokens use?
+
Always JWT.
Frontchannel logout?
+
Logout performed via the browser using redirects.
Front-channel logout?
+
Logout via browser redirects.
Front-channel logout?
+
Browser-based logout using redirects.
Front-channel slo?
+
Uses browser redirects for logout.
Global logout?
+
Logout from entire identity federation.
Grant type
+
Defines how the client collects and exchanges access tokens.
Graph api?
+
API to manage users, groups, and apps.
Happens if idp is down during slo?
+
SPs may not logout properly.
Haproxy in cloud?
+
HAProxy is a load balancer and proxy server that supports high availability
and
failover.
High availability (ha) in cloud?
+
HA ensures that cloud services remain accessible with minimal downtime. It
uses
redundancy, failover mechanisms, and load balancing to maintain continuous
operations.
Home realm discovery?
+
Identifies which IdP user belongs to.
Home realm discovery?
+
Choosing correct IdP based on the user.
Http artifact binding?
+
Message reference is sent, not entire assertion.
Http post binding?
+
SAML message sent through an HTML form post.
Http redirect binding?
+
SAML message is sent via URL query string.
Https requirement?
+
OAuth 2.0 must use HTTPS for all communication.
Hybrid cloud security?
+
Hybrid cloud security protects workloads and data across on-premises and
cloud
environments.
Hybrid flow?
+
Combination of implicit + authorization code (OIDC).
Hybrid flow?
+
Combination of Implicit and Authorization Code flows.
Iam in cloud security?
+
Identity and Access Management controls who can access cloud resources and
what
actions they can perform.
Iam in cloud security?
+
Identity and Access Management controls who can access cloud resources and
what they
can do. It includes authentication, authorization, roles, policies, and MFA.
Iat' claim?
+
Issued-at timestamp.
Id token signature?
+
Verifies integrity and authenticity.
Id token?
+
JWT token containing authentication details.
Id token?
+
A JWT containing identity information about the user.
Id_token?
+
OIDC token containing user identity claims.
Id_token_hint?
+
Hint for logout identifying user's ID Token.
Identifier (entity id)?
+
SP unique identifier configured in Azure AD.
Identity brokering?
+
IdP sits between user and multiple IdPs.
Identity federation?
+
Identity federation allows users to access multiple cloud services using a
single
identity.
Identity federation?
+
A trust relationship allowing different systems to share authentication.
Identity hub?
+
A centralized identity broker connecting many IdPs.
Identity protection?
+
Detects risky logins and risky users.
Identity provider (idp)?
+
An IdP is a trusted service that authenticates users and issues tokens or
assertions
for SSO.
Identity provider (idp)?
+
Authenticates users and issues claims.
Identity provider (idp)?
+
A service that authenticates a user and issues SAML assertions.
Identity token validation?
+
Ensuring token signature, audience, and issuer are correct.
Idp discovery?
+
Selecting the correct identity provider for login.
Idp federation?
+
One IdP authenticates users for many SPs.
Idp in sso?
+
Identity Provider — authenticates the user.
Idp metadata url?
+
URL where SP fetches IdP metadata.
Idp proxying?
+
IdP acting as intermediary between user and another IdP.
Idp?
+
System that authenticates users and issues tokens/assertions.
Idp-initiated sso?
+
Login initiated from Identity Provider.
Idp-initiated sso?
+
User starts login at the Identity Provider.
Immutable infrastructure?
+
Infrastructure that is never modified after deployment, only replaced. It
ensures
consistency and security.
Impersonation?
+
User acting as another identity — dangerous and restricted.
Implicit flow deprecated?
+
Exposes tokens to browser and insecure environments.
Implicit flow deprecated?
+
Less secure, exposes tokens in browser URL.
Implicit flow?
+
Legacy browser-based flow without backend; not recommended.
Implicit flow?
+
Old flow that returns tokens via browser fragments.
Implicit grant flow?
+
OAuth 2.0 flow for client-side apps where tokens are returned directly
without
client secret.
Implicit vs code flow?
+
Code Flow more secure; Implicit deprecated.
Incremental consent?
+
Requesting only partial permissions at first.
Inresponseto attribute?
+
Links the response to the matching AuthnRequest.
Inresponseto missing'?
+
IdP did not include request ID; insecure for SP-initiated.
Introspection endpoint?
+
Used to validate opaque access tokens.
Intrusion detection and prevention (ids/ips)?
+
IDS/IPS monitors network traffic for malicious activity, raising alerts or
blocking
threats.
Intrusion detection system (ids)?
+
IDS monitors cloud traffic for malicious activity or policy violations.
Intrusion prevention system (ips)?
+
IPS not only detects but also blocks malicious traffic in real time.
Invalid signature' error?
+
Assertion signature mismatch or wrong certificate.
Is jwt used in microservices?
+
JWT allows secure stateless communication between microservices, with each
service
verifying the token without a central session store.
Is jwt verified?
+
Server uses the secret or public key to verify the token’s signature and
validity,
ensuring it was issued by a trusted source.
Is more reliable — front or back channel?
+
Back-channel, because it avoids browser issues.
Is oauth 2.0 for authentication?
+
Not by design; it's for authorization. OIDC adds authentication.
Is oauth 2.0 stateful or stateless?
+
Can be either, depending on token type and architecture.
Is oidc authentication or authorization?
+
OIDC is authentication; OAuth2 is authorization.
Is oidc stateless or stateful?
+
Stateless — relies on JWT tokens.
Is oidc suitable for mobile apps?
+
Yes, highly optimized for mobile clients.
Is saml used for authentication or authorization?
+
Primarily authentication; asserts user identity to SP.
Is sso a single point of failure?
+
Yes, if IdP is down, login for all apps fails.
Is sso for authentication or authorization?
+
SSO is primarily for authentication.
Is sso latency-prone?
+
Yes, due to redirects and token validation.
Is token expiry handled in oauth?
+
Access tokens have a short TTL; refresh tokens are used to request a new
access
token without user interaction.
Iss' claim?
+
Issuer identifier.
Issuer claim?
+
Identifies authorization server that issued the token.
Issuer mismatch'?
+
Incorrect IdP entity ID used.
Jar (jwt authorization request)?
+
Authorization request packaged as signed JWT.
Jarm?
+
JWT-secured Authorization Response Mode — adds signing to auth responses.
Just-in-time provisioning?
+
Provision user accounts at login time.
Just-in-time provisioning?
+
User is created automatically during login.
Jwks endpoint?
+
JSON Web Key Set for token verification keys.
Jwks uri?
+
Endpoint serving public keys for validating tokens.
Jwks?
+
JSON Web Key Set for validating tokens.
Jwt header?
+
Header specifies the signing algorithm (e.g., HS256) and token type (JWT).
Jwt kid field?
+
Key ID to identify which signing key to use.
Jwt payload?
+
The payload contains claims, which are statements about the user or session
(e.g.,
user ID, roles, expiration).
Jwt signature?
+
The signature ensures the token’s integrity. It is generated using a secret
(HMAC)
or private key (RSA/ECDSA).
Jwt signature?
+
Cryptographic signature verifying authenticity.
Jwt token?
+
Self-contained token with claims.
Jwt?
+
JSON Web Token (JWT) is a compact, URL-safe token format used to securely
transmit
claims between parties. It includes a header, payload, and signature.
Jwt?
+
JSON Web Token — compact, signed token.
Kerberos?
+
Network authentication protocol used in Windows SSO.
Key components of cloud security?
+
Key components include identity and access management (IAM) data protection
network
security monitoring and compliance.
Key management service (kms)?
+
KMS is a cloud service for creating managing and controlling encryption keys
securely.
Key management service (kms)?
+
KMS securely creates, stores, and rotates encryption keys for cloud
resources.
Kubernetes role in ha?
+
Kubernetes provides HA by managing pods across multiple nodes, self-healing,
and
load balancing.
Limit attribute sharing?
+
Minimize data to reduce privacy risk.
Limit scopes?
+
Yes, always follow least privilege.
Load balancer?
+
A load balancer distributes incoming traffic across multiple servers to
ensure high
availability and performance.
Logging & auditing in cloud security?
+
Captures user actions and system events to detect breaches, analyze
incidents, and
meet compliance.
Logout method is most reliable?
+
Back-channel logout.
Main cloud security challenges?
+
Challenges include data breaches insecure APIs misconfigured cloud services
insider
threats and compliance issues.
Main types of cloud security?
+
Includes Data Security, Network Security, Identity & Access Management
(IAM),
Application Security, and Endpoint Security. It protects cloud workloads
from
breaches and vulnerabilities.
Metadata important?
+
Ensures both IdP and SP trust each other and understand endpoints.
Metadata signature?
+
Indicates authenticity of metadata file.
Mfa in oauth?
+
Additional step enforced by authorization server.
Microsegmentation in cloud security?
+
Divides networks into smaller segments to isolate workloads and minimize
lateral
attack movement.
Microsoft graph permissions?
+
Scopes that define what an app can access.
Monitor saml logs?
+
Detects anomalies and attacks.
Mtls in oauth?
+
Mutual TLS binding tokens to client certificates.
Multi-cloud security?
+
Multi-cloud security manages security consistently across multiple cloud
providers.
Multi-factor authentication (mfa)?
+
MFA requires multiple forms of verification to access cloud resources
enhancing
security.
Multi-factor authentication (mfa)?
+
MFA requires two or more verification methods to access cloud resources,
enhancing
security beyond passwords.
Multi-federation?
+
Multiple IdPs serving different user groups.
Multi-region deployment?
+
Deploying resources in multiple regions improves disaster recovery,
redundancy, and
availability.
Multi-tenant app?
+
App serving multiple organizations with separate identities.
Multi-tenant identity?
+
Multiple tenants share identity infrastructure.
Nameid formats?
+
EmailAddress, Persistent, Transient, Unspecified.
Nameid?
+
Unique identifier for the user in SAML.
Nameidmapping?
+
Mapping NameIDs between IdP and SP.
Network acl?
+
Network ACL is a stateless firewall used to control traffic at the subnet
level.
Network acl?
+
A Network Access Control List controls traffic at the subnet level. It
provides an
additional layer beyond security groups.
Nonce' claim?
+
Used to prevent replay attacks.
Nonce used for?
+
To prevent replay attacks.
Nonce used for?
+
Prevents replay attacks.
Nonce?
+
Unique value used in ID token to prevent replay.
Not to store tokens?
+
LocalStorage or unencrypted browser memory.
Notbefore claim?
+
Defines earliest time the assertion is valid.
Notonorafter claim?
+
Expiration time of assertion.
Oauth 2
+
OAuth 2 is an open authorization framework enabling secure access delegation
without
sharing passwords.
Oauth 2.0 grant types?
+
Auth Code, PKCE, Client Credentials, Password, Implicit, Device Code.
Oauth 2.0?
+
An authorization framework allowing third-party apps to access user
resources
without sharing passwords.
Oauth 2.1?
+
A simplification removing implicit and ROPC flows; PKCE required.
Oauth backchannel logout?
+
Mechanism to notify apps of user logout.
Oauth device flow?
+
Auth flow for devices without browsers.
Oauth grant types?
+
Common grant types: Authorization Code, Implicit, Password Credentials,
Client
Credentials. They define how clients obtain access tokens.
Oauth introspection endpoint?
+
API to check token validity for opaque tokens.
Oauth revocation endpoint?
+
API to revoke access or refresh tokens.
Oauth?
+
OAuth is an open-standard authorization protocol that allows third-party
apps to
access user resources without sharing credentials. It issues access tokens
to grant
limited access to resources.
Oauth2 used for?
+
Authorization, not authentication.
Oauth2 with sso integration?
+
OAuth2 with SSO enables a single login using OAuth’s token-based
authorization to
access multiple protected services.
Oidc claims?
+
Statements about a user (e.g., email, name).
Oidc created?
+
To enable secure user authentication using modern JSON/REST technology.
Oidc discovery document?
+
Well-known configuration containing endpoints and metadata.
Oidc federation?
+
Uses OIDC for federated identity.
Oidc flow is best for spas?
+
Auth Code Flow with PKCE.
Oidc in apple sign-in?
+
Apple Sign-In is based on OIDC standards.
Oidc in auth0?
+
Auth0 fully supports OIDC flows and JWT issuance.
Oidc in aws cognito?
+
Cognito provides OIDC-based hosted UI flows.
Oidc in azure ad?
+
Azure AD supports OIDC with Microsoft Identity platform.
Oidc in fusionauth?
+
FusionAuth supports OIDC, MFA, and OAuth2 flows.
Oidc in google identity?
+
Google uses OIDC for all user authentication.
Oidc in keycloak?
+
Keycloak is an open-source IdP supporting OIDC.
Oidc in okta?
+
Okta provides custom and default OIDC authorization servers.
Oidc in pingfederate?
+
PingFederate supports OIDC with OAuth AS extensions.
Oidc in salesforce?
+
Salesforce acts as an OIDC provider for SSO.
Oidc in sso?
+
OAuth2-based identity layer issuing ID tokens.
Oidc preferred over saml?
+
Lightweight JSON tokens, mobile-ready, modern architecture.
Oidc scopes?
+
Permissions for claims in ID Token/UserInfo.
Oidc vs api keys?
+
OIDC is secure and user-based; API keys are static secrets.
Oidc vs basic auth?
+
OIDC uses token-based modern auth; Basic Auth sends credentials each time.
Oidc vs jwt?
+
OIDC uses JWT; JWT is a token format, not a protocol.
Oidc vs kerberos?
+
OIDC = web/mobile; Kerberos = internal network protocol.
Oidc vs oauth device flow?
+
OIDC is for login; Device Flow is for non-browser devices.
Oidc vs oauth2?
+
OIDC adds authentication; OAuth2 only handles authorization.
Oidc vs password auth?
+
OIDC uses tokens; password auth uses credentials directly.
Oidc vs saml?
+
OIDC uses JSON/REST; SAML uses XML. OIDC suits mobile and modern apps.
Oidc vs ws-fed?
+
OIDC is modern JSON-based; WS-Fed is legacy Microsoft protocol.
Oidc?
+
OpenID Connect is an identity layer built on top of OAuth 2.0 to
authenticate users.
Okta api token?
+
Token used for administrative API calls.
Okta app integration?
+
Application configuration for SSO.
Okta asa?
+
Advanced Server Access for SSH/RDP identity access.
Okta authentication api?
+
REST API for user authentication and token issuance.
Okta authorization server?
+
Custom OAuth server controlling token issuance.
Okta identity engine?
+
New adaptive authentication platform.
Okta idp discovery?
+
Chooses correct IdP based on user attributes.
Okta inline hook?
+
Extend Okta flows with external logic.
Okta mfa?
+
Multi-step authentication including SMS, Push, TOTP.
Okta org?
+
Dedicated Okta tenant for an organization.
Okta risk-based authentication?
+
Dynamically challenges or blocks based on risk.
Okta sign-on policy?
+
Rules defining how users authenticate to applications.
Okta system log?
+
Audit log for events and authentication attempts.
Okta universal directory?
+
Directory service storing users, groups, and attributes.
Okta verify?
+
Mobile authenticator for push and TOTP.
Okta vs adfs?
+
Okta = cloud SaaS; ADFS = on-prem with heavy infrastructure.
Okta vs pingfederate?
+
Okta = cloud-first; Ping = enterprise customizable federation.
Okta workflow?
+
Automation engine for identity tasks.
Okta?
+
Identity platform supporting SAML SSO.
Okta?
+
Identity and access management provider for cloud applications.
Opaque token?
+
Token that requires introspection to validate.
Openid connect (oidc)?
+
OIDC is an identity layer on top of OAuth 2.0 for authentication, returning
an ID
token that provides user identity info.
Openid' scope?
+
Mandatory scope to enable OIDC.
Par (pushed authorization request)?
+
Client sends authorization details via a secure POST before redirect.
Par (pushed authorization requests)?
+
Securely sends auth request to IdP before redirect — prevents tampering.
Partial logout?
+
Only some apps logout.
Password credentials grant
+
User provides username/password directly to client; now discouraged due to
security
risks.
Password vaulting sso?
+
SSO by storing and auto-filling credentials.
Passwordless sso?
+
SSO without passwords using FIDO2/WebAuthn.
Persistent nameid?
+
Long-lived identifier for a user.
Phone' scope?
+
Access to phone and phone_verified.
Pingdirectory?
+
Directory used with PingFederate for user management.
Pingfederate authentication policy?
+
Controls how authentication decisions are made.
Pingfederate connection?
+
Configuration linking SP and IdP.
Pingfederate console?
+
Admin dashboard for configuration.
Pingfederate idp adapter?
+
Plugin to authenticate users (LDAP, Kerberos etc).
Pingfederate oauth as?
+
Acts as authorization server issuing tokens.
Pingfederate vs adfs?
+
Ping = more flexible; ADFS = Microsoft ecosystem-focused.
Pingfederate?
+
Enterprise IdP/SP platform supporting SAML.
Pingfederate?
+
Enterprise federation server for SSO and identity integration.
Pingone?
+
Cloud identity solution integrating with PingFederate.
Pkce extension?
+
Proof Key for Code Exchange — protects public clients.
Pkce introduced?
+
To prevent authorization code interception attacks.
Pkce?
+
Proof Key for Code Exchange; improves security for public clients.
Pkce?
+
Enhances OAuth2 security for public clients.
Policy contract?
+
Defines attributes shared with SP/IdP.
Post_logout_redirect_uri?
+
URL where user is redirected after logout.
Principle of least privilege?
+
Users are granted only the permissions necessary to perform their job
functions.
Privileged identity management?
+
Controls and audits privileged roles.
Problem does oauth 2.0 solve?
+
It enables secure delegated access using tokens instead of credentials.
Profile' scope?
+
Access to basic user attributes.
Prohibited in oidc?
+
Tokens through URL (except legacy implicit flow).
Proof-of-possession?
+
Tokens tied to a key so only holder with key can use them.
Protocol does azure ad support?
+
OIDC, OAuth2, SAML2, WS-Fed.
Protocol format does saml use?
+
XML.
Protocol is best for mobile apps?
+
OIDC and OAuth2.
Protocol is best for web apps?
+
SAML2 for enterprises, OIDC for modern apps.
Protocol uses json/jwt?
+
OIDC.
Protocol uses xml?
+
SAML2.
Protocols does adfs support?
+
SAML, WS-Fed, OAuth2, OIDC.
Protocols does okta support?
+
OIDC, OAuth2, SAML2, SCIM.
Protocols does pingfederate support?
+
OIDC, OAuth2, SAML2, WS-Trust.
Protocols support sso?
+
SAML2, OIDC, OAuth2, WS-Fed, Kerberos.
Public client?
+
Cannot securely store secrets — e.g., mobile, SPAs.
Public client?
+
Client without a secure place to store secrets (SPA, mobile app).
Rate limiting in cloud security?
+
Limits the number of requests to APIs or services to prevent abuse and DDoS
attacks.
Recipient attribute?
+
SP endpoint expected to receive the assertion.
Redirect uri?
+
Endpoint where authorization server sends tokens or codes.
Redirect_uri?
+
URL where tokens/codes are sent after login.
Redundancy in ha?
+
Duplication of critical components to avoid single points of failure, e.g.,
multiple
servers, networks, or databases.
Refresh token flow?
+
Used to obtain new access tokens silently.
Refresh token grace period?
+
Allows old token to work briefly during rotation.
Refresh token lifetime?
+
Can be days to months based on policy.
Refresh token rotation?
+
Each refresh returns a new token; old one invalidated.
Refresh token?
+
A long-lived token used to obtain new access tokens.
Refresh token?
+
Used to get new access tokens without re-login.
Refresh token?
+
A long-lived token used to get new access tokens.
Refresh tokens long lived?
+
To enable new access tokens without user interaction.
Registration endpoint?
+
Dynamic client registration.
Relationship between oauth2 and oidc?
+
OIDC extends OAuth2 by adding identity features.
Relaystate?
+
State parameter passed between SP and IdP to maintain context.
Relaystate?
+
Parameter that preserves return URL or context.
Relying party trust?
+
Configuration for apps that rely on ADFS for authentication.
Replay attack?
+
Reusing captured tokens.
Replay detected'?
+
Assertion already used before.
Reply/acs url?
+
Endpoint where Azure AD posts SAML responses.
Resource owner password grant (ropc)?
+
User sends username/password directly; insecure and deprecated.
Resource owner?
+
The user or entity owning the protected resource.
Resource server responsibility?
+
Validate tokens and expose APIs.
Resource server?
+
The API hosting the protected resources.
Response_mode?
+
Defines how tokens are returned (query, form_post, fragment).
Response_type?
+
Defines which tokens are returned (code, id_token, token).
Restrict redirect_uri?
+
Prevents token leakage to malicious URLs.
Risk-based authentication?
+
Adaptive authentication based on context.
Risk-based sso?
+
Challenges based on user risk profile.
Ropc flow?
+
Resource Owner Password Credentials — now discouraged.
Ropc used?
+
Legacy or highly trusted systems; not recommended.
Rotate certificates periodically?
+
Prevents long-term compromises.
Rotate secrets regularly?
+
Client secrets should be rotated periodically.
Rp-initiated logout?
+
Client logs the user out at IdP.
Rpo and rto?
+
RPO (Recovery Point Objective): max data loss allowed, RTO (Recovery Time
Objective): max downtime allowed during recovery
Saml 2.0?
+
A standard for exchanging authentication and authorization data using
XML-based
security assertions.
Saml attribute query?
+
SP querying user attributes via SOAP.
Saml authentication flow?
+
SP sends AuthnRequest → IdP authenticates → IdP sends assertion → SP
validates →
user logged in.
Saml binding?
+
Defines how SAML messages are transported over HTTP.
Saml federation?
+
Allows authentication across organizations.
Saml federation?
+
Establishes trust using SAML metadata.
Saml flow is more secure?
+
SP-initiated SSO due to request ID matching.
Saml in sso?
+
XML-based single sign-on protocol used in enterprises.
Saml is not good for mobile?
+
XML processing is heavy and not designed for mobile flows.
Saml logoutrequest?
+
Request to initiate logout across IdP and SP.
Saml metadata?
+
XML document describing IdP and SP configuration.
Saml profile?
+
Defines use cases like Web SSO, SLO, IdP proxying.
Saml response?
+
XML message containing the SAML assertion.
Saml response?
+
IdP's message containing user identity.
Saml single logout (slo)?
+
Logout from one system logs the user out of all SAML-connected systems.
Saml still used?
+
Strong enterprise adoption and compatibility with legacy systems.
Saml strength?
+
Federated SSO, enterprise security.
Saml weakness?
+
Complexity, XML overhead, slower than OIDC.
Saml?
+
Security Assertion Markup Language (SAML) is an XML-based standard for
exchanging
authentication and authorization data between an identity provider and
service
provider.
Scim provisioning in okta?
+
Automatic user account creation/deletion in apps.
Scim provisioning?
+
Automatic provisioning of users to cloud apps.
Scim?
+
Protocol for automated user provisioning.
Scim?
+
Automated user provisioning for SSO apps.
Scope restriction?
+
Limit token permissions to least privilege.
Scope?
+
Defines the level of access requested by the client.
Seamless sso?
+
Automatically signs in users on corporate devices.
Secrets management?
+
Securely stores and manages API keys, passwords, and certificates used by
cloud apps
and containers.
Security automation with devsecops?
+
Integrating security in CI/CD pipelines to automate scanning, testing, and
policy
enforcement during development.
Security context?
+
Session stored after validating assertion.
Security group vs network acl?
+
Security group is stateful; network ACL is stateless and applies at subnet
level.
Security group?
+
Security Groups act as virtual firewalls in cloud environments to control
inbound
and outbound traffic for VMs and containers.
Security groups in cloud?
+
Security groups act as virtual firewalls controlling inbound and outbound
traffic to
cloud resources.
Security information and event management (siem)?
+
SIEM collects analyzes and reports on security events across cloud
environments.
Security information and event management (siem)?
+
SIEM collects and analyzes logs in real-time to detect, alert, and respond
to
security threats.
Separate auth and resource servers?
+
Improves security and scales better.
Serverless security?
+
Serverless security addresses vulnerabilities in functions-as-a-service
(FaaS) and
managed backend services.
Serverless security?
+
Securing FaaS (Functions as a Service) involves identity policies, least
privilege
access, and monitoring event triggers.
Service provider (sp)?
+
SP is the application that relies on IdP for authentication and trusts the
IdP’s
tokens or assertions.
Service provider (sp)?
+
Relies on IdP for authentication.
Service provider (sp)?
+
An application that consumes SAML assertions and grants access.
Session endpoint?
+
Endpoint for session management.
Session federation?
+
Sharing session state across domains.
Session hijacking?
+
Stealing a valid session to impersonate a user.
Session in sso?
+
Stored authentication state allowing continuous access.
Session token vs id token?
+
Session = internal system token; ID token = external identity token.
Session_state?
+
Identifier for user session at IdP.
Shared responsibility model in aws?
+
AWS secures the cloud infrastructure; customers secure their data
applications and
configurations.
Shared responsibility model in azure?
+
Azure secures physical data centers; customers manage applications data and
identity.
Shared responsibility model in gcp?
+
GCP secures the infrastructure; customers secure workloads data and user
access.
Shared responsibility model?
+
It defines which security responsibilities belong to the cloud provider and
which to
the customer.
Should assertions be encrypted?
+
Yes, especially for sensitive data.
Should tokens be short-lived?
+
Reduces impact of compromise.
Signature validation?
+
Checks if signed by trusted IdP.
Signature verification fails?
+
Wrong certificate or XML manipulation.
Silent authentication?
+
Refreshes tokens without user interaction.
Single federation?
+
Using one IdP across multiple apps.
Single logout?
+
Logout from one app logs out from all federated apps.
Single sign-on (sso)?
+
SSO enables users to log in once and access multiple cloud applications
without
re-authentication.
Sla in cloud?
+
Service Level Agreement defines uptime guarantees, availability, and
performance
metrics with providers.
Slo is more reliable?
+
Back-channel — avoids browser failures.
Slo may fail?
+
SPs may ignore logout request or session mismatch.
Slo unreliable?
+
Different SP implementations and browser constraints.
Slo?
+
Single Logout — logs user out from all apps.
Slo?
+
Single Logout across all federated apps.
Sni support in adfs?
+
Allows multiple SSL certs on same host.
Soap binding?
+
Used for back-channel communication like logout.
Sp adapter?
+
Adapter to authenticate SP requests.
Sp federation?
+
One SP trusts multiple IdPs.
Sp in sso?
+
Service Provider — application consuming the identity.
Sp metadata url?
+
URL where IdP fetches SP metadata.
Sp?
+
Application that uses IdP authentication.
Sp-initiated sso?
+
Login initiated from Service Provider.
Sp-initiated sso?
+
User starts login at the Service Provider.
Ssl/tls in cloud?
+
SSL/TLS encrypts data in transit, ensuring secure communication between
clients and
cloud services.
Sso connector?
+
Pre-integrated SSO configuration for apps.
Sso improves identity governance?
+
Yes, ensures consistent user lifecycle management.
Sso in saml?
+
Single Sign-On enabling users to access multiple apps with one login.
Sso needed?
+
It improves user experience and security by eliminating repeated logins.
Sso provider?
+
A platform offering authentication and federation services.
Sso setup complex?
+
Requires certificates, metadata, mappings, and trust configuration.
Sso url?
+
Identity Provider endpoint that handles authentication requests.
Sso with adfs?
+
Supports SAML and WS-Fed for on-prem identity.
Sso with azure ad?
+
Uses SAML, OIDC, OAuth, and Conditional Access.
Sso with okta?
+
Supports SAML, OIDC, SCIM, and rich policy controls.
Sso with pingfederate?
+
Enterprise SSO with SAML, OAuth, and adaptive auth.
Sso?
+
SSO allows users to log in once and access multiple applications without
re-entering
credentials. It improves UX and security.
Sso?
+
Single sign-on allowing one login for multiple apps.
Sso?
+
Single Sign-On enabling access to multiple apps after one login.
Sso?
+
Single Sign-On allows a user to log in once and access multiple systems
without
logging in again.
State parameter?
+
Protects against CSRF attacks.
State parameter?
+
Protects against CSRF attacks.
Step-up authentication?
+
Requesting stronger authentication mid-session.
Sts?
+
Security Token Service issuing tokens.
Sub' claim?
+
Subject — unique identifier of the user.
Subjectconfirmationdata?
+
Contains conditions like recipient and expiration.
Surface controllers?
+
Surface controllers handle form submissions and page interactions in MVC
views for
Umbraco sites.
Tenant in azure ad?
+
A dedicated Azure AD instance for an organization.
Test slo compatibility?
+
Different SPs/IdPs implement SLO inconsistently.
Tls required for oidc?
+
Prevents token interception.
To check adfs logs?
+
Use Event Viewer under ADFS Admin logs.
To export metadata?
+
Access /FederationMetadata/2007-06/FederationMetadata.xml.
To extend umbraco functionality?
+
Use custom controllers, property editors, surface controllers, or packages.
To handle jwt expiration?
+
Use short-lived access tokens and refresh tokens to renew them without
re-authentication.
To implement role-based authorization with jwt?
+
Include roles in JWT claims and validate in the application to allow/deny
access to
resources.
To implement sso with umbraco?
+
Integrate with SAML/OIDC provider; configure Umbraco to trust the IdP,
enabling
centralized authentication.
To integrate oauth with umbraco?
+
Use OAuth packages or middleware to enable login with third-party providers.
Tokens
are verified in the Umbraco back-office.
To integrate oauth/jwt in angular or react with
umbraco
backend?
+
Frontend requests token via OAuth flow; backend validates JWT before serving
content
or API data.
To prevent replay attacks?
+
Use PoP tokens or nonce/PKCE mechanisms.
To prevent replay attacks?
+
Use timestamps, one-time use, and session validation.
To prevent replay attacks?
+
Use timestamps, nonce, and audience restrictions.
To prevent session hijacking?
+
Use secure cookies, TLS, and short sessions.
To prevent token hijacking?
+
Use HTTPS, short-lived tokens, PKCE, and secure storage.
To refresh jwt tokens?
+
Use refresh tokens to request a new access token without re-authentication.
Implement server-side validation for security.
To revoke jwt tokens?
+
Maintain a blacklist or short-lived tokens; revoke by invalidating refresh
tokens.
To secure microservices with jwt?
+
Each microservice validates the token signature, expiry, and claims,
ensuring
stateless and secure access.
To secure umbraco back-office?
+
Enable HTTPS, enforce strong passwords, MFA, and assign roles/permissions to
users.
To store access tokens?
+
Secure storage: keychain, secure enclave, or encrypted storage.
To update token-signing certificates?
+
Auto-rollover or manual certificate update.
Token accesses apis?
+
Access Token.
Token binding?
+
Binding tokens to TLS keys; prevents misuse.
Token binding?
+
Binds tokens to client to prevent misuse.
Token chaining?
+
Passing tokens between multiple services.
Token decryption certificate?
+
Certificate used to decrypt incoming tokens.
Token encryption?
+
Encrypts token contents for confidentiality.
Token endpoint?
+
Used to exchange authorization code for tokens.
Token exchange?
+
Exchange one token for another with different scopes.
Token exchange?
+
Exchanging one token for another under OIDC/OAuth2.
Token expiration?
+
Tokens expire after a predefined time to limit misuse.
Token expiration?
+
Tokens become invalid after time limit.
Token formats does okta issue?
+
JWT-based ID, access, refresh tokens.
Token hashing?
+
Hashing codes or values to prevent leakage.
Token hashing?
+
Hash embedded in ID Token to confirm token integrity.
Token hijacking?
+
Stealing tokens to impersonate users.
Token introspection?
+
Endpoint to check token validity.
Token introspection?
+
Checks validity of OAuth access tokens.
Token introspection?
+
Endpoint used to validate opaque tokens.
Token lifetime policy?
+
Rules controlling validity of issued tokens.
Token proves authentication?
+
ID Token.
Token renewal?
+
Extending session without login.
Token replay attack?
+
Attacker reuses a captured token to gain access.
Token replay attack?
+
Reusing a stolen assertion to impersonate a user.
Token revocation?
+
Invalidating a token before it expires.
Token revocation?
+
Endpoint to revoke refresh or access tokens.
Token scope?
+
Permissions embedded in the token.
Token signing certificate?
+
Certificate used to sign SAML assertions.
Token signing key?
+
Key used to sign JWT tokens.
Token signing?
+
Cryptographically signing tokens to prevent tampering.
Token types adfs issues?
+
SAML tokens, JWT tokens in OAuth/OIDC.
Token types does azure ad issue?
+
Access token, ID token, Refresh token.
Tokenization?
+
Tokenization replaces sensitive data with unique identifiers (tokens) to
reduce
exposure.
Transient nameid?
+
Short-lived identifier used once per session.
Transport does saml commonly use?
+
HTTP Redirect, HTTP POST, HTTP Artifact.
Trust establishment?
+
Exchange of metadata and certificates.
Types of grants
+
Authorization Code, Client Credentials, Password Credentials, Refresh Token,
and
Implicit (deprecated).
Types of groups exist?
+
Directory groups, imported groups, application groups.
Types of oidc clients?
+
Public and confidential clients.
Types of pingfederate connections?
+
SP connections, IdP connections.
Types of saml assertions?
+
Authentication, Authorization Decision, Attribute.
Types of slo?
+
Front-channel and back-channel.
Types of sso does azure ad support?
+
SAML, OIDC, OAuth, Password-based SSO.
Types of sso does okta support?
+
SAML, OIDC, password vaulting.
Umbraco content service?
+
Content Service API allows CRUD operations on content nodes
programmatically.
Unsolicited response?
+
IdP-initiated response not tied to AuthnRequest.
Url of oidc discovery?
+
/.well-known/openid-configuration.
Use artifact binding?
+
More secure, avoids sending assertion through browser.
Use https always?
+
Yes, required for OAuth to avoid token leakage.
Use https everywhere?
+
Required for secure SAML transmission.
Use https in sso?
+
Protects token transport.
Use ip restrictions?
+
Adds another protection layer.
Use long-lived refresh tokens?
+
Only with rotation and revocation.
Use oidc over saml?
+
For mobile, SPAs, APIs, and modern cloud systems.
Use pkce for public clients?
+
Always.
Use rate limiting?
+
Avoid abuse of authorization endpoints.
Use refresh token rotation?
+
Prevents stolen refresh tokens from being reused.
Use saml over oidc?
+
For enterprise SSO with legacy systems.
Use secure token storage?
+
Use OS-protected key stores.
Use short assertion lifetimes?
+
Mitigates replay risk.
Use short-lived access tokens?
+
Recommended for security and performance.
Use transient nameid?
+
Enhances privacy by avoiding long-term IDs.
Userinfo endpoint?
+
Returns user profile attributes.
Userinfo signature?
+
Signed UserInfo responses for extra security.
Validate audience restrictions?
+
Ensures assertion is meant for the SP.
Validate audience?
+
Ensures token is intended for the client.
Validate expiration?
+
Prevents using expired tokens.
Validate issuer and audience?
+
Must be validated on every API call.
Validate issuer?
+
Ensures token is from trusted identity provider.
Validate redirect uris?
+
Required to prevent redirects to malicious sites.
Validate timestamps?
+
Prevents replay attacks.
Virtual private cloud (vpc)?
+
VPC is an isolated cloud network with controlled access to resources.
Virtual private cloud (vpc)?
+
A VPC isolates cloud resources in a private network, controlling routing,
subnets,
and security policies.
Wap pre-authentication?
+
Validates user before forwarding to backend server.
X.509 certificate used for in saml?
+
To sign and encrypt assertions.
Xml encryption?
+
Encrypts assertion contents for confidentiality.
Xml signature?
+
Cryptographic signing of SAML assertions.
You configure claim rules?
+
Using rule templates or custom claims transformation.
You configure sp-initiated sso?
+
Enable SAML integration with proper ACS and Entity ID.
You deploy pingfederate?
+
On-prem VM, container, or cloud VM.
Zero downtime deployment?
+
Deploying updates without interrupting service by blue-green or rolling
deployment
strategies.
Zero trust security?
+
Zero trust assumes no implicit trust; all users and devices must be verified
before
accessing resources.
Zero-trust security?
+
Zero-trust assumes no implicit trust. Every request must be verified
regardless of
origin or location.
redirect uris be exact?
+
To prevent open redirect vulnerabilities.
Aaud' claim?
+
Audience — the application that token is meant for.
Access review?
+
Feature to periodically validate user access.
Access token lifetime?
+
Time before token expires, usually minutes.
Access token lifetime?
+
Default 60–90 minutes depending on policies.
Access token manager?
+
Component controlling token storage/expiry.
Access token?
+
A credential used to access protected resources.
Access token?
+
Grants access to APIs.
Access token?
+
A token used to access APIs.
Acr'?
+
Authentication Context Class Reference — indicates authentication strength.
Acs url?
+
Assertion Consumer Service URL for SP to receive SAML assertions.
Acs url?
+
Endpoint where SP receives SAML responses.
Active-active vs active-passive ha?
+
Active-Active: all nodes serve traffic simultaneously., Active-Passive: one
node is
primary, another is standby for failover.
Adaptive authentication?
+
Dynamic authentication based on risk.
Adaptive sso?
+
Applies dynamic authentication conditions.
Address' scope?
+
Access to user address attributes.
Adfs application group?
+
Collection of OAuth/OIDC clients.
Adfs farm?
+
Cluster of servers providing redundancy.
Adfs federation metadata?
+
XML describing ADFS endpoints and certificates.
Adfs proxy?
+
Enables external access to internal ADFS.
Adfs web application proxy?
+
Proxy enabling external access to ADFS.
Adfs?
+
Active Directory Federation Services implementing SAML.
Adfs?
+
Active Directory Federation Services: on-prem identity provider.
Advantages
+
Supports SSO, secure token-based access, scoped permissions, mobile/server
support,
and third-party integrations.
Algorithms does oidc use?
+
RS256, ES256, HS256.
Always sign assertions?
+
Yes, signing is mandatory for security.
Amr'?
+
Authentication Methods Reference — methods used for authentication.
Api security in cloud?
+
API security protects cloud APIs from misuse attacks and unauthorized
access.
App registration?
+
Configuration representing an application identity.
App role assignment?
+
Assign roles to users or groups for an app.
Apps must use pkce?
+
Mobile, SPAs, and any public clients.
Artifact resolution service?
+
Endpoint used to exchange artifact for assertion.
Assertion consumer service?
+
Endpoint where SP receives SAML responses.
Assertion in saml?
+
A package of security information issued by an Identity Provider.
Assertion signing?
+
Proof that assertion came from trusted IdP.
Attribute mapping in ping?
+
Mapping LDAP or internal attributes to SAML assertions.
Attribute mapping?
+
Mapping SAML attributes to SP identity fields.
Attribute mapping?
+
Mapping Okta attributes to app attributes.
Attribute mapping?
+
Mapping user attributes from IdP to SP.
Attribute release policy?
+
Rules governing which user data IdP sends.
Attributes secured?
+
By signing and optional encryption.
Attributestatement?
+
Part of assertion containing user attributes.
Audience claim?
+
Identifies the resource the token is valid for.
Audience mismatch'?
+
Assertion issued for wrong SP.
Audience restriction?
+
Ensures assertion is used only by intended SP.
Audience restriction?
+
Ensures tokens are used by intended SP.
Auth_time' claim?
+
Time the user was last authenticated.
Authentication api?
+
REST API enabling custom authentication UI.
Authentication methods does adfs support?
+
Windows auth, forms auth, certificate auth.
Authnrequest?
+
Authentication request from SP to IdP.
Authnrequest?
+
A request from SP to IdP to authenticate the user.
Authorization code flow secure?
+
Tokens issued directly to backend server, not exposed to browser.
Authorization code flow?
+
OAuth 2.0 flow for server-side apps; client exchanges an authorization code
for an
access token securely.
Authorization code flow?
+
A secure flow for server-side apps exchanging code for tokens.
Authorization code flow?
+
Exchanges code for tokens securely via backend.
Authorization code flow?
+
Most secure flow using server-side token exchange.
Authorization code grant
+
Used for web apps; user logs in, backend exchanges authorization code for
access
token securely.
Authorization endpoint?
+
Used to authenticate the user.
Authorization grant?
+
Credential representing user consent.
Authorization server responsibility?
+
Issue tokens, validate clients, manage scopes and consent.
Authorization server?
+
The server issuing access tokens and managing consent.
Auto healing in kubernetes?
+
Automatically restarts failed containers or reschedules pods to healthy
nodes to
ensure continuous availability.
Avoid idp-initiated sso?
+
SP-initiated is more secure.
Avoid implicit flow?
+
Yes, deprecated for security reasons.
Azure ad b2b?
+
Allows external identities to collaborate securely.
Azure ad b2c?
+
Identity platform for customer applications.
Azure ad connect?
+
Sync tool connecting on-prem AD with Azure AD.
Azure ad mfa?
+
Multi-factor authentication service to enhance security.
Azure ad saml?
+
Azure Active Directory supporting SAML-based SSO.
Azure ad vs adfs?
+
Azure AD = cloud; ADFS = on-prem federation.
Azure ad vs okta?
+
Azure AD is Microsoft cloud identity; Okta is independent IAM leader.
Azure ad vs pingfederate?
+
Azure AD = cloud-first; PingFederate = enterprise federation with granular
control.
Azure ad?
+
A cloud-based identity and access management service by Microsoft.
Back-channel logout?
+
Logout using server-to-server messages.
Back-channel logout?
+
Server-to-server logout notifications.
Back-channel slo?
+
Uses server-to-server calls for logout.
Backup strategy for cloud?
+
Regular snapshots, versioned backups, geo-replication, and automated
schedules
ensure data recovery.
Bearer token?
+
A bearer token is a type of access token that allows access to resources
when
presented. No additional verification is required besides the token itself.
Bearer token?
+
Token that grants access without additional proof.
Best practices for jwt?
+
Use HTTPS, short-lived tokens, refresh tokens, sign tokens, and avoid
storing
sensitive data in payload.
Best practices for oauth/jwt in production?
+
Use HTTPS, short-lived tokens, refresh tokens, secure storage, signature
verification, and proper logging/auditing.
Biggest benefit of sso?
+
User convenience and reduced login friction.
Biometric sso?
+
SSO authenticated via biometrics like fingerprint or face.
Can cookies break sso?
+
Yes, blocked cookies prevent session persistence.
Can jwt be revoked?
+
JWTs are stateless, so they cannot be revoked by default. Implement token
blacklisting or short expiration for control.
Can metadata expire?
+
Yes, metadata can have expiration to enforce updates.
Can pingfederate encrypt assertions?
+
Yes, full support for SAML encryption.
Can refresh tokens be revoked?
+
Yes, through revocation endpoints.
Can scopes control mfa?
+
Yes, using acr/amr claims.
Can sso reduce password reuse?
+
Yes, only one password is needed.
Can sso reduce phishing?
+
Yes, users rarely enter passwords.
Can umbraco support jwt authentication?
+
Yes, JWT middleware can secure API endpoints and allow stateless
authentication for
custom Umbraco APIs.
Cannot oauth2 replace saml?
+
OAuth2 does not authenticate users; needs OIDC.
Certificate rollover?
+
Updating certificates without service disruption.
Certificate rollover?
+
Rotation of signing certificates to maintain security.
Check_session_iframe?
+
Used to track session changes via iframe polling.
Claim in jwt?
+
Claims are pieces of information asserted about a subject (user) in the
token, e.g.,
sub, exp, role.
Claims provider trust?
+
Identity providers trusted by ADFS.
Client credentials flow?
+
Used for server-to-server authentication without user.
Client credentials flow?
+
Server-to-server authentication, not user login.
Client credentials grant
+
Used for machine-to-machine authentication without user involvement.
Client in oauth 2.0?
+
The application requesting access to a resource.
Client in oidc?
+
Application requesting tokens from IdP.
Client secret?
+
Confidential credential used by backend clients.
Client secret?
+
Credential used for confidential OAuth clients.
Client_id?
+
Unique identifier for the client.
Client_secret?
+
Secret only known to confidential clients.
Cloud access control?
+
Access control manages who can access cloud resources and what operations
they can
perform.
Cloud access key best practices?
+
Rotate keys use IAM roles avoid hardcoding keys and monitor usage.
Cloud access security broker (casb)?
+
CASB is a security solution placed between cloud users and services to
enforce
security policies.
Cloud access security broker (casb)?
+
CASB acts as a policy enforcement point between users and cloud services to
monitor
and protect sensitive data.
Cloud audit logging?
+
Audit logging records user activity configuration changes and security
events in
cloud platforms.
Cloud audit trail?
+
Audit trail logs record all user actions and system changes for
accountability and
compliance.
Cloud breach detection?
+
Breach detection identifies unauthorized access or compromise of cloud
resources.
Cloud compliance auditing?
+
Compliance auditing verifies cloud configurations and operations meet
regulatory
requirements.
Cloud compliance frameworks?
+
Frameworks include ISO 27001 SOC 2 HIPAA PCI DSS and GDPR.
Cloud compliance standards?
+
Standards like ISO 27001, SOC 2, GDPR, HIPAA ensure cloud providers meet
regulatory
security requirements.
Cloud data backup?
+
Data backup creates copies of cloud data to restore in case of loss or
corruption.
Cloud data classification?
+
Data classification categorizes cloud data by sensitivity to apply proper
security
controls.
Cloud data residency?
+
Data residency ensures cloud data is stored in specified geographic
locations to
comply with regulations.
Cloud ddos mitigation best practices?
+
Use distributed protection traffic filtering auto-scaling and monitoring.
Cloud disaster recovery?
+
Disaster recovery ensures cloud workloads can recover quickly from failures
or
attacks.
Cloud encryption best practices?
+
Use strong algorithms rotate keys encrypt in transit and at rest and protect
key
management.
Cloud encryption in transit and at rest?
+
In-transit encryption protects data during network transfer. At-rest
encryption
protects stored data on disk or database.
Cloud encryption key rotation?
+
Key rotation periodically updates encryption keys to reduce the risk of
compromise.
Cloud endpoint security best practices?
+
Install agents enforce policies monitor behavior and isolate compromised
endpoints.
Cloud endpoint security?
+
Endpoint security protects devices that access cloud resources from malware
breaches
or unauthorized access.
Cloud firewall best practices?
+
Use least privilege segment networks update rules regularly and log traffic.
Cloud firewall?
+
Cloud firewall is a network security service to filter and monitor traffic
to cloud
resources.
Cloud forensic investigation?
+
Cloud forensics investigates breaches or attacks to identify root causes and
affected assets.
Cloud identity federation vs sso?
+
Federation allows using external identities; SSO allows single
authentication across
multiple apps.
Cloud identity federation?
+
Allows users to access multiple cloud services using single identity,
enabling SSO
across providers.
Cloud identity management?
+
Cloud identity management handles user authentication authorization and
lifecycle in
cloud services.
Cloud incident management?
+
Incident management handles security events to minimize impact and prevent
recurrence.
Cloud incident response plan?
+
Plan outlines procedures roles and tools for responding to cloud security
incidents.
Cloud incident response?
+
Incident response is the process of detecting analyzing and mitigating
security
incidents in the cloud.
Cloud key management?
+
Cloud key management creates stores rotates and controls access to
cryptographic
keys.
Cloud key rotation policy?
+
Policy defines frequency and procedure for rotating encryption keys.
Cloud logging and monitoring?
+
Collects audit logs, metrics, and events to detect anomalies, unauthorized
access,
and security breaches.
Cloud logging best practices?
+
Centralize logs enable retention monitor for anomalies and secure log
storage.
Cloud logging retention policy?
+
Defines how long logs are stored and ensures they are archived securely for
compliance.
Cloud logging?
+
Cloud logging records user activity system events and access for auditing
and
monitoring.
Cloud malware protection?
+
Malware protection detects and removes malicious software from cloud
workloads and
endpoints.
Cloud misconfiguration?
+
Misconfiguration occurs when cloud resources are improperly configured
creating
security risks.
Cloud monitoring best practices?
+
Monitor critical assets configure alerts and integrate with SIEM and
incident
response.
Cloud monitoring?
+
Cloud monitoring tracks resource usage performance and security threats in
real
time.
Cloud monitoring?
+
Monitoring tools track performance, security events, and availability,
helping
identify issues proactively.
Cloud multi-factor authentication best practices?
+
Enable MFA for all users use strong methods like TOTP or hardware tokens.
Cloud native ha design?
+
Using redundancy, distributed systems, microservices, and auto-scaling to
achieve
high availability.
Cloud native security?
+
Security designed specifically for cloud services and microservices,
including
containers, Kubernetes, and serverless workloads.
Cloud network monitoring?
+
Network monitoring observes traffic flows detects anomalies and enforces
segmentation.
Cloud network segmentation?
+
Network segmentation isolates cloud workloads to reduce attack surfaces.
Cloud patch management?
+
Patch management updates cloud systems and applications to fix
vulnerabilities.
Cloud patch management?
+
Automated application of security patches to OS, software, and applications
running
in the cloud.
Cloud penetration testing policy?
+
Policy defines rules and approvals required before conducting penetration
tests on
cloud services.
Cloud penetration testing tools?
+
Tools include Kali Linux Metasploit Nmap Burp Suite and cloud
provider-native tools.
Cloud penetration testing?
+
Penetration testing simulates attacks on cloud systems to identify
vulnerabilities.
Cloud penetration testing?
+
Ethical testing to identify vulnerabilities and misconfigurations in cloud
infrastructure.
Cloud role-based access control (rbac)?
+
RBAC assigns permissions based on user roles to enforce least privilege.
Cloud secrets management?
+
Secrets management stores and controls access to sensitive information like
API keys
and passwords.
Cloud secure devops?
+
Secure DevOps integrates security into DevOps processes and CI/CD pipelines.
Cloud secure gateway?
+
Secure gateway controls and monitors access between users and cloud
applications.
Cloud security assessment?
+
Assessment evaluates cloud infrastructure configurations and practices
against
security standards.
Cloud security auditing?
+
Auditing evaluates cloud resources and policies to ensure security and
compliance.
Cloud security automation tools?
+
Tools include AWS Config Azure Security Center GCP Security Command Center
and
Terraform with security checks.
Cloud security automation?
+
Automation uses scripts or tools to enforce security policies and remediate
threats
automatically.
Cloud security automation?
+
Automates security checks, patching, and policy enforcement to reduce human
error
and improve speed.
Cloud security baseline?
+
Security baseline defines standard configurations and controls for cloud
environments.
Cloud security best practices?
+
Enforce IAM encryption monitoring logging patching least privilege and
incident
response.
Cloud security group best practices?
+
Use least privilege separate environments restrict inbound/outbound rules
and
monitor traffic.
Cloud security incident types?
+
Types include data breach misconfiguration account compromise malware
infection and
insider threats.
Cloud security monitoring tools?
+
Tools include AWS GuardDuty Azure Defender GCP Security Command Center and
third-party SIEM.
Cloud security orchestration?
+
Security orchestration automates workflows threat response and remediation
across
cloud systems.
Cloud security policy?
+
Policy defines rules standards and practices to protect cloud resources.
Cloud security posture management (cspm)?
+
CSPM continuously monitors cloud environments to detect misconfigurations
and
compliance risks.
Cloud security posture management (cspm)?
+
CSPM tools continuously monitor misconfigurations, vulnerabilities, and
compliance
risks in cloud environments.
Cloud security?
+
Cloud security is the set of policies technologies and controls designed to
protect
data applications and infrastructure in cloud environments.
Cloud security?
+
Cloud security involves policies, controls, procedures, and technologies
that
protect data, applications, and services in the cloud. It ensures
confidentiality,
integrity, and availability (CIA) of cloud resources.
Cloud siem?
+
Cloud SIEM centralizes log collection analysis alerting and reporting for
security
events.
Cloud threat detection?
+
Threat detection identifies malicious activity or anomalies in cloud
environments.
Cloud threat intelligence?
+
Threat intelligence provides data on current security threats and
vulnerabilities to
enhance cloud defenses.
Cloud threat modeling?
+
Threat modeling identifies potential threats and vulnerabilities in cloud
systems
and designs mitigation strategies.
Cloud threat modeling?
+
Identifying potential threats, vulnerabilities, and mitigation strategies
for cloud
architectures.
Cloud vpn?
+
Cloud VPN securely connects on-premises networks to cloud resources over
encrypted
tunnels.
Cloud vulnerability assessment?
+
It identifies security weaknesses in cloud infrastructure applications and
configurations.
Cloud vulnerability management?
+
Vulnerability management identifies prioritizes and remediates security
weaknesses.
Cloud vulnerability scanning?
+
Scanning detects security flaws in cloud infrastructure applications and
containers.
Cloud workload isolation?
+
Workload isolation separates applications or tenants to prevent lateral
movement of
threats.
Cloud workload protection platform (cwpp)?
+
CWPP provides security for workloads running across cloud VMs containers and
serverless environments.
Cloud-native security?
+
Cloud-native security integrates security controls directly into cloud
applications
and infrastructure.
Common saml attributes?
+
email, firstName, lastName, employeeID.
Compliance in cloud security?
+
Compliance ensures cloud deployments adhere to regulatory standards like
GDPR HIPAA
or PCI DSS.
Compliance monitoring in cloud?
+
Continuous auditing to ensure resources follow regulatory and internal
security
standards.
Conditional access?
+
Policies restricting token issuance based on conditions.
Conditional access?
+
Policy engine controlling access based on conditions.
Confidential client?
+
Client that securely stores secrets (backend server).
Configuration management in cloud security?
+
Configuration management ensures cloud resources are deployed securely and
consistently.
Consent screen?
+
UI shown to user listing requested permissions.
Container security?
+
Container security protects containerized applications and their
orchestration
platforms like Docker and Kubernetes.
Container security?
+
Securing containerized applications using image scanning, runtime
protection, and
least privilege.
Continuous compliance?
+
Automated monitoring of cloud resources to maintain compliance with
regulations like
HIPAA or GDPR.
Cookies relate to sso?
+
SSO often uses session cookies to maintain authenticated sessions across
multiple
apps or domains.
Credential stuffing protection?
+
OIDC frameworks block repeated unsuccessful logins.
Cross-domain sso?
+
SSO across different organizations.
Csrf state parameter?
+
Used to protect against CSRF attacks during authentication.
Custom scopes?
+
App-defined permissions for additional claims.
Data loss prevention (dlp)?
+
DLP prevents unauthorized access sharing or leakage of sensitive cloud data.
Data masking?
+
Hides sensitive data in non-production environments to protect privacy while
allowing application testing.
Ddos protection in cloud?
+
Defends cloud services against Distributed Denial of Service attacks using
mitigation, traffic filtering, and scaling.
Decentralized identity?
+
User-controlled identity using blockchain-based models.
Delegation?
+
Acting on behalf of a user with limited privileges.
Destination mismatch'?
+
Assertion sent to wrong ACS URL.
Device code flow?
+
Used by devices with no browser or limited input.
Device code flow?
+
Authentication for devices without browsers.
Diffbet access token and refresh token?
+
Access tokens are short-lived tokens for resource access. Refresh tokens are
long-lived and used to obtain new access tokens without re-authentication.
Diffbet app registration and enterprise application?
+
App Registration = app identity; Enterprise App = SSO configuration
instance.
Diffbet auth code and auth code + pkce?
+
PKCE adds code verifier & challenge for extra security.
Diffbet authentication and authorization?
+
Authentication verifies identity; authorization defines what resources an
authenticated user can access.
Diffbet authentication and authorization?
+
Authentication verifies identity; authorization verifies permissions.
Diffbet availability zone and region?
+
A Region is a geographical location. An Availability Zone (AZ) is an
isolated data
center within a region providing HA.
Diffbet dr and ha?
+
HA focuses on real-time availability and minimal downtime. DR is about
recovering
after a major failure or disaster, which may involve longer restoration
times.
Diffbet icontentservice and ipublishedcontent?
+
IContentService is used for editing/staging content. IPublishedContent is
for
reading published content efficiently.
Diffbet id_token and access_token?
+
ID token is for authentication; access token is for authorization.
Diffbet oauth 1.0 and 2.0?
+
OAuth 1.0 requires cryptographic signing; OAuth 2.0 uses bearer tokens,
simpler
flow, and supports multiple grant types like Authorization Code and Client
Credentials.
Diffbet oauth and openid connect?
+
OAuth is for authorization; OIDC is an authentication layer on top of OAuth
providing user identity.
Diffbet oauth scopes and claims?
+
Scopes define the permissions requested; claims define attributes about the
user or
session.
Diffbet par and jar?
+
PAR = push request; JAR = sign request.
Diffbet published content and draft content?
+
Draft content is editable but not visible to the public; published content
is live
on the website.
Diffbet saml and jwt?
+
SAML uses XML for identity assertions; JWT uses JSON. JWT is lighter and
easier for
APIs, while SAML is enterprise-oriented.
Diffbet saml and jwt?
+
SAML = XML assertions; JWT = JSON tokens.
Diffbet saml and oauth?
+
SAML is for SSO using XML; OAuth is authorization using JSON/REST.
Diffbet saml and oidc?
+
SAML uses XML and is enterprise-focused; OIDC uses JSON and supports modern
apps.
Diffbet sso and mfa?
+
SSO = one login across apps; MFA = additional security factors during login.
Diffbet sso and oauth?
+
SSO is mainly for authentication across apps. OAuth is for delegated
authorization
without sharing credentials.
Diffbet sso and password sync?
+
SSO shares authentication state; password sync copies passwords across
systems.
Diffbet sso and slo?
+
SSO = login across apps; SLO = logout across apps.
Diffbet stateless and stateful authentication?
+
JWT enables stateless authentication—server does not store session info.
Traditional
sessions are stateful, stored on the server.
Diffbet symmetric and asymmetric encryption?
+
Symmetric uses same key for encryption and decryption. Asymmetric uses
public/private key pairs. Asymmetric is used in secure key exchange.
Diffbet umbraco api controllers and mvc controllers?
+
API controllers return JSON or XML data for apps; MVC controllers render
views/templates.
Discovery document?
+
Well-known configuration endpoint for OIDC.
Discovery important?
+
Allows dynamic configuration of OIDC clients.
Distributed denial-of-service (ddos) protection?
+
DDoS protection mitigates attacks that overwhelm cloud services with
traffic.
Do access tokens depend on scopes?
+
Yes, scopes define API permissions.
Do all protocols support slo?
+
Yes, but implementations vary.
Do all sps support sso?
+
Not always — legacy apps may need custom connectors.
Do browsers impact sso?
+
Yes, privacy modes may block redirects/cookies.
Do not log tokens?
+
Never log access or refresh tokens.
Does adfs support mfa?
+
Yes, with built-in and external providers.
Does adfs support oauth2?
+
Yes, since ADFS 3.0.
Does adfs support saml sso?
+
Yes, as IdP and SP.
Does azure ad support saml?
+
Yes, SAML 2.0 with IdP-initiated and SP-initiated flows.
Does id token depend on scopes?
+
Yes, claims in ID Token depend on scopes.
Does jwt work?
+
Server generates JWT after authentication. Client stores it (usually in
local
storage). Subsequent requests include the token in the Authorization header
for
stateless authentication.
Does oidc support single logout?
+
Yes, through RP-Initiated and Front/Back-channel logout.
Does oidc support sso?
+
Yes, OIDC provides Single Sign-On functionality.
Does okta expose jwks?
+
/oauth2/v1/keys endpoint.
Does okta support password sync?
+
Yes, via provisioning connectors.
Does pingfederate issue jwt tokens?
+
Yes, for access and id tokens.
Does pingfederate support mfa?
+
Yes, via PingID or third-party integrations.
Does pingfederate support pkce?
+
Yes, for public clients.
Does pingfederate support saml sso?
+
Yes, both IdP and SP roles.
Does saml ensure security?
+
Uses XML signatures, encryption, certificates, and timestamps.
Does saml metadata contain?
+
Certificates, endpoints, SSO URLs, entity IDs.
Does saml stand for?
+
Security Assertion Markup Language.
Does saml use tokens?
+
Yes, SAML assertions are XML-based tokens.
Does silent logout mean?
+
Logout without redirecting the user.
Does slo fail?
+
Different implementations or expired sessions.
Does sso break?
+
Wrong certificates, clock skew, misconfigured endpoints.
Does sso enhance security?
+
Reduces password fatigue, centralizes authentication policies, enables MFA,
and
minimizes login-related vulnerabilities.
Does sso help in compliance?
+
Yes, supports SOC2, HIPAA, GDPR requirements.
Does sso improve auditability?
+
Centralized login logs.
Does sso improve security?
+
Reduces password fatigue, phishing risk, and enforces central policies.
Does sso improve security?
+
Centralized authentication and MFA enforcement.
Does sso increase productivity?
+
Yes, no repeated logins.
Does sso reduce attack surface?
+
Yes, fewer passwords and login endpoints.
Does sso reduce helpdesk calls?
+
Reduces password reset requests.
Does sso require accurate time sync?
+
Yes, tokens require clock accuracy.
Does sso require certificate management?
+
Yes, periodic rollover is required.
Does sso work?
+
A centralized identity provider authenticates the user, issues a token or
cookie,
and applications trust this token to grant access.
Domain federation?
+
Configures ADFS or external IdP to authenticate domain users.
Dpop?
+
Demonstration of Proof-of-Possession; prevents token theft misuse.
Dynamic client registration?
+
Allows clients to auto-register at IdP.
Dynamic group?
+
Group with rule-based membership.
Email' scope?
+
Access to user email and email_verified.
Encode saml messages?
+
To ensure safe transport via URLs or POST.
Encrypt sensitive attributes?
+
Highly recommended.
Encryption at rest?
+
Encryption at rest protects stored data using cryptographic techniques.
Encryption errors occur?
+
Incorrect certificate or key mismatch.
Encryption in cloud?
+
Encryption protects data in transit and at rest using algorithms like AES or
RSA. It
prevents unauthorized access to sensitive cloud data.
Encryption in transit?
+
Encryption in transit protects data as it travels over networks between
cloud
services or users.
End_session endpoint?
+
Used for OIDC logout operations.
Endpoint security in cloud?
+
Protects client devices, VMs, and containers from malware, unauthorized
access, and
vulnerabilities.
Enforce mfa?
+
Improves security for sensitive resources.
Enterprise application?
+
Represents an SP configuration used for SSO.
Enterprise sso?
+
SSO for employees using enterprise IdPs.
Entity category?
+
Classification of SP/IdP capabilities.
Entity id?
+
A unique identifier for SP or IdP in SAML.
Example of federation hub?
+
Azure AD, ADFS, Okta, PingFederate.
Exp' claim?
+
Expiration timestamp.
Expired assertion'?
+
Assertion outside NotOnOrAfter time.
Explain auto scaling.
+
Auto Scaling automatically adjusts compute resources based on demand,
improving
availability and cost efficiency.
Explain bastion host.
+
A Bastion host is a secure jump server used to access instances in private
networks.
Explain cloud firewall.
+
Cloud firewalls filter network traffic at the edge or VM level, enforcing
security
rules to prevent unauthorized access.
Explain disaster recovery in cloud.
+
Disaster Recovery (DR) is a set of processes to restore cloud applications
and data
after failures. It involves backups, replication, multi-region deployment,
and
failover strategies.
Failover in cloud?
+
Automatic switching to a redundant system when a primary system fails,
ensuring
service continuity.
Fapi?
+
Financial grade API security profile for OIDC/OAuth2.
Fault tolerance in cloud?
+
Fault tolerance ensures the system continues functioning despite component
failures
using redundancy and failover.
Federated identity?
+
Using external identity providers like Google or Azure AD.
Federation hub?
+
Central IdP connecting multiple SPs.
Federation in azure ad?
+
Using ADFS or external IdPs for authentication.
Federation in sso?
+
Trust relationship enabling cross-domain authentication.
Federation metadata?
+
Configuration XML exchanged between IdP and SP.
Federation?
+
Trust between identity providers and service providers.
Fine-grained authorization?
+
Scoped permissions down to resource-level.
Flow is best for iot devices?
+
Device Code flow.
Flow is best for machine-to-machine?
+
Client Credentials.
Flow is best for mobile?
+
Authorization Code with PKCE.
Flow is best for spas?
+
Authorization Code with PKCE (Implicit avoided).
Flow is more secure?
+
SP-initiated, due to request ID validation.
Flow should spas use?
+
Authorization Code Flow with PKCE.
Flow supports refresh tokens?
+
Authorization Code Flow and Hybrid Flow.
Flow supports sso?
+
Authorization Code or Hybrid flow via OIDC.
Flows does azure ad support?
+
Auth Code, PKCE, Client Credentials, Device Code, ROPC.
Format are oauth tokens?
+
Typically JWT or opaque tokens.
Format does oidc use?
+
JSON, REST APIs, and JWT tokens.
Formats can access tokens use?
+
JWT or opaque format.
Formats can id tokens use?
+
Always JWT.
Frontchannel logout?
+
Logout performed via the browser using redirects.
Front-channel logout?
+
Logout via browser redirects.
Front-channel logout?
+
Browser-based logout using redirects.
Front-channel slo?
+
Uses browser redirects for logout.
Global logout?
+
Logout from entire identity federation.
Grant type
+
Defines how the client collects and exchanges access tokens.
Graph api?
+
API to manage users, groups, and apps.
Happens if idp is down during slo?
+
SPs may not logout properly.
Haproxy in cloud?
+
HAProxy is a load balancer and proxy server that supports high availability
and
failover.
High availability (ha) in cloud?
+
HA ensures that cloud services remain accessible with minimal downtime. It
uses
redundancy, failover mechanisms, and load balancing to maintain continuous
operations.
Home realm discovery?
+
Identifies which IdP user belongs to.
Home realm discovery?
+
Choosing correct IdP based on the user.
Http artifact binding?
+
Message reference is sent, not entire assertion.
Http post binding?
+
SAML message sent through an HTML form post.
Http redirect binding?
+
SAML message is sent via URL query string.
Https requirement?
+
OAuth 2.0 must use HTTPS for all communication.
Hybrid cloud security?
+
Hybrid cloud security protects workloads and data across on-premises and
cloud
environments.
Hybrid flow?
+
Combination of implicit + authorization code (OIDC).
Hybrid flow?
+
Combination of Implicit and Authorization Code flows.
Iam in cloud security?
+
Identity and Access Management controls who can access cloud resources and
what
actions they can perform.
Iam in cloud security?
+
Identity and Access Management controls who can access cloud resources and
what they
can do. It includes authentication, authorization, roles, policies, and MFA.
Iat' claim?
+
Issued-at timestamp.
Id token signature?
+
Verifies integrity and authenticity.
Id token?
+
JWT token containing authentication details.
Id token?
+
A JWT containing identity information about the user.
Id_token?
+
OIDC token containing user identity claims.
Id_token_hint?
+
Hint for logout identifying user's ID Token.
Identifier (entity id)?
+
SP unique identifier configured in Azure AD.
Identity brokering?
+
IdP sits between user and multiple IdPs.
Identity federation?
+
Identity federation allows users to access multiple cloud services using a
single
identity.
Identity federation?
+
A trust relationship allowing different systems to share authentication.
Identity hub?
+
A centralized identity broker connecting many IdPs.
Identity protection?
+
Detects risky logins and risky users.
Identity provider (idp)?
+
An IdP is a trusted service that authenticates users and issues tokens or
assertions
for SSO.
Identity provider (idp)?
+
Authenticates users and issues claims.
Identity provider (idp)?
+
A service that authenticates a user and issues SAML assertions.
Identity token validation?
+
Ensuring token signature, audience, and issuer are correct.
Idp discovery?
+
Selecting the correct identity provider for login.
Idp federation?
+
One IdP authenticates users for many SPs.
Idp in sso?
+
Identity Provider — authenticates the user.
Idp metadata url?
+
URL where SP fetches IdP metadata.
Idp proxying?
+
IdP acting as intermediary between user and another IdP.
Idp?
+
System that authenticates users and issues tokens/assertions.
Idp-initiated sso?
+
Login initiated from Identity Provider.
Idp-initiated sso?
+
User starts login at the Identity Provider.
Immutable infrastructure?
+
Infrastructure that is never modified after deployment, only replaced. It
ensures
consistency and security.
Impersonation?
+
User acting as another identity — dangerous and restricted.
Implicit flow deprecated?
+
Exposes tokens to browser and insecure environments.
Implicit flow deprecated?
+
Less secure, exposes tokens in browser URL.
Implicit flow?
+
Legacy browser-based flow without backend; not recommended.
Implicit flow?
+
Old flow that returns tokens via browser fragments.
Implicit grant flow?
+
OAuth 2.0 flow for client-side apps where tokens are returned directly
without
client secret.
Implicit vs code flow?
+
Code Flow more secure; Implicit deprecated.
Incremental consent?
+
Requesting only partial permissions at first.
Inresponseto attribute?
+
Links the response to the matching AuthnRequest.
Inresponseto missing'?
+
IdP did not include request ID; insecure for SP-initiated.
Introspection endpoint?
+
Used to validate opaque access tokens.
Intrusion detection and prevention (ids/ips)?
+
IDS/IPS monitors network traffic for malicious activity, raising alerts or
blocking
threats.
Intrusion detection system (ids)?
+
IDS monitors cloud traffic for malicious activity or policy violations.
Intrusion prevention system (ips)?
+
IPS not only detects but also blocks malicious traffic in real time.
Invalid signature' error?
+
Assertion signature mismatch or wrong certificate.
Is jwt used in microservices?
+
JWT allows secure stateless communication between microservices, with each
service
verifying the token without a central session store.
Is jwt verified?
+
Server uses the secret or public key to verify the token’s signature and
validity,
ensuring it was issued by a trusted source.
Is more reliable — front or back channel?
+
Back-channel, because it avoids browser issues.
Is oauth 2.0 for authentication?
+
Not by design; it's for authorization. OIDC adds authentication.
Is oauth 2.0 stateful or stateless?
+
Can be either, depending on token type and architecture.
Is oidc authentication or authorization?
+
OIDC is authentication; OAuth2 is authorization.
Is oidc stateless or stateful?
+
Stateless — relies on JWT tokens.
Is oidc suitable for mobile apps?
+
Yes, highly optimized for mobile clients.
Is saml used for authentication or authorization?
+
Primarily authentication; asserts user identity to SP.
Is sso a single point of failure?
+
Yes, if IdP is down, login for all apps fails.
Is sso for authentication or authorization?
+
SSO is primarily for authentication.
Is sso latency-prone?
+
Yes, due to redirects and token validation.
Is token expiry handled in oauth?
+
Access tokens have a short TTL; refresh tokens are used to request a new
access
token without user interaction.
Iss' claim?
+
Issuer identifier.
Issuer claim?
+
Identifies authorization server that issued the token.
Issuer mismatch'?
+
Incorrect IdP entity ID used.
Jar (jwt authorization request)?
+
Authorization request packaged as signed JWT.
Jarm?
+
JWT-secured Authorization Response Mode — adds signing to auth responses.
Just-in-time provisioning?
+
Provision user accounts at login time.
Just-in-time provisioning?
+
User is created automatically during login.
Jwks endpoint?
+
JSON Web Key Set for token verification keys.
Jwks uri?
+
Endpoint serving public keys for validating tokens.
Jwks?
+
JSON Web Key Set for validating tokens.
Jwt header?
+
Header specifies the signing algorithm (e.g., HS256) and token type (JWT).
Jwt kid field?
+
Key ID to identify which signing key to use.
Jwt payload?
+
The payload contains claims, which are statements about the user or session
(e.g.,
user ID, roles, expiration).
Jwt signature?
+
The signature ensures the token’s integrity. It is generated using a secret
(HMAC)
or private key (RSA/ECDSA).
Jwt signature?
+
Cryptographic signature verifying authenticity.
Jwt token?
+
Self-contained token with claims.
Jwt?
+
JSON Web Token (JWT) is a compact, URL-safe token format used to securely
transmit
claims between parties. It includes a header, payload, and signature.
Jwt?
+
JSON Web Token — compact, signed token.
Kerberos?
+
Network authentication protocol used in Windows SSO.
Key components of cloud security?
+
Key components include identity and access management (IAM) data protection
network
security monitoring and compliance.
Key management service (kms)?
+
KMS is a cloud service for creating managing and controlling encryption keys
securely.
Key management service (kms)?
+
KMS securely creates, stores, and rotates encryption keys for cloud
resources.
Kubernetes role in ha?
+
Kubernetes provides HA by managing pods across multiple nodes, self-healing,
and
load balancing.
Limit attribute sharing?
+
Minimize data to reduce privacy risk.
Limit scopes?
+
Yes, always follow least privilege.
Load balancer?
+
A load balancer distributes incoming traffic across multiple servers to
ensure high
availability and performance.
Logging & auditing in cloud security?
+
Captures user actions and system events to detect breaches, analyze
incidents, and
meet compliance.
Logout method is most reliable?
+
Back-channel logout.
Main cloud security challenges?
+
Challenges include data breaches insecure APIs misconfigured cloud services
insider
threats and compliance issues.
Main types of cloud security?
+
Includes Data Security, Network Security, Identity & Access Management
(IAM),
Application Security, and Endpoint Security. It protects cloud workloads
from
breaches and vulnerabilities.
Metadata important?
+
Ensures both IdP and SP trust each other and understand endpoints.
Metadata signature?
+
Indicates authenticity of metadata file.
Mfa in oauth?
+
Additional step enforced by authorization server.
Microsegmentation in cloud security?
+
Divides networks into smaller segments to isolate workloads and minimize
lateral
attack movement.
Microsoft graph permissions?
+
Scopes that define what an app can access.
Monitor saml logs?
+
Detects anomalies and attacks.
Mtls in oauth?
+
Mutual TLS binding tokens to client certificates.
Multi-cloud security?
+
Multi-cloud security manages security consistently across multiple cloud
providers.
Multi-factor authentication (mfa)?
+
MFA requires multiple forms of verification to access cloud resources
enhancing
security.
Multi-factor authentication (mfa)?
+
MFA requires two or more verification methods to access cloud resources,
enhancing
security beyond passwords.
Multi-federation?
+
Multiple IdPs serving different user groups.
Multi-region deployment?
+
Deploying resources in multiple regions improves disaster recovery,
redundancy, and
availability.
Multi-tenant app?
+
App serving multiple organizations with separate identities.
Multi-tenant identity?
+
Multiple tenants share identity infrastructure.
Nameid formats?
+
EmailAddress, Persistent, Transient, Unspecified.
Nameid?
+
Unique identifier for the user in SAML.
Nameidmapping?
+
Mapping NameIDs between IdP and SP.
Network acl?
+
Network ACL is a stateless firewall used to control traffic at the subnet
level.
Network acl?
+
A Network Access Control List controls traffic at the subnet level. It
provides an
additional layer beyond security groups.
Nonce' claim?
+
Used to prevent replay attacks.
Nonce used for?
+
To prevent replay attacks.
Nonce used for?
+
Prevents replay attacks.
Nonce?
+
Unique value used in ID token to prevent replay.
Not to store tokens?
+
LocalStorage or unencrypted browser memory.
Notbefore claim?
+
Defines earliest time the assertion is valid.
Notonorafter claim?
+
Expiration time of assertion.
Oauth 2
+
OAuth 2 is an open authorization framework enabling secure access delegation
without
sharing passwords.
Oauth 2.0 grant types?
+
Auth Code, PKCE, Client Credentials, Password, Implicit, Device Code.
Oauth 2.0?
+
An authorization framework allowing third-party apps to access user
resources
without sharing passwords.
Oauth 2.1?
+
A simplification removing implicit and ROPC flows; PKCE required.
Oauth backchannel logout?
+
Mechanism to notify apps of user logout.
Oauth device flow?
+
Auth flow for devices without browsers.
Oauth grant types?
+
Common grant types: Authorization Code, Implicit, Password Credentials,
Client
Credentials. They define how clients obtain access tokens.
Oauth introspection endpoint?
+
API to check token validity for opaque tokens.
Oauth revocation endpoint?
+
API to revoke access or refresh tokens.
Oauth?
+
OAuth is an open-standard authorization protocol that allows third-party
apps to
access user resources without sharing credentials. It issues access tokens
to grant
limited access to resources.
Oauth2 used for?
+
Authorization, not authentication.
Oauth2 with sso integration?
+
OAuth2 with SSO enables a single login using OAuth’s token-based
authorization to
access multiple protected services.
Oidc claims?
+
Statements about a user (e.g., email, name).
Oidc created?
+
To enable secure user authentication using modern JSON/REST technology.
Oidc discovery document?
+
Well-known configuration containing endpoints and metadata.
Oidc federation?
+
Uses OIDC for federated identity.
Oidc flow is best for spas?
+
Auth Code Flow with PKCE.
Oidc in apple sign-in?
+
Apple Sign-In is based on OIDC standards.
Oidc in auth0?
+
Auth0 fully supports OIDC flows and JWT issuance.
Oidc in aws cognito?
+
Cognito provides OIDC-based hosted UI flows.
Oidc in azure ad?
+
Azure AD supports OIDC with Microsoft Identity platform.
Oidc in fusionauth?
+
FusionAuth supports OIDC, MFA, and OAuth2 flows.
Oidc in google identity?
+
Google uses OIDC for all user authentication.
Oidc in keycloak?
+
Keycloak is an open-source IdP supporting OIDC.
Oidc in okta?
+
Okta provides custom and default OIDC authorization servers.
Oidc in pingfederate?
+
PingFederate supports OIDC with OAuth AS extensions.
Oidc in salesforce?
+
Salesforce acts as an OIDC provider for SSO.
Oidc in sso?
+
OAuth2-based identity layer issuing ID tokens.
Oidc preferred over saml?
+
Lightweight JSON tokens, mobile-ready, modern architecture.
Oidc scopes?
+
Permissions for claims in ID Token/UserInfo.
Oidc vs api keys?
+
OIDC is secure and user-based; API keys are static secrets.
Oidc vs basic auth?
+
OIDC uses token-based modern auth; Basic Auth sends credentials each time.
Oidc vs jwt?
+
OIDC uses JWT; JWT is a token format, not a protocol.
Oidc vs kerberos?
+
OIDC = web/mobile; Kerberos = internal network protocol.
Oidc vs oauth device flow?
+
OIDC is for login; Device Flow is for non-browser devices.
Oidc vs oauth2?
+
OIDC adds authentication; OAuth2 only handles authorization.
Oidc vs password auth?
+
OIDC uses tokens; password auth uses credentials directly.
Oidc vs saml?
+
OIDC uses JSON/REST; SAML uses XML. OIDC suits mobile and modern apps.
Oidc vs ws-fed?
+
OIDC is modern JSON-based; WS-Fed is legacy Microsoft protocol.
Oidc?
+
OpenID Connect is an identity layer built on top of OAuth 2.0 to
authenticate users.
Okta api token?
+
Token used for administrative API calls.
Okta app integration?
+
Application configuration for SSO.
Okta asa?
+
Advanced Server Access for SSH/RDP identity access.
Okta authentication api?
+
REST API for user authentication and token issuance.
Okta authorization server?
+
Custom OAuth server controlling token issuance.
Okta identity engine?
+
New adaptive authentication platform.
Okta idp discovery?
+
Chooses correct IdP based on user attributes.
Okta inline hook?
+
Extend Okta flows with external logic.
Okta mfa?
+
Multi-step authentication including SMS, Push, TOTP.
Okta org?
+
Dedicated Okta tenant for an organization.
Okta risk-based authentication?
+
Dynamically challenges or blocks based on risk.
Okta sign-on policy?
+
Rules defining how users authenticate to applications.
Okta system log?
+
Audit log for events and authentication attempts.
Okta universal directory?
+
Directory service storing users, groups, and attributes.
Okta verify?
+
Mobile authenticator for push and TOTP.
Okta vs adfs?
+
Okta = cloud SaaS; ADFS = on-prem with heavy infrastructure.
Okta vs pingfederate?
+
Okta = cloud-first; Ping = enterprise customizable federation.
Okta workflow?
+
Automation engine for identity tasks.
Okta?
+
Identity platform supporting SAML SSO.
Okta?
+
Identity and access management provider for cloud applications.
Opaque token?
+
Token that requires introspection to validate.
Openid connect (oidc)?
+
OIDC is an identity layer on top of OAuth 2.0 for authentication, returning
an ID
token that provides user identity info.
Openid' scope?
+
Mandatory scope to enable OIDC.
Par (pushed authorization request)?
+
Client sends authorization details via a secure POST before redirect.
Par (pushed authorization requests)?
+
Securely sends auth request to IdP before redirect — prevents tampering.
Partial logout?
+
Only some apps logout.
Password credentials grant
+
User provides username/password directly to client; now discouraged due to
security
risks.
Password vaulting sso?
+
SSO by storing and auto-filling credentials.
Passwordless sso?
+
SSO without passwords using FIDO2/WebAuthn.
Persistent nameid?
+
Long-lived identifier for a user.
Phone' scope?
+
Access to phone and phone_verified.
Pingdirectory?
+
Directory used with PingFederate for user management.
Pingfederate authentication policy?
+
Controls how authentication decisions are made.
Pingfederate connection?
+
Configuration linking SP and IdP.
Pingfederate console?
+
Admin dashboard for configuration.
Pingfederate idp adapter?
+
Plugin to authenticate users (LDAP, Kerberos etc).
Pingfederate oauth as?
+
Acts as authorization server issuing tokens.
Pingfederate vs adfs?
+
Ping = more flexible; ADFS = Microsoft ecosystem-focused.
Pingfederate?
+
Enterprise IdP/SP platform supporting SAML.
Pingfederate?
+
Enterprise federation server for SSO and identity integration.
Pingone?
+
Cloud identity solution integrating with PingFederate.
Pkce extension?
+
Proof Key for Code Exchange — protects public clients.
Pkce introduced?
+
To prevent authorization code interception attacks.
Pkce?
+
Proof Key for Code Exchange; improves security for public clients.
Pkce?
+
Enhances OAuth2 security for public clients.
Policy contract?
+
Defines attributes shared with SP/IdP.
Post_logout_redirect_uri?
+
URL where user is redirected after logout.
Principle of least privilege?
+
Users are granted only the permissions necessary to perform their job
functions.
Privileged identity management?
+
Controls and audits privileged roles.
Problem does oauth 2.0 solve?
+
It enables secure delegated access using tokens instead of credentials.
Profile' scope?
+
Access to basic user attributes.
Prohibited in oidc?
+
Tokens through URL (except legacy implicit flow).
Proof-of-possession?
+
Tokens tied to a key so only holder with key can use them.
Protocol does azure ad support?
+
OIDC, OAuth2, SAML2, WS-Fed.
Protocol format does saml use?
+
XML.
Protocol is best for mobile apps?
+
OIDC and OAuth2.
Protocol is best for web apps?
+
SAML2 for enterprises, OIDC for modern apps.
Protocol uses json/jwt?
+
OIDC.
Protocol uses xml?
+
SAML2.
Protocols does adfs support?
+
SAML, WS-Fed, OAuth2, OIDC.
Protocols does okta support?
+
OIDC, OAuth2, SAML2, SCIM.
Protocols does pingfederate support?
+
OIDC, OAuth2, SAML2, WS-Trust.
Protocols support sso?
+
SAML2, OIDC, OAuth2, WS-Fed, Kerberos.
Public client?
+
Cannot securely store secrets — e.g., mobile, SPAs.
Public client?
+
Client without a secure place to store secrets (SPA, mobile app).
Rate limiting in cloud security?
+
Limits the number of requests to APIs or services to prevent abuse and DDoS
attacks.
Recipient attribute?
+
SP endpoint expected to receive the assertion.
Redirect uri?
+
Endpoint where authorization server sends tokens or codes.
Redirect_uri?
+
URL where tokens/codes are sent after login.
Redundancy in ha?
+
Duplication of critical components to avoid single points of failure, e.g.,
multiple
servers, networks, or databases.
Refresh token flow?
+
Used to obtain new access tokens silently.
Refresh token grace period?
+
Allows old token to work briefly during rotation.
Refresh token lifetime?
+
Can be days to months based on policy.
Refresh token rotation?
+
Each refresh returns a new token; old one invalidated.
Refresh token?
+
A long-lived token used to obtain new access tokens.
Refresh token?
+
Used to get new access tokens without re-login.
Refresh token?
+
A long-lived token used to get new access tokens.
Refresh tokens long lived?
+
To enable new access tokens without user interaction.
Registration endpoint?
+
Dynamic client registration.
Relationship between oauth2 and oidc?
+
OIDC extends OAuth2 by adding identity features.
Relaystate?
+
State parameter passed between SP and IdP to maintain context.
Relaystate?
+
Parameter that preserves return URL or context.
Relying party trust?
+
Configuration for apps that rely on ADFS for authentication.
Replay attack?
+
Reusing captured tokens.
Replay detected'?
+
Assertion already used before.
Reply/acs url?
+
Endpoint where Azure AD posts SAML responses.
Resource owner password grant (ropc)?
+
User sends username/password directly; insecure and deprecated.
Resource owner?
+
The user or entity owning the protected resource.
Resource server responsibility?
+
Validate tokens and expose APIs.
Resource server?
+
The API hosting the protected resources.
Response_mode?
+
Defines how tokens are returned (query, form_post, fragment).
Response_type?
+
Defines which tokens are returned (code, id_token, token).
Restrict redirect_uri?
+
Prevents token leakage to malicious URLs.
Risk-based authentication?
+
Adaptive authentication based on context.
Risk-based sso?
+
Challenges based on user risk profile.
Ropc flow?
+
Resource Owner Password Credentials — now discouraged.
Ropc used?
+
Legacy or highly trusted systems; not recommended.
Rotate certificates periodically?
+
Prevents long-term compromises.
Rotate secrets regularly?
+
Client secrets should be rotated periodically.
Rp-initiated logout?
+
Client logs the user out at IdP.
Rpo and rto?
+
RPO (Recovery Point Objective): max data loss allowed, RTO (Recovery Time
Objective): max downtime allowed during recovery
Saml 2.0?
+
A standard for exchanging authentication and authorization data using
XML-based
security assertions.
Saml attribute query?
+
SP querying user attributes via SOAP.
Saml authentication flow?
+
SP sends AuthnRequest → IdP authenticates → IdP sends assertion → SP
validates →
user logged in.
Saml binding?
+
Defines how SAML messages are transported over HTTP.
Saml federation?
+
Allows authentication across organizations.
Saml federation?
+
Establishes trust using SAML metadata.
Saml flow is more secure?
+
SP-initiated SSO due to request ID matching.
Saml in sso?
+
XML-based single sign-on protocol used in enterprises.
Saml is not good for mobile?
+
XML processing is heavy and not designed for mobile flows.
Saml logoutrequest?
+
Request to initiate logout across IdP and SP.
Saml metadata?
+
XML document describing IdP and SP configuration.
Saml profile?
+
Defines use cases like Web SSO, SLO, IdP proxying.
Saml response?
+
XML message containing the SAML assertion.
Saml response?
+
IdP's message containing user identity.
Saml single logout (slo)?
+
Logout from one system logs the user out of all SAML-connected systems.
Saml still used?
+
Strong enterprise adoption and compatibility with legacy systems.
Saml strength?
+
Federated SSO, enterprise security.
Saml weakness?
+
Complexity, XML overhead, slower than OIDC.
Saml?
+
Security Assertion Markup Language (SAML) is an XML-based standard for
exchanging
authentication and authorization data between an identity provider and
service
provider.
Scim provisioning in okta?
+
Automatic user account creation/deletion in apps.
Scim provisioning?
+
Automatic provisioning of users to cloud apps.
Scim?
+
Protocol for automated user provisioning.
Scim?
+
Automated user provisioning for SSO apps.
Scope restriction?
+
Limit token permissions to least privilege.
Scope?
+
Defines the level of access requested by the client.
Seamless sso?
+
Automatically signs in users on corporate devices.
Secrets management?
+
Securely stores and manages API keys, passwords, and certificates used by
cloud apps
and containers.
Security automation with devsecops?
+
Integrating security in CI/CD pipelines to automate scanning, testing, and
policy
enforcement during development.
Security context?
+
Session stored after validating assertion.
Security group vs network acl?
+
Security group is stateful; network ACL is stateless and applies at subnet
level.
Security group?
+
Security Groups act as virtual firewalls in cloud environments to control
inbound
and outbound traffic for VMs and containers.
Security groups in cloud?
+
Security groups act as virtual firewalls controlling inbound and outbound
traffic to
cloud resources.
Security information and event management (siem)?
+
SIEM collects analyzes and reports on security events across cloud
environments.
Security information and event management (siem)?
+
SIEM collects and analyzes logs in real-time to detect, alert, and respond
to
security threats.
Separate auth and resource servers?
+
Improves security and scales better.
Serverless security?
+
Serverless security addresses vulnerabilities in functions-as-a-service
(FaaS) and
managed backend services.
Serverless security?
+
Securing FaaS (Functions as a Service) involves identity policies, least
privilege
access, and monitoring event triggers.
Service provider (sp)?
+
SP is the application that relies on IdP for authentication and trusts the
IdP’s
tokens or assertions.
Service provider (sp)?
+
Relies on IdP for authentication.
Service provider (sp)?
+
An application that consumes SAML assertions and grants access.
Session endpoint?
+
Endpoint for session management.
Session federation?
+
Sharing session state across domains.
Session hijacking?
+
Stealing a valid session to impersonate a user.
Session in sso?
+
Stored authentication state allowing continuous access.
Session token vs id token?
+
Session = internal system token; ID token = external identity token.
Session_state?
+
Identifier for user session at IdP.
Shared responsibility model in aws?
+
AWS secures the cloud infrastructure; customers secure their data
applications and
configurations.
Shared responsibility model in azure?
+
Azure secures physical data centers; customers manage applications data and
identity.
Shared responsibility model in gcp?
+
GCP secures the infrastructure; customers secure workloads data and user
access.
Shared responsibility model?
+
It defines which security responsibilities belong to the cloud provider and
which to
the customer.
Should assertions be encrypted?
+
Yes, especially for sensitive data.
Should tokens be short-lived?
+
Reduces impact of compromise.
Signature validation?
+
Checks if signed by trusted IdP.
Signature verification fails?
+
Wrong certificate or XML manipulation.
Silent authentication?
+
Refreshes tokens without user interaction.
Single federation?
+
Using one IdP across multiple apps.
Single logout?
+
Logout from one app logs out from all federated apps.
Single sign-on (sso)?
+
SSO enables users to log in once and access multiple cloud applications
without
re-authentication.
Sla in cloud?
+
Service Level Agreement defines uptime guarantees, availability, and
performance
metrics with providers.
Slo is more reliable?
+
Back-channel — avoids browser failures.
Slo may fail?
+
SPs may ignore logout request or session mismatch.
Slo unreliable?
+
Different SP implementations and browser constraints.
Slo?
+
Single Logout — logs user out from all apps.
Slo?
+
Single Logout across all federated apps.
Sni support in adfs?
+
Allows multiple SSL certs on same host.
Soap binding?
+
Used for back-channel communication like logout.
Sp adapter?
+
Adapter to authenticate SP requests.
Sp federation?
+
One SP trusts multiple IdPs.
Sp in sso?
+
Service Provider — application consuming the identity.
Sp metadata url?
+
URL where IdP fetches SP metadata.
Sp?
+
Application that uses IdP authentication.
Sp-initiated sso?
+
Login initiated from Service Provider.
Sp-initiated sso?
+
User starts login at the Service Provider.
Ssl/tls in cloud?
+
SSL/TLS encrypts data in transit, ensuring secure communication between
clients and
cloud services.
Sso connector?
+
Pre-integrated SSO configuration for apps.
Sso improves identity governance?
+
Yes, ensures consistent user lifecycle management.
Sso in saml?
+
Single Sign-On enabling users to access multiple apps with one login.
Sso needed?
+
It improves user experience and security by eliminating repeated logins.
Sso provider?
+
A platform offering authentication and federation services.
Sso setup complex?
+
Requires certificates, metadata, mappings, and trust configuration.
Sso url?
+
Identity Provider endpoint that handles authentication requests.
Sso with adfs?
+
Supports SAML and WS-Fed for on-prem identity.
Sso with azure ad?
+
Uses SAML, OIDC, OAuth, and Conditional Access.
Sso with okta?
+
Supports SAML, OIDC, SCIM, and rich policy controls.
Sso with pingfederate?
+
Enterprise SSO with SAML, OAuth, and adaptive auth.
Sso?
+
SSO allows users to log in once and access multiple applications without
re-entering
credentials. It improves UX and security.
Sso?
+
Single sign-on allowing one login for multiple apps.
Sso?
+
Single Sign-On enabling access to multiple apps after one login.
Sso?
+
Single Sign-On allows a user to log in once and access multiple systems
without
logging in again.
State parameter?
+
Protects against CSRF attacks.
State parameter?
+
Protects against CSRF attacks.
Step-up authentication?
+
Requesting stronger authentication mid-session.
Sts?
+
Security Token Service issuing tokens.
Sub' claim?
+
Subject — unique identifier of the user.
Subjectconfirmationdata?
+
Contains conditions like recipient and expiration.
Surface controllers?
+
Surface controllers handle form submissions and page interactions in MVC
views for
Umbraco sites.
Tenant in azure ad?
+
A dedicated Azure AD instance for an organization.
Test slo compatibility?
+
Different SPs/IdPs implement SLO inconsistently.
Tls required for oidc?
+
Prevents token interception.
To check adfs logs?
+
Use Event Viewer under ADFS Admin logs.
To export metadata?
+
Access /FederationMetadata/2007-06/FederationMetadata.xml.
To extend umbraco functionality?
+
Use custom controllers, property editors, surface controllers, or packages.
To handle jwt expiration?
+
Use short-lived access tokens and refresh tokens to renew them without
re-authentication.
To implement role-based authorization with jwt?
+
Include roles in JWT claims and validate in the application to allow/deny
access to
resources.
To implement sso with umbraco?
+
Integrate with SAML/OIDC provider; configure Umbraco to trust the IdP,
enabling
centralized authentication.
To integrate oauth with umbraco?
+
Use OAuth packages or middleware to enable login with third-party providers.
Tokens
are verified in the Umbraco back-office.
To integrate oauth/jwt in angular or react with
umbraco
backend?
+
Frontend requests token via OAuth flow; backend validates JWT before serving
content
or API data.
To prevent replay attacks?
+
Use PoP tokens or nonce/PKCE mechanisms.
To prevent replay attacks?
+
Use timestamps, one-time use, and session validation.
To prevent replay attacks?
+
Use timestamps, nonce, and audience restrictions.
To prevent session hijacking?
+
Use secure cookies, TLS, and short sessions.
To prevent token hijacking?
+
Use HTTPS, short-lived tokens, PKCE, and secure storage.
To refresh jwt tokens?
+
Use refresh tokens to request a new access token without re-authentication.
Implement server-side validation for security.
To revoke jwt tokens?
+
Maintain a blacklist or short-lived tokens; revoke by invalidating refresh
tokens.
To secure microservices with jwt?
+
Each microservice validates the token signature, expiry, and claims,
ensuring
stateless and secure access.
To secure umbraco back-office?
+
Enable HTTPS, enforce strong passwords, MFA, and assign roles/permissions to
users.
To store access tokens?
+
Secure storage: keychain, secure enclave, or encrypted storage.
To update token-signing certificates?
+
Auto-rollover or manual certificate update.
Token accesses apis?
+
Access Token.
Token binding?
+
Binding tokens to TLS keys; prevents misuse.
Token binding?
+
Binds tokens to client to prevent misuse.
Token chaining?
+
Passing tokens between multiple services.
Token decryption certificate?
+
Certificate used to decrypt incoming tokens.
Token encryption?
+
Encrypts token contents for confidentiality.
Token endpoint?
+
Used to exchange authorization code for tokens.
Token exchange?
+
Exchange one token for another with different scopes.
Token exchange?
+
Exchanging one token for another under OIDC/OAuth2.
Token expiration?
+
Tokens expire after a predefined time to limit misuse.
Token expiration?
+
Tokens become invalid after time limit.
Token formats does okta issue?
+
JWT-based ID, access, refresh tokens.
Token hashing?
+
Hashing codes or values to prevent leakage.
Token hashing?
+
Hash embedded in ID Token to confirm token integrity.
Token hijacking?
+
Stealing tokens to impersonate users.
Token introspection?
+
Endpoint to check token validity.
Token introspection?
+
Checks validity of OAuth access tokens.
Token introspection?
+
Endpoint used to validate opaque tokens.
Token lifetime policy?
+
Rules controlling validity of issued tokens.
Token proves authentication?
+
ID Token.
Token renewal?
+
Extending session without login.
Token replay attack?
+
Attacker reuses a captured token to gain access.
Token replay attack?
+
Reusing a stolen assertion to impersonate a user.
Token revocation?
+
Invalidating a token before it expires.
Token revocation?
+
Endpoint to revoke refresh or access tokens.
Token scope?
+
Permissions embedded in the token.
Token signing certificate?
+
Certificate used to sign SAML assertions.
Token signing key?
+
Key used to sign JWT tokens.
Token signing?
+
Cryptographically signing tokens to prevent tampering.
Token types adfs issues?
+
SAML tokens, JWT tokens in OAuth/OIDC.
Token types does azure ad issue?
+
Access token, ID token, Refresh token.
Tokenization?
+
Tokenization replaces sensitive data with unique identifiers (tokens) to
reduce
exposure.
Transient nameid?
+
Short-lived identifier used once per session.
Transport does saml commonly use?
+
HTTP Redirect, HTTP POST, HTTP Artifact.
Trust establishment?
+
Exchange of metadata and certificates.
Types of grants
+
Authorization Code, Client Credentials, Password Credentials, Refresh Token,
and
Implicit (deprecated).
Types of groups exist?
+
Directory groups, imported groups, application groups.
Types of oidc clients?
+
Public and confidential clients.
Types of pingfederate connections?
+
SP connections, IdP connections.
Types of saml assertions?
+
Authentication, Authorization Decision, Attribute.
Types of slo?
+
Front-channel and back-channel.
Types of sso does azure ad support?
+
SAML, OIDC, OAuth, Password-based SSO.
Types of sso does okta support?
+
SAML, OIDC, password vaulting.
Umbraco content service?
+
Content Service API allows CRUD operations on content nodes
programmatically.
Unsolicited response?
+
IdP-initiated response not tied to AuthnRequest.
Url of oidc discovery?
+
/.well-known/openid-configuration.
Use artifact binding?
+
More secure, avoids sending assertion through browser.
Use https always?
+
Yes, required for OAuth to avoid token leakage.
Use https everywhere?
+
Required for secure SAML transmission.
Use https in sso?
+
Protects token transport.
Use ip restrictions?
+
Adds another protection layer.
Use long-lived refresh tokens?
+
Only with rotation and revocation.
Use oidc over saml?
+
For mobile, SPAs, APIs, and modern cloud systems.
Use pkce for public clients?
+
Always.
Use rate limiting?
+
Avoid abuse of authorization endpoints.
Use refresh token rotation?
+
Prevents stolen refresh tokens from being reused.
Use saml over oidc?
+
For enterprise SSO with legacy systems.
Use secure token storage?
+
Use OS-protected key stores.
Use short assertion lifetimes?
+
Mitigates replay risk.
Use short-lived access tokens?
+
Recommended for security and performance.
Use transient nameid?
+
Enhances privacy by avoiding long-term IDs.
Userinfo endpoint?
+
Returns user profile attributes.
Userinfo signature?
+
Signed UserInfo responses for extra security.
Validate audience restrictions?
+
Ensures assertion is meant for the SP.
Validate audience?
+
Ensures token is intended for the client.
Validate expiration?
+
Prevents using expired tokens.
Validate issuer and audience?
+
Must be validated on every API call.
Validate issuer?
+
Ensures token is from trusted identity provider.
Validate redirect uris?
+
Required to prevent redirects to malicious sites.
Validate timestamps?
+
Prevents replay attacks.
Virtual private cloud (vpc)?
+
VPC is an isolated cloud network with controlled access to resources.
Virtual private cloud (vpc)?
+
A VPC isolates cloud resources in a private network, controlling routing,
subnets,
and security policies.
Wap pre-authentication?
+
Validates user before forwarding to backend server.
X.509 certificate used for in saml?
+
To sign and encrypt assertions.
Xml encryption?
+
Encrypts assertion contents for confidentiality.
Xml signature?
+
Cryptographic signing of SAML assertions.
You configure claim rules?
+
Using rule templates or custom claims transformation.
You configure sp-initiated sso?
+
Enable SAML integration with proper ACS and Entity ID.
You deploy pingfederate?
+
On-prem VM, container, or cloud VM.
Zero downtime deployment?
+
Deploying updates without interrupting service by blue-green or rolling
deployment
strategies.
Zero trust security?
+
Zero trust assumes no implicit trust; all users and devices must be verified
before
accessing resources.
Zero-trust security?
+
Zero-trust assumes no implicit trust. Every request must be verified
regardless of
origin or location.
JKM AUTHORIZATION & CLOUD SECURITY
What is authentication?
+
Authentication verifies the identity of a user or system.
What is authorization?
+
Authorization determines what resources an authenticated user can access.
What is the difference between authentication and
authorization?
+
Authentication verifies identity, authorization verifies permissions.
What is Identity Provider (IdP)?
+
A trusted service that authenticates users and issues tokens or assertions.
What is Service Provider (SP)?
+
An application that relies on an IdP for authentication.
What is federation?
+
A trust relationship between IdP and SP for authentication.
What is Single Sign-On (SSO)?
+
SSO allows users to log in once and access multiple applications.
What is Single Logout (SLO)?
+
SLO logs the user out of all federated applications.
What is claims-based authentication?
+
Authentication based on claims about the user.
What is a claim?
+
A key-value statement about a user or session.
What is a token?
+
A digital credential representing authentication or authorization.
What is an access token?
+
A token used to access protected APIs.
What is an ID token?
+
A token containing authenticated user identity information.
What is a refresh token?
+
A long-lived token used to obtain new access tokens.
What is audience (aud) claim?
+
Identifies the intended recipient of the token.
What is issuer (iss) claim?
+
Identifies the authorization server that issued the token.
What is expiration (exp) claim?
+
Defines when a token becomes invalid.
What is nonce used for?
+
To prevent replay attacks.
What is least privilege?
+
Granting users only the permissions they need.
What is MFA?
+
Multi-Factor Authentication requires multiple verification factors.
What is OAuth 2.0?
+
OAuth 2.0 is an authorization framework that allows delegated access to
resources.
What problem does OAuth 2.0 solve?
+
It enables secure access to APIs without sharing user credentials.
Who are the main OAuth 2.0 roles?
+
Resource Owner, Client, Authorization Server, and Resource Server.
Who is the Resource Owner?
+
The user who owns the protected data.
What is the OAuth Client?
+
An application requesting access to resources.
What is the Authorization Server?
+
The server that authenticates users and issues tokens.
What is the Resource Server?
+
The API server that hosts protected resources.
What is an authorization grant?
+
A credential representing the resource owner’s authorization.
What is Authorization Code Grant?
+
A secure grant where the client exchanges a code for tokens.
When is Authorization Code Grant used?
+
For server-side and confidential client applications.
What is Authorization Code with PKCE?
+
An enhanced authorization code flow for public clients.
Why is PKCE used?
+
To prevent authorization code interception attacks.
What is Client Credentials Grant?
+
A grant used for machine-to-machine authentication.
When is Client Credentials Grant used?
+
When no user context is required.
What is Resource Owner Password Credentials Grant?
+
A grant where the client directly uses user credentials.
Why is Password Grant discouraged?
+
It exposes user credentials and reduces security.
What is Implicit Grant?
+
A legacy grant that returns tokens directly to the client.
Why is Implicit Grant deprecated?
+
It is insecure compared to Authorization Code with PKCE.
What is scope in OAuth 2.0?
+
A permission defining allowed access levels.
What is consent in OAuth 2.0?
+
User approval for requested scopes.
What is OpenID Connect (OIDC)?
+
OIDC is an identity layer built on top of OAuth 2.0.
What problem does OIDC solve?
+
It provides authentication and user identity information.
What type of protocol is OIDC?
+
A standardized identity authentication protocol.
What is the relationship between OAuth 2.0 and OIDC?
+
OIDC extends OAuth 2.0 to add authentication capabilities.
What is an ID token?
+
A JWT that contains authenticated user identity information.
What format is an ID token?
+
JSON Web Token (JWT).
What is the subject (sub) claim?
+
A unique identifier for the authenticated user.
What is the email claim?
+
A claim containing the user’s email address.
What is the name claim?
+
A claim containing the user’s display name.
What is the preferred_username claim?
+
A user-friendly login identifier.
What is OIDC scope?
+
A permission defining what identity data is requested.
What are common OIDC scopes?
+
openid, profile, email, and offline_access.
What is the userinfo endpoint?
+
An endpoint that returns user profile information.
What is the discovery endpoint?
+
An endpoint exposing OIDC configuration metadata.
What is OIDC metadata?
+
Configuration details like endpoints and supported features.
What is nonce in OIDC?
+
A value used to prevent replay attacks.
What is hybrid flow?
+
A flow returning both code and tokens.
What is implicit flow in OIDC?
+
A legacy authentication flow returning tokens directly.
Why is implicit flow discouraged?
+
It is less secure than authorization code flow.
What is logout endpoint in OIDC?
+
An endpoint used for single logout.
What is JWT?
+
JWT is a compact, URL-safe token format for securely transmitting claims.
What are the parts of a JWT?
+
Header, Payload, and Signature.
What does the JWT header contain?
+
Token type and signing algorithm information.
What does the JWT payload contain?
+
Claims representing user and token data.
What is a JWT signature?
+
A cryptographic signature ensuring token integrity.
What are registered JWT claims?
+
Standard claims like iss, sub, aud, exp, nbf, and iat.
What are public JWT claims?
+
Custom claims defined by applications without conflicts.
What are private JWT claims?
+
Claims shared between specific parties.
What is token signing?
+
Cryptographically signing a token to prevent tampering.
What is symmetric signing?
+
Using a shared secret key to sign and verify tokens.
What is asymmetric signing?
+
Using a private key to sign and public key to verify tokens.
What algorithms are commonly used for JWT?
+
HS256, RS256, and ES256.
What is token validation?
+
Verifying token signature, issuer, audience, and expiration.
What is token expiration?
+
The time after which a token becomes invalid.
What is token revocation?
+
Invalidating tokens before their expiration.
What is token introspection?
+
Checking token validity with the authorization server.
What is key rotation?
+
Regularly changing cryptographic keys for security.
What is JWKS endpoint?
+
An endpoint exposing public keys for token validation.
What is replay attack?
+
Reusing a valid token to gain unauthorized access.
How are replay attacks prevented?
+
Using short token lifetimes, nonce, and TLS.
What is IAM in cloud security?
+
IAM is Identity and Access Management for controlling user access to
resources.
Why is IAM important in cloud environments?
+
It ensures secure and controlled access to cloud resources.
What is an IAM user?
+
An identity representing a person or service.
What is an IAM group?
+
A collection of IAM users with shared permissions.
What is an IAM role?
+
A set of permissions assumed temporarily by users or services.
What is Role-Based Access Control (RBAC)?
+
An access model based on assigned roles.
How does RBAC improve security?
+
By enforcing least privilege and reducing access complexity.
What is Attribute-Based Access Control (ABAC)?
+
Access control based on attributes of users and resources.
What is policy-based access control?
+
Access rules defined using policies.
What is an IAM policy?
+
A document defining allowed or denied actions.
What is least privilege principle?
+
Granting only minimum required permissions.
What is privilege escalation?
+
Gaining higher permissions than authorized.
What is conditional access?
+
Access control based on conditions like location or device.
What is multi-tenant access control?
+
Managing access across multiple tenants securely.
What is resource-based policy?
+
A policy attached directly to a resource.
What is identity federation in cloud IAM?
+
Trusting external identities for access.
What is service-to-service authentication?
+
Authenticating machine identities between services.
What is managed identity?
+
A cloud-managed identity for applications.
What is access review?
+
Periodic evaluation of assigned permissions.
What is just-in-time access?
+
Granting temporary permissions when needed.
What is a cloud security threat?
+
A potential event that can compromise cloud resources or data.
What is a cloud security attack?
+
An intentional attempt to exploit cloud vulnerabilities.
What is data breach in cloud security?
+
Unauthorized access to sensitive cloud data.
What is account hijacking?
+
Taking control of cloud accounts using stolen credentials.
What is credential stuffing?
+
Using leaked credentials to gain unauthorized access.
What is phishing?
+
Deceiving users into revealing credentials or secrets.
What is insider threat?
+
Security risk originating from trusted users.
What is misconfiguration in cloud security?
+
Incorrect cloud settings that expose resources.
Why are misconfigurations dangerous?
+
They can expose data and services publicly.
What is DDoS attack?
+
Overwhelming cloud services with excessive traffic.
What is API abuse?
+
Exploiting exposed APIs for unauthorized access.
What is privilege escalation attack?
+
Gaining higher access than intended.
What is malware in cloud environments?
+
Malicious software targeting cloud workloads.
What is ransomware?
+
Malware that encrypts data and demands ransom.
What is man-in-the-middle attack?
+
Intercepting communication between two parties.
What is data exfiltration?
+
Unauthorized transfer of data outside cloud systems.
How is cloud attack surface reduced?
+
By minimizing exposed services and permissions.
What is threat mitigation?
+
Actions taken to reduce or eliminate security risks.
How is MFA used for mitigation?
+
Adds additional verification layers to prevent breaches.
How does encryption mitigate threats?
+
Protects data confidentiality even if accessed.
What is network security in cloud computing?
+
Protecting cloud networks from unauthorized access and attacks.
What is network segmentation?
+
Dividing networks into isolated segments for security.
What is a virtual network (VNet/VPC)?
+
A logically isolated cloud network.
What is a subnet?
+
A segmented range of IP addresses within a virtual network.
What is a firewall?
+
A security system that controls network traffic.
What is a Network Security Group (NSG)?
+
A rule-based firewall for controlling inbound and outbound traffic.
What is a security rule?
+
A rule defining allowed or denied network traffic.
What is inbound traffic?
+
Traffic coming into a cloud resource.
What is outbound traffic?
+
Traffic leaving a cloud resource.
What is Zero Trust security model?
+
A model that assumes no implicit trust for any user or device.
What is the core principle of Zero Trust?
+
Never trust, always verify.
What does Zero Trust require?
+
Strong identity verification and continuous access evaluation.
What is identity-centric security?
+
Security focused on verifying identities rather than networks.
What is micro-segmentation?
+
Applying security controls at granular workload levels.
What is Defense-in-Depth?
+
A layered security approach using multiple controls.
What are layers in Defense-in-Depth?
+
Identity, network, compute, application, and data layers.
What is perimeter security?
+
Security controls at network boundaries.
What is internal network security?
+
Security controls within internal cloud networks.
How does encryption support network security?
+
It protects data transmitted over networks.
Why is Zero Trust important in cloud?
+
Because cloud environments are highly distributed and dynamic.
What is compliance in cloud security?
+
Compliance ensures cloud systems meet legal and regulatory requirements.
What is governance in cloud security?
+
Governance defines policies, controls, and accountability for cloud usage.
Why is cloud compliance important?
+
It reduces legal risk and ensures data protection standards.
What are common cloud compliance standards?
+
ISO 27001, SOC 2, GDPR, HIPAA, and PCI DSS.
What is GDPR?
+
A regulation protecting personal data of EU residents.
What is HIPAA?
+
A regulation protecting healthcare data privacy.
What is PCI DSS?
+
A standard for securing payment card data.
What is SOC 2?
+
A framework for managing customer data securely.
What is ISO 27001?
+
An international information security management standard.
What is shared responsibility model?
+
A model defining security responsibilities between cloud provider and
customer.
What is security governance policy?
+
A documented set of security rules and procedures.
What is audit logging?
+
Recording security-related activities for review.
What is security monitoring?
+
Continuous observation of systems for threats.
What is compliance audit?
+
Formal evaluation of compliance adherence.
What is data classification?
+
Categorizing data based on sensitivity.
What is data residency?
+
Storing data in specific geographic locations.
What is incident response plan?
+
A structured approach to handling security incidents.
What is security awareness training?
+
Educating users about security threats and best practices.
What are cloud security best practices?
+
Least privilege, MFA, encryption, monitoring, and regular audits.
Why is continuous compliance important?
+
Because cloud environments change dynamically.
JKM Azure DevOps
Azure Artifacts?
+
A repository for packages like NuGet, npm, or Maven, enabling sharing and
versioning
of artifacts in DevOps pipelines.
Azure Boards?
+
Azure Boards provide work item tracking, Kanban boards, sprints, and backlog
management for Agile project planning.
Azure DevOps?
+
Azure DevOps is a Microsoft platform for CI/CD, project management, source
control,
and testing pipelines. Supports Boards, Repos, Pipelines, Artifacts, and
Test Plans.
Azure Pipelines?
+
Azure Pipelines enable CI/CD automation for building, testing, and deploying
applications across multiple environments.
Azure Repos?
+
Azure Repos provides Git or TFVC repositories for source control and
versioning.
DiffBet Azure DevOps Services and Server?
+
Services is cloud-hosted (SaaS), Server is on-premise. Services updates
automatically; Server requires manual upgrades.
DiffBet build and release pipelines?
+
Build pipeline compiles code, runs tests, and produces artifacts. Release
pipeline
deploys artifacts to environments.
Implement CI/CD in Azure DevOps?
+
Push code → build pipeline triggers → run tests → publish artifacts →
release
pipeline deploys to target environments.
Manage permissions in Azure DevOps?
+
Use security groups, role-based access, and project-level permissions to
control
access to boards, repos, and pipelines.
YAML in Azure Pipelines?
+
YAML defines pipeline stages, jobs, and tasks in a text file that can be
versioned
with source control.
Azure Artifacts?
+
A repository for packages like NuGet, npm, or Maven, enabling sharing and
versioning
of artifacts in DevOps pipelines.
Azure Boards?
+
Azure Boards provide work item tracking, Kanban boards, sprints, and backlog
management for Agile project planning.
Azure DevOps?
+
Azure DevOps is a Microsoft platform for CI/CD, project management, source
control,
and testing pipelines. Supports Boards, Repos, Pipelines, Artifacts, and
Test Plans.
Azure Pipelines?
+
Azure Pipelines enable CI/CD automation for building, testing, and deploying
applications across multiple environments.
Azure Repos?
+
Azure Repos provides Git or TFVC repositories for source control and
versioning.
DiffBet Azure DevOps Services and Server?
+
Services is cloud-hosted (SaaS), Server is on-premise. Services updates
automatically; Server requires manual upgrades.
DiffBet build and release pipelines?
+
Build pipeline compiles code, runs tests, and produces artifacts. Release
pipeline
deploys artifacts to environments.
Implement CI/CD in Azure DevOps?
+
Push code → build pipeline triggers → run tests → publish artifacts →
release
pipeline deploys to target environments.
Manage permissions in Azure DevOps?
+
Use security groups, role-based access, and project-level permissions to
control
access to boards, repos, and pipelines.
YAML in Azure Pipelines?
+
YAML defines pipeline stages, jobs, and tasks in a text file that can be
versioned
with source control.
Azure Artifacts?
+
A repository for packages like NuGet, npm, or Maven, enabling sharing and
versioning
of artifacts in DevOps pipelines.
Azure Boards?
+
Azure Boards provide work item tracking, Kanban boards, sprints, and backlog
management for Agile project planning.
Azure DevOps?
+
Azure DevOps is a Microsoft platform for CI/CD, project management, source
control,
and testing pipelines. Supports Boards, Repos, Pipelines, Artifacts, and
Test Plans.
Azure Pipelines?
+
Azure Pipelines enable CI/CD automation for building, testing, and deploying
applications across multiple environments.
Azure Repos?
+
Azure Repos provides Git or TFVC repositories for source control and
versioning.
DiffBet Azure DevOps Services and Server?
+
Services is cloud-hosted (SaaS), Server is on-premise. Services updates
automatically; Server requires manual upgrades.
DiffBet build and release pipelines?
+
Build pipeline compiles code, runs tests, and produces artifacts. Release
pipeline
deploys artifacts to environments.
Implement CI/CD in Azure DevOps?
+
Push code → build pipeline triggers → run tests → publish artifacts →
release
pipeline deploys to target environments.
Manage permissions in Azure DevOps?
+
Use security groups, role-based access, and project-level permissions to
control
access to boards, repos, and pipelines.
YAML in Azure Pipelines?
+
YAML defines pipeline stages, jobs, and tasks in a text file that can be
versioned
with source control.
Azure Artifacts?
+
A repository for packages like NuGet, npm, or Maven, enabling sharing and
versioning
of artifacts in DevOps pipelines.
Azure Boards?
+
Azure Boards provide work item tracking, Kanban boards, sprints, and backlog
management for Agile project planning.
Azure DevOps?
+
Azure DevOps is a Microsoft platform for CI/CD, project management, source
control,
and testing pipelines. Supports Boards, Repos, Pipelines, Artifacts, and
Test Plans.
Azure Pipelines?
+
Azure Pipelines enable CI/CD automation for building, testing, and deploying
applications across multiple environments.
Azure Repos?
+
Azure Repos provides Git or TFVC repositories for source control and
versioning.
DiffBet Azure DevOps Services and Server?
+
Services is cloud-hosted (SaaS), Server is on-premise. Services updates
automatically; Server requires manual upgrades.
DiffBet build and release pipelines?
+
Build pipeline compiles code, runs tests, and produces artifacts. Release
pipeline
deploys artifacts to environments.
Implement CI/CD in Azure DevOps?
+
Push code → build pipeline triggers → run tests → publish artifacts →
release
pipeline deploys to target environments.
Manage permissions in Azure DevOps?
+
Use security groups, role-based access, and project-level permissions to
control
access to boards, repos, and pipelines.
YAML in Azure Pipelines?
+
YAML defines pipeline stages, jobs, and tasks in a text file that can be
versioned
with source control.
Azure Artifacts?
+
A repository for packages like NuGet, npm, or Maven, enabling sharing and
versioning
of artifacts in DevOps pipelines.
Azure Boards?
+
Azure Boards provide work item tracking, Kanban boards, sprints, and backlog
management for Agile project planning.
Azure DevOps?
+
Azure DevOps is a Microsoft platform for CI/CD, project management, source
control,
and testing pipelines. Supports Boards, Repos, Pipelines, Artifacts, and
Test Plans.
Azure Pipelines?
+
Azure Pipelines enable CI/CD automation for building, testing, and deploying
applications across multiple environments.
Azure Repos?
+
Azure Repos provides Git or TFVC repositories for source control and
versioning.
DiffBet Azure DevOps Services and Server?
+
Services is cloud-hosted (SaaS), Server is on-premise. Services updates
automatically; Server requires manual upgrades.
DiffBet build and release pipelines?
+
Build pipeline compiles code, runs tests, and produces artifacts. Release
pipeline
deploys artifacts to environments.
Implement CI/CD in Azure DevOps?
+
Push code → build pipeline triggers → run tests → publish artifacts →
release
pipeline deploys to target environments.
Manage permissions in Azure DevOps?
+
Use security groups, role-based access, and project-level permissions to
control
access to boards, repos, and pipelines.
YAML in Azure Pipelines?
+
YAML defines pipeline stages, jobs, and tasks in a text file that can be
versioned
with source control.
JKM Azure DevOps (Azure Pipelines)
Agent pool?
+
A collection of machines where pipeline jobs are executed.
Artifacts in Azure DevOps?
+
Build outputs stored for deployment, sharing, or consumption in releases.
Azure DevOps?
+
A cloud-based DevOps platform with boards, repos, pipelines, artifacts, and
test
plans.
Azure Pipelines?
+
CI/CD service in Azure DevOps for building, testing, and deploying
applications.
DiffBet Classic and YAML pipelines?
+
Classic uses a visual editor; YAML pipelines are code-based and versioned in
the
repo.
Handle secrets in Azure Pipelines?
+
Use Azure Key Vault integration or pipeline variables marked as secret.
Release pipeline?
+
Defines deployment to multiple environments with approvals, gates, and
artifact
consumption.
Schedule pipelines in Azure DevOps?
+
Use triggers like scheduled pipelines with CRON expressions.
Stages in Azure Pipelines?
+
Logical phases like Build, Test, and Deploy, which contain jobs and tasks.
Task in Azure Pipeline?
+
Predefined operations like build, deploy, test, or script execution within a
job.
Agent pool?
+
A collection of machines where pipeline jobs are executed.
Artifacts in Azure DevOps?
+
Build outputs stored for deployment, sharing, or consumption in releases.
Azure DevOps?
+
A cloud-based DevOps platform with boards, repos, pipelines, artifacts, and
test
plans.
Azure Pipelines?
+
CI/CD service in Azure DevOps for building, testing, and deploying
applications.
DiffBet Classic and YAML pipelines?
+
Classic uses a visual editor; YAML pipelines are code-based and versioned in
the
repo.
Handle secrets in Azure Pipelines?
+
Use Azure Key Vault integration or pipeline variables marked as secret.
Release pipeline?
+
Defines deployment to multiple environments with approvals, gates, and
artifact
consumption.
Schedule pipelines in Azure DevOps?
+
Use triggers like scheduled pipelines with CRON expressions.
Stages in Azure Pipelines?
+
Logical phases like Build, Test, and Deploy, which contain jobs and tasks.
Task in Azure Pipeline?
+
Predefined operations like build, deploy, test, or script execution within a
job.
Agent pool?
+
A collection of machines where pipeline jobs are executed.
Artifacts in Azure DevOps?
+
Build outputs stored for deployment, sharing, or consumption in releases.
Azure DevOps?
+
A cloud-based DevOps platform with boards, repos, pipelines, artifacts, and
test
plans.
Azure Pipelines?
+
CI/CD service in Azure DevOps for building, testing, and deploying
applications.
DiffBet Classic and YAML pipelines?
+
Classic uses a visual editor; YAML pipelines are code-based and versioned in
the
repo.
Handle secrets in Azure Pipelines?
+
Use Azure Key Vault integration or pipeline variables marked as secret.
Release pipeline?
+
Defines deployment to multiple environments with approvals, gates, and
artifact
consumption.
Schedule pipelines in Azure DevOps?
+
Use triggers like scheduled pipelines with CRON expressions.
Stages in Azure Pipelines?
+
Logical phases like Build, Test, and Deploy, which contain jobs and tasks.
Task in Azure Pipeline?
+
Predefined operations like build, deploy, test, or script execution within a
job.
Agent pool?
+
A collection of machines where pipeline jobs are executed.
Artifacts in Azure DevOps?
+
Build outputs stored for deployment, sharing, or consumption in releases.
Azure DevOps?
+
A cloud-based DevOps platform with boards, repos, pipelines, artifacts, and
test
plans.
Azure Pipelines?
+
CI/CD service in Azure DevOps for building, testing, and deploying
applications.
DiffBet Classic and YAML pipelines?
+
Classic uses a visual editor; YAML pipelines are code-based and versioned in
the
repo.
Handle secrets in Azure Pipelines?
+
Use Azure Key Vault integration or pipeline variables marked as secret.
Release pipeline?
+
Defines deployment to multiple environments with approvals, gates, and
artifact
consumption.
Schedule pipelines in Azure DevOps?
+
Use triggers like scheduled pipelines with CRON expressions.
Stages in Azure Pipelines?
+
Logical phases like Build, Test, and Deploy, which contain jobs and tasks.
Task in Azure Pipeline?
+
Predefined operations like build, deploy, test, or script execution within a
job.
Agent pool?
+
A collection of machines where pipeline jobs are executed.
Artifacts in Azure DevOps?
+
Build outputs stored for deployment, sharing, or consumption in releases.
Azure DevOps?
+
A cloud-based DevOps platform with boards, repos, pipelines, artifacts, and
test
plans.
Azure Pipelines?
+
CI/CD service in Azure DevOps for building, testing, and deploying
applications.
DiffBet Classic and YAML pipelines?
+
Classic uses a visual editor; YAML pipelines are code-based and versioned in
the
repo.
Handle secrets in Azure Pipelines?
+
Use Azure Key Vault integration or pipeline variables marked as secret.
Release pipeline?
+
Defines deployment to multiple environments with approvals, gates, and
artifact
consumption.
Schedule pipelines in Azure DevOps?
+
Use triggers like scheduled pipelines with CRON expressions.
Stages in Azure Pipelines?
+
Logical phases like Build, Test, and Deploy, which contain jobs and tasks.
Task in Azure Pipeline?
+
Predefined operations like build, deploy, test, or script execution within a
job.
JKM Azure Functions
Azure Functions?
+
Serverless compute service to run event-driven code. Charges based on
execution time
and resources.
Cold start in Azure Functions?
+
Delay when a function is triggered after idle. Mitigated using Premium Plan
or
Always On.
DiffBet Function App and Function?
+
Function App is the container for multiple functions sharing runtime and
configuration. Functions are individual tasks.
Durable Function?
+
Extension to Functions for stateful, orchestrated workflows over
long-running
processes.
Hosting plans for Azure Functions?
+
Consumption Plan (serverless), Premium Plan (pre-warmed instances),
Dedicated (App
Service Plan).
Input and output binding in Functions?
+
Bindings simplify connecting functions to external services (storage,
queues, DBs)
without explicit code.
Languages are supported in Azure Functions?
+
C#, JavaScript, Python, Java, PowerShell, TypeScript, and custom handlers.
Monitor Azure Functions?
+
Use Application Insights to track execution, failures, performance, and
logs.
Secure Azure Functions?
+
Use API keys, OAuth, managed identities, or Azure AD integration.
Triggers Azure Functions?
+
HTTP requests, timers, Blob storage changes, Service Bus, Event Hubs, and
Cosmos DB
triggers.
Azure Functions?
+
Serverless compute service to run event-driven code. Charges based on
execution time
and resources.
Cold start in Azure Functions?
+
Delay when a function is triggered after idle. Mitigated using Premium Plan
or
Always On.
DiffBet Function App and Function?
+
Function App is the container for multiple functions sharing runtime and
configuration. Functions are individual tasks.
Durable Function?
+
Extension to Functions for stateful, orchestrated workflows over
long-running
processes.
Hosting plans for Azure Functions?
+
Consumption Plan (serverless), Premium Plan (pre-warmed instances),
Dedicated (App
Service Plan).
Input and output binding in Functions?
+
Bindings simplify connecting functions to external services (storage,
queues, DBs)
without explicit code.
Languages are supported in Azure Functions?
+
C#, JavaScript, Python, Java, PowerShell, TypeScript, and custom handlers.
Monitor Azure Functions?
+
Use Application Insights to track execution, failures, performance, and
logs.
Secure Azure Functions?
+
Use API keys, OAuth, managed identities, or Azure AD integration.
Triggers Azure Functions?
+
HTTP requests, timers, Blob storage changes, Service Bus, Event Hubs, and
Cosmos DB
triggers.
Azure Functions?
+
Serverless compute service to run event-driven code. Charges based on
execution time
and resources.
Cold start in Azure Functions?
+
Delay when a function is triggered after idle. Mitigated using Premium Plan
or
Always On.
DiffBet Function App and Function?
+
Function App is the container for multiple functions sharing runtime and
configuration. Functions are individual tasks.
Durable Function?
+
Extension to Functions for stateful, orchestrated workflows over
long-running
processes.
Hosting plans for Azure Functions?
+
Consumption Plan (serverless), Premium Plan (pre-warmed instances),
Dedicated (App
Service Plan).
Input and output binding in Functions?
+
Bindings simplify connecting functions to external services (storage,
queues, DBs)
without explicit code.
Languages are supported in Azure Functions?
+
C#, JavaScript, Python, Java, PowerShell, TypeScript, and custom handlers.
Monitor Azure Functions?
+
Use Application Insights to track execution, failures, performance, and
logs.
Secure Azure Functions?
+
Use API keys, OAuth, managed identities, or Azure AD integration.
Triggers Azure Functions?
+
HTTP requests, timers, Blob storage changes, Service Bus, Event Hubs, and
Cosmos DB
triggers.
Azure Functions?
+
Serverless compute service to run event-driven code. Charges based on
execution time
and resources.
Cold start in Azure Functions?
+
Delay when a function is triggered after idle. Mitigated using Premium Plan
or
Always On.
DiffBet Function App and Function?
+
Function App is the container for multiple functions sharing runtime and
configuration. Functions are individual tasks.
Durable Function?
+
Extension to Functions for stateful, orchestrated workflows over
long-running
processes.
Hosting plans for Azure Functions?
+
Consumption Plan (serverless), Premium Plan (pre-warmed instances),
Dedicated (App
Service Plan).
Input and output binding in Functions?
+
Bindings simplify connecting functions to external services (storage,
queues, DBs)
without explicit code.
Languages are supported in Azure Functions?
+
C#, JavaScript, Python, Java, PowerShell, TypeScript, and custom handlers.
Monitor Azure Functions?
+
Use Application Insights to track execution, failures, performance, and
logs.
Secure Azure Functions?
+
Use API keys, OAuth, managed identities, or Azure AD integration.
Triggers Azure Functions?
+
HTTP requests, timers, Blob storage changes, Service Bus, Event Hubs, and
Cosmos DB
triggers.
Azure Functions?
+
Serverless compute service to run event-driven code. Charges based on
execution time
and resources.
Cold start in Azure Functions?
+
Delay when a function is triggered after idle. Mitigated using Premium Plan
or
Always On.
DiffBet Function App and Function?
+
Function App is the container for multiple functions sharing runtime and
configuration. Functions are individual tasks.
Durable Function?
+
Extension to Functions for stateful, orchestrated workflows over
long-running
processes.
Hosting plans for Azure Functions?
+
Consumption Plan (serverless), Premium Plan (pre-warmed instances),
Dedicated (App
Service Plan).
Input and output binding in Functions?
+
Bindings simplify connecting functions to external services (storage,
queues, DBs)
without explicit code.
Languages are supported in Azure Functions?
+
C#, JavaScript, Python, Java, PowerShell, TypeScript, and custom handlers.
Monitor Azure Functions?
+
Use Application Insights to track execution, failures, performance, and
logs.
Secure Azure Functions?
+
Use API keys, OAuth, managed identities, or Azure AD integration.
Triggers Azure Functions?
+
HTTP requests, timers, Blob storage changes, Service Bus, Event Hubs, and
Cosmos DB
triggers.
Azure Functions?
+
Serverless compute service to run event-driven code. Charges based on
execution time
and resources.
Cold start in Azure Functions?
+
Delay when a function is triggered after idle. Mitigated using Premium Plan
or
Always On.
DiffBet Function App and Function?
+
Function App is the container for multiple functions sharing runtime and
configuration. Functions are individual tasks.
Durable Function?
+
Extension to Functions for stateful, orchestrated workflows over
long-running
processes.
Hosting plans for Azure Functions?
+
Consumption Plan (serverless), Premium Plan (pre-warmed instances),
Dedicated (App
Service Plan).
Input and output binding in Functions?
+
Bindings simplify connecting functions to external services (storage,
queues, DBs)
without explicit code.
Languages are supported in Azure Functions?
+
C#, JavaScript, Python, Java, PowerShell, TypeScript, and custom handlers.
Monitor Azure Functions?
+
Use Application Insights to track execution, failures, performance, and
logs.
Secure Azure Functions?
+
Use API keys, OAuth, managed identities, or Azure AD integration.
Triggers Azure Functions?
+
HTTP requests, timers, Blob storage changes, Service Bus, Event Hubs, and
Cosmos DB
triggers.
Azure Functions?
+
Serverless compute service to run event-driven code. Charges based on
execution time
and resources.
Cold start in Azure Functions?
+
Delay when a function is triggered after idle. Mitigated using Premium Plan
or
Always On.
DiffBet Function App and Function?
+
Function App is the container for multiple functions sharing runtime and
configuration. Functions are individual tasks.
Durable Function?
+
Extension to Functions for stateful, orchestrated workflows over
long-running
processes.
Hosting plans for Azure Functions?
+
Consumption Plan (serverless), Premium Plan (pre-warmed instances),
Dedicated (App
Service Plan).
Input and output binding in Functions?
+
Bindings simplify connecting functions to external services (storage,
queues, DBs)
without explicit code.
Languages are supported in Azure Functions?
+
C#, JavaScript, Python, Java, PowerShell, TypeScript, and custom handlers.
Monitor Azure Functions?
+
Use Application Insights to track execution, failures, performance, and
logs.
Secure Azure Functions?
+
Use API keys, OAuth, managed identities, or Azure AD integration.
Triggers Azure Functions?
+
HTTP requests, timers, Blob storage changes, Service Bus, Event Hubs, and
Cosmos DB
triggers.
Azure Functions?
+
Serverless compute service to run event-driven code. Charges based on
execution time
and resources.
Cold start in Azure Functions?
+
Delay when a function is triggered after idle. Mitigated using Premium Plan
or
Always On.
DiffBet Function App and Function?
+
Function App is the container for multiple functions sharing runtime and
configuration. Functions are individual tasks.
Durable Function?
+
Extension to Functions for stateful, orchestrated workflows over
long-running
processes.
Hosting plans for Azure Functions?
+
Consumption Plan (serverless), Premium Plan (pre-warmed instances),
Dedicated (App
Service Plan).
Input and output binding in Functions?
+
Bindings simplify connecting functions to external services (storage,
queues, DBs)
without explicit code.
Languages are supported in Azure Functions?
+
C#, JavaScript, Python, Java, PowerShell, TypeScript, and custom handlers.
Monitor Azure Functions?
+
Use Application Insights to track execution, failures, performance, and
logs.
Secure Azure Functions?
+
Use API keys, OAuth, managed identities, or Azure AD integration.
Triggers Azure Functions?
+
HTTP requests, timers, Blob storage changes, Service Bus, Event Hubs, and
Cosmos DB
triggers.
Azure Functions?
+
Serverless compute service to run event-driven code. Charges based on
execution time
and resources.
Cold start in Azure Functions?
+
Delay when a function is triggered after idle. Mitigated using Premium Plan
or
Always On.
DiffBet Function App and Function?
+
Function App is the container for multiple functions sharing runtime and
configuration. Functions are individual tasks.
Durable Function?
+
Extension to Functions for stateful, orchestrated workflows over
long-running
processes.
Hosting plans for Azure Functions?
+
Consumption Plan (serverless), Premium Plan (pre-warmed instances),
Dedicated (App
Service Plan).
Input and output binding in Functions?
+
Bindings simplify connecting functions to external services (storage,
queues, DBs)
without explicit code.
Languages are supported in Azure Functions?
+
C#, JavaScript, Python, Java, PowerShell, TypeScript, and custom handlers.
Monitor Azure Functions?
+
Use Application Insights to track execution, failures, performance, and
logs.
Secure Azure Functions?
+
Use API keys, OAuth, managed identities, or Azure AD integration.
Triggers Azure Functions?
+
HTTP requests, timers, Blob storage changes, Service Bus, Event Hubs, and
Cosmos DB
triggers.
Azure Functions?
+
Serverless compute service to run event-driven code. Charges based on
execution time
and resources.
Cold start in Azure Functions?
+
Delay when a function is triggered after idle. Mitigated using Premium Plan
or
Always On.
DiffBet Function App and Function?
+
Function App is the container for multiple functions sharing runtime and
configuration. Functions are individual tasks.
Durable Function?
+
Extension to Functions for stateful, orchestrated workflows over
long-running
processes.
Hosting plans for Azure Functions?
+
Consumption Plan (serverless), Premium Plan (pre-warmed instances),
Dedicated (App
Service Plan).
Input and output binding in Functions?
+
Bindings simplify connecting functions to external services (storage,
queues, DBs)
without explicit code.
Languages are supported in Azure Functions?
+
C#, JavaScript, Python, Java, PowerShell, TypeScript, and custom handlers.
Monitor Azure Functions?
+
Use Application Insights to track execution, failures, performance, and
logs.
Secure Azure Functions?
+
Use API keys, OAuth, managed identities, or Azure AD integration.
Triggers Azure Functions?
+
HTTP requests, timers, Blob storage changes, Service Bus, Event Hubs, and
Cosmos DB
triggers.
JKM Azure Key Vault
Access Key Vault from code?
+
Use Azure SDK, REST API, or managed identity for authentication.
Azure Key Vault?
+
Cloud service to securely store secrets, keys, and certificates. Helps
centralize
and manage sensitive information.
Backup and restore Key Vault?
+
Azure provides APIs and PowerShell commands to backup keys, secrets, and
certificates and restore in another vault.
Control access to Key Vault?
+
Use Access Policies or Azure RBAC to assign read/write permissions to users
or
services.
DiffBet Function App Plan types?
+
Consumption: serverless, auto-scale, pay per execution. Premium: pre-warmed
instances, VNET support. Dedicated: fixed resources, always on.
DiffBet secrets and keys?
+
Secrets store sensitive info (passwords), keys are for cryptographic
operations
(encryption, signing).
DiffBet soft-delete and purge protection?
+
Soft-delete allows recovery of deleted objects. Purge protection prevents
permanent
deletion until explicitly disabled.
DiffBet Standard and Premium tiers in Service Bus?
+
Premium provides dedicated resources, higher throughput, low latency, and
advanced
features like sessions and transactions.
DiffBet topics and queues in Service Bus?
+
Queues are one-to-one messaging; topics allow one-to-many messaging via
subscriptions.
Ensure message ordering in Service Bus?
+
Use message sessions or partitioned queues to maintain FIFO processing.
Integrate Service Bus with Azure Functions?
+
Use Service Bus trigger in Functions to automatically execute code when a
message
arrives in queue/topic.
Key Vault improves security in cloud applications?
+
Centralized secrets management, reduces hardcoding credentials, integrates
with
managed identities, and ensures compliance.
Managed Identity with Key Vault?
+
Enables secure access from Azure resources without storing credentials in
code.
monitor Key Vault access?
+
Enable diagnostic logs to Azure Monitor or Event Hub for auditing access and
usage.
Multiple functions share a Key Vault?
+
Yes, multiple Function Apps can access the same Key Vault via managed
identities.
Objects can be stored in Key Vault?
+
Secrets (passwords), Keys (encryption), Certificates (SSL/TLS).
Purpose of Key Vault in DevOps pipelines?
+
Securely inject secrets, certificates, and keys into CI/CD pipelines without
exposing credentials.
Rotate secrets in Key Vault?
+
Use automatic or manual rotation to periodically update keys/secrets without
downtime.
Scale Azure App Service?
+
Scale up (bigger instance) or scale out (more instances). Autoscale can
respond to
CPU/memory metrics.
soft-delete in Key Vault?
+
Allows recovery of deleted secrets/keys for a retention period (default 90
days).
Access Key Vault from code?
+
Use Azure SDK, REST API, or managed identity for authentication.
Azure Key Vault?
+
Cloud service to securely store secrets, keys, and certificates. Helps
centralize
and manage sensitive information.
Backup and restore Key Vault?
+
Azure provides APIs and PowerShell commands to backup keys, secrets, and
certificates and restore in another vault.
Control access to Key Vault?
+
Use Access Policies or Azure RBAC to assign read/write permissions to users
or
services.
DiffBet Function App Plan types?
+
Consumption: serverless, auto-scale, pay per execution. Premium: pre-warmed
instances, VNET support. Dedicated: fixed resources, always on.
DiffBet secrets and keys?
+
Secrets store sensitive info (passwords), keys are for cryptographic
operations
(encryption, signing).
DiffBet soft-delete and purge protection?
+
Soft-delete allows recovery of deleted objects. Purge protection prevents
permanent
deletion until explicitly disabled.
DiffBet Standard and Premium tiers in Service Bus?
+
Premium provides dedicated resources, higher throughput, low latency, and
advanced
features like sessions and transactions.
DiffBet topics and queues in Service Bus?
+
Queues are one-to-one messaging; topics allow one-to-many messaging via
subscriptions.
Ensure message ordering in Service Bus?
+
Use message sessions or partitioned queues to maintain FIFO processing.
Integrate Service Bus with Azure Functions?
+
Use Service Bus trigger in Functions to automatically execute code when a
message
arrives in queue/topic.
Key Vault improves security in cloud applications?
+
Centralized secrets management, reduces hardcoding credentials, integrates
with
managed identities, and ensures compliance.
Managed Identity with Key Vault?
+
Enables secure access from Azure resources without storing credentials in
code.
monitor Key Vault access?
+
Enable diagnostic logs to Azure Monitor or Event Hub for auditing access and
usage.
Multiple functions share a Key Vault?
+
Yes, multiple Function Apps can access the same Key Vault via managed
identities.
Objects can be stored in Key Vault?
+
Secrets (passwords), Keys (encryption), Certificates (SSL/TLS).
Purpose of Key Vault in DevOps pipelines?
+
Securely inject secrets, certificates, and keys into CI/CD pipelines without
exposing credentials.
Rotate secrets in Key Vault?
+
Use automatic or manual rotation to periodically update keys/secrets without
downtime.
Scale Azure App Service?
+
Scale up (bigger instance) or scale out (more instances). Autoscale can
respond to
CPU/memory metrics.
soft-delete in Key Vault?
+
Allows recovery of deleted secrets/keys for a retention period (default 90
days).
Access Key Vault from code?
+
Use Azure SDK, REST API, or managed identity for authentication.
Azure Key Vault?
+
Cloud service to securely store secrets, keys, and certificates. Helps
centralize
and manage sensitive information.
Backup and restore Key Vault?
+
Azure provides APIs and PowerShell commands to backup keys, secrets, and
certificates and restore in another vault.
Control access to Key Vault?
+
Use Access Policies or Azure RBAC to assign read/write permissions to users
or
services.
DiffBet Function App Plan types?
+
Consumption: serverless, auto-scale, pay per execution. Premium: pre-warmed
instances, VNET support. Dedicated: fixed resources, always on.
DiffBet secrets and keys?
+
Secrets store sensitive info (passwords), keys are for cryptographic
operations
(encryption, signing).
DiffBet soft-delete and purge protection?
+
Soft-delete allows recovery of deleted objects. Purge protection prevents
permanent
deletion until explicitly disabled.
DiffBet Standard and Premium tiers in Service Bus?
+
Premium provides dedicated resources, higher throughput, low latency, and
advanced
features like sessions and transactions.
DiffBet topics and queues in Service Bus?
+
Queues are one-to-one messaging; topics allow one-to-many messaging via
subscriptions.
Ensure message ordering in Service Bus?
+
Use message sessions or partitioned queues to maintain FIFO processing.
Integrate Service Bus with Azure Functions?
+
Use Service Bus trigger in Functions to automatically execute code when a
message
arrives in queue/topic.
Key Vault improves security in cloud applications?
+
Centralized secrets management, reduces hardcoding credentials, integrates
with
managed identities, and ensures compliance.
Managed Identity with Key Vault?
+
Enables secure access from Azure resources without storing credentials in
code.
monitor Key Vault access?
+
Enable diagnostic logs to Azure Monitor or Event Hub for auditing access and
usage.
Multiple functions share a Key Vault?
+
Yes, multiple Function Apps can access the same Key Vault via managed
identities.
Objects can be stored in Key Vault?
+
Secrets (passwords), Keys (encryption), Certificates (SSL/TLS).
Purpose of Key Vault in DevOps pipelines?
+
Securely inject secrets, certificates, and keys into CI/CD pipelines without
exposing credentials.
Rotate secrets in Key Vault?
+
Use automatic or manual rotation to periodically update keys/secrets without
downtime.
Scale Azure App Service?
+
Scale up (bigger instance) or scale out (more instances). Autoscale can
respond to
CPU/memory metrics.
soft-delete in Key Vault?
+
Allows recovery of deleted secrets/keys for a retention period (default 90
days).
Access Key Vault from code?
+
Use Azure SDK, REST API, or managed identity for authentication.
Azure Key Vault?
+
Cloud service to securely store secrets, keys, and certificates. Helps
centralize
and manage sensitive information.
Backup and restore Key Vault?
+
Azure provides APIs and PowerShell commands to backup keys, secrets, and
certificates and restore in another vault.
Control access to Key Vault?
+
Use Access Policies or Azure RBAC to assign read/write permissions to users
or
services.
DiffBet Function App Plan types?
+
Consumption: serverless, auto-scale, pay per execution. Premium: pre-warmed
instances, VNET support. Dedicated: fixed resources, always on.
DiffBet secrets and keys?
+
Secrets store sensitive info (passwords), keys are for cryptographic
operations
(encryption, signing).
DiffBet soft-delete and purge protection?
+
Soft-delete allows recovery of deleted objects. Purge protection prevents
permanent
deletion until explicitly disabled.
DiffBet Standard and Premium tiers in Service Bus?
+
Premium provides dedicated resources, higher throughput, low latency, and
advanced
features like sessions and transactions.
DiffBet topics and queues in Service Bus?
+
Queues are one-to-one messaging; topics allow one-to-many messaging via
subscriptions.
Ensure message ordering in Service Bus?
+
Use message sessions or partitioned queues to maintain FIFO processing.
Integrate Service Bus with Azure Functions?
+
Use Service Bus trigger in Functions to automatically execute code when a
message
arrives in queue/topic.
Key Vault improves security in cloud applications?
+
Centralized secrets management, reduces hardcoding credentials, integrates
with
managed identities, and ensures compliance.
Managed Identity with Key Vault?
+
Enables secure access from Azure resources without storing credentials in
code.
monitor Key Vault access?
+
Enable diagnostic logs to Azure Monitor or Event Hub for auditing access and
usage.
Multiple functions share a Key Vault?
+
Yes, multiple Function Apps can access the same Key Vault via managed
identities.
Objects can be stored in Key Vault?
+
Secrets (passwords), Keys (encryption), Certificates (SSL/TLS).
Purpose of Key Vault in DevOps pipelines?
+
Securely inject secrets, certificates, and keys into CI/CD pipelines without
exposing credentials.
Rotate secrets in Key Vault?
+
Use automatic or manual rotation to periodically update keys/secrets without
downtime.
Scale Azure App Service?
+
Scale up (bigger instance) or scale out (more instances). Autoscale can
respond to
CPU/memory metrics.
soft-delete in Key Vault?
+
Allows recovery of deleted secrets/keys for a retention period (default 90
days).
Access Key Vault from code?
+
Use Azure SDK, REST API, or managed identity for authentication.
Azure Key Vault?
+
Cloud service to securely store secrets, keys, and certificates. Helps
centralize
and manage sensitive information.
Backup and restore Key Vault?
+
Azure provides APIs and PowerShell commands to backup keys, secrets, and
certificates and restore in another vault.
Control access to Key Vault?
+
Use Access Policies or Azure RBAC to assign read/write permissions to users
or
services.
DiffBet Function App Plan types?
+
Consumption: serverless, auto-scale, pay per execution. Premium: pre-warmed
instances, VNET support. Dedicated: fixed resources, always on.
DiffBet secrets and keys?
+
Secrets store sensitive info (passwords), keys are for cryptographic
operations
(encryption, signing).
DiffBet soft-delete and purge protection?
+
Soft-delete allows recovery of deleted objects. Purge protection prevents
permanent
deletion until explicitly disabled.
DiffBet Standard and Premium tiers in Service Bus?
+
Premium provides dedicated resources, higher throughput, low latency, and
advanced
features like sessions and transactions.
DiffBet topics and queues in Service Bus?
+
Queues are one-to-one messaging; topics allow one-to-many messaging via
subscriptions.
Ensure message ordering in Service Bus?
+
Use message sessions or partitioned queues to maintain FIFO processing.
Integrate Service Bus with Azure Functions?
+
Use Service Bus trigger in Functions to automatically execute code when a
message
arrives in queue/topic.
Key Vault improves security in cloud applications?
+
Centralized secrets management, reduces hardcoding credentials, integrates
with
managed identities, and ensures compliance.
Managed Identity with Key Vault?
+
Enables secure access from Azure resources without storing credentials in
code.
monitor Key Vault access?
+
Enable diagnostic logs to Azure Monitor or Event Hub for auditing access and
usage.
Multiple functions share a Key Vault?
+
Yes, multiple Function Apps can access the same Key Vault via managed
identities.
Objects can be stored in Key Vault?
+
Secrets (passwords), Keys (encryption), Certificates (SSL/TLS).
Purpose of Key Vault in DevOps pipelines?
+
Securely inject secrets, certificates, and keys into CI/CD pipelines without
exposing credentials.
Rotate secrets in Key Vault?
+
Use automatic or manual rotation to periodically update keys/secrets without
downtime.
Scale Azure App Service?
+
Scale up (bigger instance) or scale out (more instances). Autoscale can
respond to
CPU/memory metrics.
soft-delete in Key Vault?
+
Allows recovery of deleted secrets/keys for a retention period (default 90
days).
JKM Azure Repos
Pull Requests in Azure Repos?
+
They enable code review and enforce branch policies before merging code into
protected branches.
Azure Repos?
+
Azure Repos is part of Azure DevOps providing Git repositories and TFVC
(Team
Foundation Version Control) for collaborative development.
Branch policy in Azure Repos?
+
Policies enforce code quality, mandatory reviews, builds, and checks before
merging
into protected branches.
Branching strategy?
+
Defines rules for feature, release, hotfix, and main branches to ensure
clean
development workflow (e.g., GitFlow, trunk-based).
Create a repo in Azure Repos?
+
Azure DevOps → Repos → New repository → Git or TFVC → Initialize with README
→
Create.
DiffBet Azure Repos and GitHub?
+
Azure Repos integrates tightly with Azure DevOps pipelines and boards, while
GitHub
is more widely used for public repos and community collaboration.
DiffBet Git and TFVC in Azure Repos?
+
Git is distributed VCS; TFVC is centralized. Git supports branching/merging;
TFVC
uses workspace checkouts.
DiffBet GitHub, GitLab, Bitbucket, Azure Repos?
+
All host Git repos. GitHub focuses on public collaboration, GitLab on DevOps
lifecycle, Bitbucket integrates with Jira, Azure Repos integrates with Azure
DevOps
ecosystem.
Enforce branch policies?
+
Use required reviewers, build validations, and limit who can merge.
Handle merge conflicts in multi-developer environment?
+
Use feature branches, PRs/MRs, communicate changes, and resolve conflicts
manually
when they arise.
Integrate Azure Repos with CI/CD?
+
Connect with Azure Pipelines to automatically build, test, and deploy on
push or PR
events.
Integrate Azure Repos with pipelines?
+
Link repo to Azure Pipelines and trigger CI/CD pipelines on push or PR
events.
Manage secrets in CI/CD pipelines?
+
Use GitHub secrets, GitLab CI variables, Bitbucket secured variables, or
Azure Key
Vault.
Monitor repository activity?
+
Use webhooks, built-in analytics, CI/CD logs, audit logs, or integration
tools like
SonarQube for code quality monitoring.
Rollback a PR in Azure Repos?
+
Revert the merged PR using the revert button or manually revert commits.
Pull Requests in Azure Repos?
+
They enable code review and enforce branch policies before merging code into
protected branches.
Azure Repos?
+
Azure Repos is part of Azure DevOps providing Git repositories and TFVC
(Team
Foundation Version Control) for collaborative development.
Branch policy in Azure Repos?
+
Policies enforce code quality, mandatory reviews, builds, and checks before
merging
into protected branches.
Branching strategy?
+
Defines rules for feature, release, hotfix, and main branches to ensure
clean
development workflow (e.g., GitFlow, trunk-based).
Create a repo in Azure Repos?
+
Azure DevOps → Repos → New repository → Git or TFVC → Initialize with README
→
Create.
DiffBet Azure Repos and GitHub?
+
Azure Repos integrates tightly with Azure DevOps pipelines and boards, while
GitHub
is more widely used for public repos and community collaboration.
DiffBet Git and TFVC in Azure Repos?
+
Git is distributed VCS; TFVC is centralized. Git supports branching/merging;
TFVC
uses workspace checkouts.
DiffBet GitHub, GitLab, Bitbucket, Azure Repos?
+
All host Git repos. GitHub focuses on public collaboration, GitLab on DevOps
lifecycle, Bitbucket integrates with Jira, Azure Repos integrates with Azure
DevOps
ecosystem.
Enforce branch policies?
+
Use required reviewers, build validations, and limit who can merge.
Handle merge conflicts in multi-developer environment?
+
Use feature branches, PRs/MRs, communicate changes, and resolve conflicts
manually
when they arise.
Integrate Azure Repos with CI/CD?
+
Connect with Azure Pipelines to automatically build, test, and deploy on
push or PR
events.
Integrate Azure Repos with pipelines?
+
Link repo to Azure Pipelines and trigger CI/CD pipelines on push or PR
events.
Manage secrets in CI/CD pipelines?
+
Use GitHub secrets, GitLab CI variables, Bitbucket secured variables, or
Azure Key
Vault.
Monitor repository activity?
+
Use webhooks, built-in analytics, CI/CD logs, audit logs, or integration
tools like
SonarQube for code quality monitoring.
Rollback a PR in Azure Repos?
+
Revert the merged PR using the revert button or manually revert commits.
Pull Requests in Azure Repos?
+
They enable code review and enforce branch policies before merging code into
protected branches.
Azure Repos?
+
Azure Repos is part of Azure DevOps providing Git repositories and TFVC
(Team
Foundation Version Control) for collaborative development.
Branch policy in Azure Repos?
+
Policies enforce code quality, mandatory reviews, builds, and checks before
merging
into protected branches.
Branching strategy?
+
Defines rules for feature, release, hotfix, and main branches to ensure
clean
development workflow (e.g., GitFlow, trunk-based).
Create a repo in Azure Repos?
+
Azure DevOps → Repos → New repository → Git or TFVC → Initialize with README
→
Create.
DiffBet Azure Repos and GitHub?
+
Azure Repos integrates tightly with Azure DevOps pipelines and boards, while
GitHub
is more widely used for public repos and community collaboration.
DiffBet Git and TFVC in Azure Repos?
+
Git is distributed VCS; TFVC is centralized. Git supports branching/merging;
TFVC
uses workspace checkouts.
DiffBet GitHub, GitLab, Bitbucket, Azure Repos?
+
All host Git repos. GitHub focuses on public collaboration, GitLab on DevOps
lifecycle, Bitbucket integrates with Jira, Azure Repos integrates with Azure
DevOps
ecosystem.
Enforce branch policies?
+
Use required reviewers, build validations, and limit who can merge.
Handle merge conflicts in multi-developer environment?
+
Use feature branches, PRs/MRs, communicate changes, and resolve conflicts
manually
when they arise.
Integrate Azure Repos with CI/CD?
+
Connect with Azure Pipelines to automatically build, test, and deploy on
push or PR
events.
Integrate Azure Repos with pipelines?
+
Link repo to Azure Pipelines and trigger CI/CD pipelines on push or PR
events.
Manage secrets in CI/CD pipelines?
+
Use GitHub secrets, GitLab CI variables, Bitbucket secured variables, or
Azure Key
Vault.
Monitor repository activity?
+
Use webhooks, built-in analytics, CI/CD logs, audit logs, or integration
tools like
SonarQube for code quality monitoring.
Rollback a PR in Azure Repos?
+
Revert the merged PR using the revert button or manually revert commits.
Pull Requests in Azure Repos?
+
They enable code review and enforce branch policies before merging code into
protected branches.
Azure Repos?
+
Azure Repos is part of Azure DevOps providing Git repositories and TFVC
(Team
Foundation Version Control) for collaborative development.
Branch policy in Azure Repos?
+
Policies enforce code quality, mandatory reviews, builds, and checks before
merging
into protected branches.
Branching strategy?
+
Defines rules for feature, release, hotfix, and main branches to ensure
clean
development workflow (e.g., GitFlow, trunk-based).
Create a repo in Azure Repos?
+
Azure DevOps → Repos → New repository → Git or TFVC → Initialize with README
→
Create.
DiffBet Azure Repos and GitHub?
+
Azure Repos integrates tightly with Azure DevOps pipelines and boards, while
GitHub
is more widely used for public repos and community collaboration.
DiffBet Git and TFVC in Azure Repos?
+
Git is distributed VCS; TFVC is centralized. Git supports branching/merging;
TFVC
uses workspace checkouts.
DiffBet GitHub, GitLab, Bitbucket, Azure Repos?
+
All host Git repos. GitHub focuses on public collaboration, GitLab on DevOps
lifecycle, Bitbucket integrates with Jira, Azure Repos integrates with Azure
DevOps
ecosystem.
Enforce branch policies?
+
Use required reviewers, build validations, and limit who can merge.
Handle merge conflicts in multi-developer environment?
+
Use feature branches, PRs/MRs, communicate changes, and resolve conflicts
manually
when they arise.
Integrate Azure Repos with CI/CD?
+
Connect with Azure Pipelines to automatically build, test, and deploy on
push or PR
events.
Integrate Azure Repos with pipelines?
+
Link repo to Azure Pipelines and trigger CI/CD pipelines on push or PR
events.
Manage secrets in CI/CD pipelines?
+
Use GitHub secrets, GitLab CI variables, Bitbucket secured variables, or
Azure Key
Vault.
Monitor repository activity?
+
Use webhooks, built-in analytics, CI/CD logs, audit logs, or integration
tools like
SonarQube for code quality monitoring.
Rollback a PR in Azure Repos?
+
Revert the merged PR using the revert button or manually revert commits.
Pull Requests in Azure Repos?
+
They enable code review and enforce branch policies before merging code into
protected branches.
Azure Repos?
+
Azure Repos is part of Azure DevOps providing Git repositories and TFVC
(Team
Foundation Version Control) for collaborative development.
Branch policy in Azure Repos?
+
Policies enforce code quality, mandatory reviews, builds, and checks before
merging
into protected branches.
Branching strategy?
+
Defines rules for feature, release, hotfix, and main branches to ensure
clean
development workflow (e.g., GitFlow, trunk-based).
Create a repo in Azure Repos?
+
Azure DevOps → Repos → New repository → Git or TFVC → Initialize with README
→
Create.
DiffBet Azure Repos and GitHub?
+
Azure Repos integrates tightly with Azure DevOps pipelines and boards, while
GitHub
is more widely used for public repos and community collaboration.
DiffBet Git and TFVC in Azure Repos?
+
Git is distributed VCS; TFVC is centralized. Git supports branching/merging;
TFVC
uses workspace checkouts.
DiffBet GitHub, GitLab, Bitbucket, Azure Repos?
+
All host Git repos. GitHub focuses on public collaboration, GitLab on DevOps
lifecycle, Bitbucket integrates with Jira, Azure Repos integrates with Azure
DevOps
ecosystem.
Enforce branch policies?
+
Use required reviewers, build validations, and limit who can merge.
Handle merge conflicts in multi-developer environment?
+
Use feature branches, PRs/MRs, communicate changes, and resolve conflicts
manually
when they arise.
Integrate Azure Repos with CI/CD?
+
Connect with Azure Pipelines to automatically build, test, and deploy on
push or PR
events.
Integrate Azure Repos with pipelines?
+
Link repo to Azure Pipelines and trigger CI/CD pipelines on push or PR
events.
Manage secrets in CI/CD pipelines?
+
Use GitHub secrets, GitLab CI variables, Bitbucket secured variables, or
Azure Key
Vault.
Monitor repository activity?
+
Use webhooks, built-in analytics, CI/CD logs, audit logs, or integration
tools like
SonarQube for code quality monitoring.
Rollback a PR in Azure Repos?
+
Revert the merged PR using the revert button or manually revert commits.
JKM Azure Service Bus
Azure Service Bus?
+
A messaging platform for asynchronous communication between services using
queues
and topics.
Dead-letter queues (DLQ)?
+
Sub-queues to store messages that cannot be delivered or processed. Helps
error
handling and retries.
DiffBet Service Bus and Storage Queue?
+
Service Bus supports advanced messaging features (pub/sub, sessions, DLQ),
Storage
Queue is simpler and cost-effective.
Duplicate detection?
+
Service Bus can detect and ignore duplicate messages based on MessageId
within a
defined time window.
Enable auto-forwarding?
+
Forward messages from one queue/subscription to another automatically for
workflow
chaining.
Message lock duration?
+
Time a message is locked for processing. Prevents multiple consumers from
processing
simultaneously.
Message session in Service Bus?
+
Used to group related messages for ordered processing by the same consumer.
Peek-lock?
+
Locks the message while reading but does not delete it until explicitly
completed.
Queue in Service Bus?
+
FIFO message storage where one consumer reads messages at a time.
Topic and Subscription?
+
Topics allow multiple subscribers to receive copies of a message. Useful for
pub/sub
patterns.
Azure Service Bus?
+
A messaging platform for asynchronous communication between services using
queues
and topics.
Dead-letter queues (DLQ)?
+
Sub-queues to store messages that cannot be delivered or processed. Helps
error
handling and retries.
DiffBet Service Bus and Storage Queue?
+
Service Bus supports advanced messaging features (pub/sub, sessions, DLQ),
Storage
Queue is simpler and cost-effective.
Duplicate detection?
+
Service Bus can detect and ignore duplicate messages based on MessageId
within a
defined time window.
Enable auto-forwarding?
+
Forward messages from one queue/subscription to another automatically for
workflow
chaining.
Message lock duration?
+
Time a message is locked for processing. Prevents multiple consumers from
processing
simultaneously.
Message session in Service Bus?
+
Used to group related messages for ordered processing by the same consumer.
Peek-lock?
+
Locks the message while reading but does not delete it until explicitly
completed.
Queue in Service Bus?
+
FIFO message storage where one consumer reads messages at a time.
Topic and Subscription?
+
Topics allow multiple subscribers to receive copies of a message. Useful for
pub/sub
patterns.
Azure Service Bus?
+
A messaging platform for asynchronous communication between services using
queues
and topics.
Dead-letter queues (DLQ)?
+
Sub-queues to store messages that cannot be delivered or processed. Helps
error
handling and retries.
DiffBet Service Bus and Storage Queue?
+
Service Bus supports advanced messaging features (pub/sub, sessions, DLQ),
Storage
Queue is simpler and cost-effective.
Duplicate detection?
+
Service Bus can detect and ignore duplicate messages based on MessageId
within a
defined time window.
Enable auto-forwarding?
+
Forward messages from one queue/subscription to another automatically for
workflow
chaining.
Message lock duration?
+
Time a message is locked for processing. Prevents multiple consumers from
processing
simultaneously.
Message session in Service Bus?
+
Used to group related messages for ordered processing by the same consumer.
Peek-lock?
+
Locks the message while reading but does not delete it until explicitly
completed.
Queue in Service Bus?
+
FIFO message storage where one consumer reads messages at a time.
Topic and Subscription?
+
Topics allow multiple subscribers to receive copies of a message. Useful for
pub/sub
patterns.
Azure Service Bus?
+
A messaging platform for asynchronous communication between services using
queues
and topics.
Dead-letter queues (DLQ)?
+
Sub-queues to store messages that cannot be delivered or processed. Helps
error
handling and retries.
DiffBet Service Bus and Storage Queue?
+
Service Bus supports advanced messaging features (pub/sub, sessions, DLQ),
Storage
Queue is simpler and cost-effective.
Duplicate detection?
+
Service Bus can detect and ignore duplicate messages based on MessageId
within a
defined time window.
Enable auto-forwarding?
+
Forward messages from one queue/subscription to another automatically for
workflow
chaining.
Message lock duration?
+
Time a message is locked for processing. Prevents multiple consumers from
processing
simultaneously.
Message session in Service Bus?
+
Used to group related messages for ordered processing by the same consumer.
Peek-lock?
+
Locks the message while reading but does not delete it until explicitly
completed.
Queue in Service Bus?
+
FIFO message storage where one consumer reads messages at a time.
Topic and Subscription?
+
Topics allow multiple subscribers to receive copies of a message. Useful for
pub/sub
patterns.
Azure Service Bus?
+
A messaging platform for asynchronous communication between services using
queues
and topics.
Dead-letter queues (DLQ)?
+
Sub-queues to store messages that cannot be delivered or processed. Helps
error
handling and retries.
DiffBet Service Bus and Storage Queue?
+
Service Bus supports advanced messaging features (pub/sub, sessions, DLQ),
Storage
Queue is simpler and cost-effective.
Duplicate detection?
+
Service Bus can detect and ignore duplicate messages based on MessageId
within a
defined time window.
Enable auto-forwarding?
+
Forward messages from one queue/subscription to another automatically for
workflow
chaining.
Message lock duration?
+
Time a message is locked for processing. Prevents multiple consumers from
processing
simultaneously.
Message session in Service Bus?
+
Used to group related messages for ordered processing by the same consumer.
Peek-lock?
+
Locks the message while reading but does not delete it until explicitly
completed.
Queue in Service Bus?
+
FIFO message storage where one consumer reads messages at a time.
Topic and Subscription?
+
Topics allow multiple subscribers to receive copies of a message. Useful for
pub/sub
patterns.
Azure Service Bus?
+
A messaging platform for asynchronous communication between services using
queues
and topics.
Dead-letter queues (DLQ)?
+
Sub-queues to store messages that cannot be delivered or processed. Helps
error
handling and retries.
DiffBet Service Bus and Storage Queue?
+
Service Bus supports advanced messaging features (pub/sub, sessions, DLQ),
Storage
Queue is simpler and cost-effective.
Duplicate detection?
+
Service Bus can detect and ignore duplicate messages based on MessageId
within a
defined time window.
Enable auto-forwarding?
+
Forward messages from one queue/subscription to another automatically for
workflow
chaining.
Message lock duration?
+
Time a message is locked for processing. Prevents multiple consumers from
processing
simultaneously.
Message session in Service Bus?
+
Used to group related messages for ordered processing by the same consumer.
Peek-lock?
+
Locks the message while reading but does not delete it until explicitly
completed.
Queue in Service Bus?
+
FIFO message storage where one consumer reads messages at a time.
Topic and Subscription?
+
Topics allow multiple subscribers to receive copies of a message. Useful for
pub/sub
patterns.
Azure Service Bus?
+
A messaging platform for asynchronous communication between services using
queues
and topics.
Dead-letter queues (DLQ)?
+
Sub-queues to store messages that cannot be delivered or processed. Helps
error
handling and retries.
DiffBet Service Bus and Storage Queue?
+
Service Bus supports advanced messaging features (pub/sub, sessions, DLQ),
Storage
Queue is simpler and cost-effective.
Duplicate detection?
+
Service Bus can detect and ignore duplicate messages based on MessageId
within a
defined time window.
Enable auto-forwarding?
+
Forward messages from one queue/subscription to another automatically for
workflow
chaining.
Message lock duration?
+
Time a message is locked for processing. Prevents multiple consumers from
processing
simultaneously.
Message session in Service Bus?
+
Used to group related messages for ordered processing by the same consumer.
Peek-lock?
+
Locks the message while reading but does not delete it until explicitly
completed.
Queue in Service Bus?
+
FIFO message storage where one consumer reads messages at a time.
Topic and Subscription?
+
Topics allow multiple subscribers to receive copies of a message. Useful for
pub/sub
patterns.
Azure Service Bus?
+
A messaging platform for asynchronous communication between services using
queues
and topics.
Dead-letter queues (DLQ)?
+
Sub-queues to store messages that cannot be delivered or processed. Helps
error
handling and retries.
DiffBet Service Bus and Storage Queue?
+
Service Bus supports advanced messaging features (pub/sub, sessions, DLQ),
Storage
Queue is simpler and cost-effective.
Duplicate detection?
+
Service Bus can detect and ignore duplicate messages based on MessageId
within a
defined time window.
Enable auto-forwarding?
+
Forward messages from one queue/subscription to another automatically for
workflow
chaining.
Message lock duration?
+
Time a message is locked for processing. Prevents multiple consumers from
processing
simultaneously.
Message session in Service Bus?
+
Used to group related messages for ordered processing by the same consumer.
Peek-lock?
+
Locks the message while reading but does not delete it until explicitly
completed.
Queue in Service Bus?
+
FIFO message storage where one consumer reads messages at a time.
Topic and Subscription?
+
Topics allow multiple subscribers to receive copies of a message. Useful for
pub/sub
patterns.
Azure Service Bus?
+
A messaging platform for asynchronous communication between services using
queues
and topics.
Dead-letter queues (DLQ)?
+
Sub-queues to store messages that cannot be delivered or processed. Helps
error
handling and retries.
DiffBet Service Bus and Storage Queue?
+
Service Bus supports advanced messaging features (pub/sub, sessions, DLQ),
Storage
Queue is simpler and cost-effective.
Duplicate detection?
+
Service Bus can detect and ignore duplicate messages based on MessageId
within a
defined time window.
Enable auto-forwarding?
+
Forward messages from one queue/subscription to another automatically for
workflow
chaining.
Message lock duration?
+
Time a message is locked for processing. Prevents multiple consumers from
processing
simultaneously.
Message session in Service Bus?
+
Used to group related messages for ordered processing by the same consumer.
Peek-lock?
+
Locks the message while reading but does not delete it until explicitly
completed.
Queue in Service Bus?
+
FIFO message storage where one consumer reads messages at a time.
Topic and Subscription?
+
Topics allow multiple subscribers to receive copies of a message. Useful for
pub/sub
patterns.
JKM Bitbucket
Bitbucket api?
+
Bitbucket API allows programmatic access to repositories pipelines pull
requests and
other resources.
Bitbucket app password?
+
App password allows authentication for API or Git operations without using
your main
password.
Bitbucket artifacts in pipelines?
+
Artifacts are files produced by steps that can be used in later steps or
downloads.
Bitbucket branch model?
+
Branch model defines naming conventions and workflow for feature release and
hotfix
branches.
Bitbucket branch permission?
+
Branch permission restricts who can push merge or delete on specific
branches.
Bitbucket build status?
+
Build status shows pipeline or CI/CD success/failure associated with commits
or pull
requests.
Bitbucket caches in pipelines?
+
Caches store dependencies between builds to speed up pipeline execution.
Bitbucket cloud?
+
Bitbucket Cloud is a SaaS version hosted by Atlassian accessible via web
browser
without local server setup.
Bitbucket code insights?
+
Code Insights provides annotations reports and automated feedback in pull
requests.
Bitbucket code review?
+
Code review is the process of inspecting code changes before merging.
Bitbucket code search?
+
Code search allows searching for keywords across repositories and branches.
Bitbucket commit hook?
+
Commit hook triggers scripts on commit events to enforce rules or
automation.
Bitbucket commit?
+
A commit is a snapshot of changes in the repository with a unique
identifier.
Bitbucket compare feature?
+
Compare shows differences between branches commits or tags.
Bitbucket custom pipeline?
+
Custom pipeline is manually triggered or triggered by specific branches tags
or
events.
Bitbucket default branch?
+
Default branch is the primary branch where new changes are merged usually
main or
master.
Bitbucket default pipeline?
+
Default pipeline is automatically triggered for all branches unless
overridden.
Bitbucket default reviewers?
+
Default reviewers are users automatically added to pull requests for code
review.
Bitbucket default reviewers?
+
Default reviewers are automatically added to pull requests for code review.
Bitbucket deployment environment?
+
Deployment environment represents a target system like development staging
or
production.
Bitbucket deployment permissions?
+
Deployment permissions control who can deploy to specific environments.
Bitbucket deployment tracking?
+
Deployment tracking shows which commit was deployed to which environment.
Bitbucket emoji reactions?
+
Emoji reactions allow quick feedback on pull request comments.
Bitbucket environment variables?
+
Environment variables store configuration values used in pipelines.
Bitbucket forking workflow?
+
Forking workflow involves creating a fork making changes and submitting a
pull
request to the original repository.
Bitbucket inline discussions?
+
Inline discussions allow commenting on specific lines in pull requests.
Bitbucket integration with jira?
+
Integration links commits branches and pull requests to Jira issues for
traceability.
Bitbucket issue tracker integration?
+
Integration links repository commits branches or pull requests to issues for
tracking.
Bitbucket issue tracker?
+
Issue tracker helps manage tasks bugs and feature requests within a
repository.
Bitbucket merge check requiring successful build?
+
This ensures pipelines pass before a pull request can be merged.
Bitbucket merge check?
+
Merge check ensures conditions like passing pipelines approvals or no
conflicts
before merging.
Bitbucket merge conflict?
+
Merge conflict occurs when changes in different branches conflict and cannot
be
merged automatically.
Bitbucket merge permissions?
+
Merge permissions restrict who can merge pull requests into a branch.
Bitbucket merge strategy?
+
Merge strategy determines how branches are combined: merge commit squash or
fast-forward.
Bitbucket pipeline caching?
+
Caching stores files like dependencies between builds to improve speed.
Bitbucket pipeline step?
+
Step defines an individual task in a pipeline such as build test or deploy.
Bitbucket pipeline trigger?
+
Trigger defines events that start a pipeline like push pull request or
schedule.
Bitbucket pipeline?
+
Bitbucket Pipeline is an integrated CI/CD service for building testing and
deploying
code automatically.
Bitbucket pipeline?
+
It’s a CI/CD tool integrated with Bitbucket. It automates build, test, and
deployment processes using a bitbucket-pipelines.yml file.
Bitbucket post-receive hook?
+
Post-receive hook runs after push to notify or trigger workflows.
Bitbucket pre-receive hook?
+
Pre-receive hook runs on the server before accepting pushed changes.
Bitbucket pull request approvals?
+
Approvals are confirmations from reviewers before merging pull requests.
Bitbucket pull request comment?
+
Comment allows discussion or feedback on code changes in pull requests.
Bitbucket pull request inline comment?
+
Inline comment is attached to a specific line in a file within a pull
request.
Bitbucket pull request merge button?
+
Merge button merges the pull request once all conditions are met.
Bitbucket pull request merge conflicts?
+
Merge conflicts occur when changes in branches are incompatible.
Bitbucket pull request merge strategies?
+
Merge strategies: merge commit squash or fast-forward.
Bitbucket pull request tasks?
+
Tasks are action items within pull requests for reviewers or authors to
complete.
Bitbucket release management?
+
Release management tracks versions tags and deployment history.
Bitbucket repository fork vs clone?
+
Fork creates remote copy for independent development; clone copies
repository
locally.
Bitbucket repository forking limit?
+
Cloud repositories can have unlimited forks; limits may apply in Server
based on
configuration.
Bitbucket repository hook?
+
Repository hook is a script triggered by repository events like commits or
pull
requests.
Bitbucket repository mirroring?
+
Repository mirroring synchronizes changes between two repositories.
Bitbucket repository permissions inheritance?
+
Permissions can be inherited from project-level to repository-level for
consistent
access.
Bitbucket repository size limit?
+
Bitbucket Cloud repository limit is 2 GB for free plan; Server can be
configured
based on hardware.
Bitbucket repository watchers vs default reviewers?
+
Watchers receive notifications; default reviewers are added to pull requests
automatically.
Bitbucket repository watchers?
+
Watchers receive notifications about repository activity.
Bitbucket repository?
+
A repository is a storage space on Bitbucket where your project’s code
history and
collaboration features are managed.
Bitbucket rest api?
+
REST API allows programmatic access to Bitbucket resources for automation
and
integrations.
Bitbucket server (data center)?
+
Bitbucket Server is a self-hosted solution for enterprises to manage Git
repositories internally.
Bitbucket smart mirroring?
+
Smart mirroring improves clone and fetch speed by using geographically
closer
mirrors.
Bitbucket snippet permissions?
+
Snippet permissions control who can view or edit code snippets.
Bitbucket snippet?
+
Snippet is a way to share small pieces of code or text with others
independent of
repositories.
Bitbucket ssh key?
+
SSH key is used for secure authentication between local machine and
repository.
Bitbucket tag?
+
Tag marks a specific commit in the repository often used for releases.
Bitbucket tags vs branches?
+
Tags mark specific points; branches are active development lines.
Bitbucket user groups?
+
User groups allow managing access permissions for multiple users
collectively.
Bitbucket workspace?
+
Workspace is a container for repositories users and projects in Bitbucket
Cloud.
Bitbucket?
+
Bitbucket is a web-based platform for hosting Git and Mercurial repositories
providing source code management and collaboration tools.
Bitbucket?
+
Bitbucket is a Git-based repository hosting service by Atlassian. It
supports Git
and Mercurial, pull requests, branch permissions, and integrates with Jira
and CI/CD
pipelines.
Branch in bitbucket?
+
A branch is a parallel version of a repository used to develop features fix
bugs or
experiment without affecting the main codebase.
Diffbet bitbucket and github?
+
Bitbucket supports both Git and Mercurial offers free private repositories
and
integrates well with Atlassian tools; GitHub focuses on Git and public
repositories
with a strong open-source community.
Diffbet bitbucket cloud and server pipelines?
+
Cloud pipelines are hosted in Bitbucket’s environment; Server pipelines are
run on
self-hosted infrastructure.
Diffbet bitbucket pull request approval and merge
check?
+
Approval indicates reviewers’ consent; merge check enforces rules before
allowing a
merge.
Diffbet bitbucket rest api and webhooks?
+
REST API is used for querying and managing resources; webhooks push event
notifications to external systems.
Diffbet branch permissions and user permissions in
bitbucket?
+
Branch permissions restrict actions on specific branches; user permissions
control
overall repository access.
Diffbet commit and push in bitbucket?
+
Commit saves changes locally; push uploads commits to remote repository.
Diffbet environment and branch in bitbucket?
+
Branch is a code version; environment is a deployment target.
Diffbet fork and clone in bitbucket?
+
Fork creates a separate remote repository; clone copies a repository to your
local
machine.
Diffbet git and bitbucket?
+
Git is a version control system, while Bitbucket is a hosting service for
Git
repositories with collaboration features like PRs, pipelines, and access
controls.
Diffbet git and mercurial in bitbucket?
+
Both are distributed version control systems; Git is more widely used and
flexible
Mercurial is simpler with easier workflows.
Diffbet git clone and bitbucket clone?
+
Git clone is a Git command for local copies; Bitbucket clone often refers to
cloning
repositories hosted on Bitbucket.
Diffbet https and ssh in bitbucket?
+
HTTPS requires username/password or app password; SSH uses public-private
key pairs.
Diffbet lightweight and annotated tags in bitbucket?
+
Lightweight tag is just a pointer; annotated tag includes metadata like
author date
and message.
Diffbet manual and automatic merging in bitbucket?
+
Manual merging requires user action; automatic merging merges once all
checks and
approvals pass.
Diffbet manual and automatic triggers in bitbucket?
+
Manual triggers require user action; automatic triggers run based on
configured
events.
Diffbet master and main in bitbucket?
+
Main is the modern default branch name; master is the legacy default branch
name.
Diffbet merge and pull request?
+
Merge is the action of combining code; pull request is the workflow for
review and
discussion before merging.
Diffbet merge checks and branch permissions?
+
Merge checks enforce conditions for pull requests; branch permissions
restrict
direct actions on branches.
Diffbet mirror and fork in bitbucket?
+
Mirror replicates a repository; fork creates an independent copy for
development.
Diffbet pipeline step and pipeline?
+
Pipeline is a sequence of steps; step is a single unit within the pipeline.
Diffbet project and repository in bitbucket?
+
Project groups multiple repositories; repository stores the actual code and
history.
Diffbet read
+
write and admin access in Bitbucket? Read allows viewing code write allows
pushing
changes admin allows full control including settings and permissions.
Diffbet rebase and merge in bitbucket?
+
Rebase applies commits on top of base branch for linear history; merge
combines
branches preserving commit history.
Diffbet repository and project permissions in
bitbucket?
+
Repository permissions control access to a specific repository; project
permissions
control access to all repositories under a project.
Fast-forward merge in bitbucket?
+
Fast-forward merge moves the branch pointer forward when there are no
divergent
commits.
Fork in bitbucket?
+
A fork is a copy of a repository in your account to make changes
independently
before submitting a pull request.
Merge in bitbucket?
+
Merge combines changes from one branch into another typically after code
review.
Pull request in bitbucket?
+
Pull request is a mechanism to propose code changes from one branch to
another with
review and approval workflow.
Pull requests in bitbucket?
+
A pull request (PR) lets developers propose code changes for review before
merging
into main branches. It ensures code quality and collaboration.
Squash merge in bitbucket?
+
Squash merge combines multiple commits into a single commit before merging
into the
target branch.
To create a repository in bitbucket?
+
Login → Click Create repository → Provide name, description, access type →
Initialize with README (optional) → Create.
To resolve merge conflicts in bitbucket cloud?
+
Fetch the branch resolve conflicts locally commit and push to the pull
request
branch.
Webhook in bitbucket?
+
Webhook allows Bitbucket to send event notifications to external systems or
services
automatically.
Yaml in bitbucket pipelines?
+
YAML file defines pipeline configuration including steps triggers and
deployment
environments.
You resolve merge conflicts in bitbucket?
+
Resolve conflicts locally in Git commit the changes and push to the branch.
Bitbucket api?
+
Bitbucket API allows programmatic access to repositories pipelines pull
requests and
other resources.
Bitbucket app password?
+
App password allows authentication for API or Git operations without using
your main
password.
Bitbucket artifacts in pipelines?
+
Artifacts are files produced by steps that can be used in later steps or
downloads.
Bitbucket branch model?
+
Branch model defines naming conventions and workflow for feature release and
hotfix
branches.
Bitbucket branch permission?
+
Branch permission restricts who can push merge or delete on specific
branches.
Bitbucket build status?
+
Build status shows pipeline or CI/CD success/failure associated with commits
or pull
requests.
Bitbucket caches in pipelines?
+
Caches store dependencies between builds to speed up pipeline execution.
Bitbucket cloud?
+
Bitbucket Cloud is a SaaS version hosted by Atlassian accessible via web
browser
without local server setup.
Bitbucket code insights?
+
Code Insights provides annotations reports and automated feedback in pull
requests.
Bitbucket code review?
+
Code review is the process of inspecting code changes before merging.
Bitbucket code search?
+
Code search allows searching for keywords across repositories and branches.
Bitbucket commit hook?
+
Commit hook triggers scripts on commit events to enforce rules or
automation.
Bitbucket commit?
+
A commit is a snapshot of changes in the repository with a unique
identifier.
Bitbucket compare feature?
+
Compare shows differences between branches commits or tags.
Bitbucket custom pipeline?
+
Custom pipeline is manually triggered or triggered by specific branches tags
or
events.
Bitbucket default branch?
+
Default branch is the primary branch where new changes are merged usually
main or
master.
Bitbucket default pipeline?
+
Default pipeline is automatically triggered for all branches unless
overridden.
Bitbucket default reviewers?
+
Default reviewers are users automatically added to pull requests for code
review.
Bitbucket default reviewers?
+
Default reviewers are automatically added to pull requests for code review.
Bitbucket deployment environment?
+
Deployment environment represents a target system like development staging
or
production.
Bitbucket deployment permissions?
+
Deployment permissions control who can deploy to specific environments.
Bitbucket deployment tracking?
+
Deployment tracking shows which commit was deployed to which environment.
Bitbucket emoji reactions?
+
Emoji reactions allow quick feedback on pull request comments.
Bitbucket environment variables?
+
Environment variables store configuration values used in pipelines.
Bitbucket forking workflow?
+
Forking workflow involves creating a fork making changes and submitting a
pull
request to the original repository.
Bitbucket inline discussions?
+
Inline discussions allow commenting on specific lines in pull requests.
Bitbucket integration with jira?
+
Integration links commits branches and pull requests to Jira issues for
traceability.
Bitbucket issue tracker integration?
+
Integration links repository commits branches or pull requests to issues for
tracking.
Bitbucket issue tracker?
+
Issue tracker helps manage tasks bugs and feature requests within a
repository.
Bitbucket merge check requiring successful build?
+
This ensures pipelines pass before a pull request can be merged.
Bitbucket merge check?
+
Merge check ensures conditions like passing pipelines approvals or no
conflicts
before merging.
Bitbucket merge conflict?
+
Merge conflict occurs when changes in different branches conflict and cannot
be
merged automatically.
Bitbucket merge permissions?
+
Merge permissions restrict who can merge pull requests into a branch.
Bitbucket merge strategy?
+
Merge strategy determines how branches are combined: merge commit squash or
fast-forward.
Bitbucket pipeline caching?
+
Caching stores files like dependencies between builds to improve speed.
Bitbucket pipeline step?
+
Step defines an individual task in a pipeline such as build test or deploy.
Bitbucket pipeline trigger?
+
Trigger defines events that start a pipeline like push pull request or
schedule.
Bitbucket pipeline?
+
Bitbucket Pipeline is an integrated CI/CD service for building testing and
deploying
code automatically.
Bitbucket pipeline?
+
It’s a CI/CD tool integrated with Bitbucket. It automates build, test, and
deployment processes using a bitbucket-pipelines.yml file.
Bitbucket post-receive hook?
+
Post-receive hook runs after push to notify or trigger workflows.
Bitbucket pre-receive hook?
+
Pre-receive hook runs on the server before accepting pushed changes.
Bitbucket pull request approvals?
+
Approvals are confirmations from reviewers before merging pull requests.
Bitbucket pull request comment?
+
Comment allows discussion or feedback on code changes in pull requests.
Bitbucket pull request inline comment?
+
Inline comment is attached to a specific line in a file within a pull
request.
Bitbucket pull request merge button?
+
Merge button merges the pull request once all conditions are met.
Bitbucket pull request merge conflicts?
+
Merge conflicts occur when changes in branches are incompatible.
Bitbucket pull request merge strategies?
+
Merge strategies: merge commit squash or fast-forward.
Bitbucket pull request tasks?
+
Tasks are action items within pull requests for reviewers or authors to
complete.
Bitbucket release management?
+
Release management tracks versions tags and deployment history.
Bitbucket repository fork vs clone?
+
Fork creates remote copy for independent development; clone copies
repository
locally.
Bitbucket repository forking limit?
+
Cloud repositories can have unlimited forks; limits may apply in Server
based on
configuration.
Bitbucket repository hook?
+
Repository hook is a script triggered by repository events like commits or
pull
requests.
Bitbucket repository mirroring?
+
Repository mirroring synchronizes changes between two repositories.
Bitbucket repository permissions inheritance?
+
Permissions can be inherited from project-level to repository-level for
consistent
access.
Bitbucket repository size limit?
+
Bitbucket Cloud repository limit is 2 GB for free plan; Server can be
configured
based on hardware.
Bitbucket repository watchers vs default reviewers?
+
Watchers receive notifications; default reviewers are added to pull requests
automatically.
Bitbucket repository watchers?
+
Watchers receive notifications about repository activity.
Bitbucket repository?
+
A repository is a storage space on Bitbucket where your project’s code
history and
collaboration features are managed.
Bitbucket rest api?
+
REST API allows programmatic access to Bitbucket resources for automation
and
integrations.
Bitbucket server (data center)?
+
Bitbucket Server is a self-hosted solution for enterprises to manage Git
repositories internally.
Bitbucket smart mirroring?
+
Smart mirroring improves clone and fetch speed by using geographically
closer
mirrors.
Bitbucket snippet permissions?
+
Snippet permissions control who can view or edit code snippets.
Bitbucket snippet?
+
Snippet is a way to share small pieces of code or text with others
independent of
repositories.
Bitbucket ssh key?
+
SSH key is used for secure authentication between local machine and
repository.
Bitbucket tag?
+
Tag marks a specific commit in the repository often used for releases.
Bitbucket tags vs branches?
+
Tags mark specific points; branches are active development lines.
Bitbucket user groups?
+
User groups allow managing access permissions for multiple users
collectively.
Bitbucket workspace?
+
Workspace is a container for repositories users and projects in Bitbucket
Cloud.
Bitbucket?
+
Bitbucket is a web-based platform for hosting Git and Mercurial repositories
providing source code management and collaboration tools.
Bitbucket?
+
Bitbucket is a Git-based repository hosting service by Atlassian. It
supports Git
and Mercurial, pull requests, branch permissions, and integrates with Jira
and CI/CD
pipelines.
Branch in bitbucket?
+
A branch is a parallel version of a repository used to develop features fix
bugs or
experiment without affecting the main codebase.
Diffbet bitbucket and github?
+
Bitbucket supports both Git and Mercurial offers free private repositories
and
integrates well with Atlassian tools; GitHub focuses on Git and public
repositories
with a strong open-source community.
Diffbet bitbucket cloud and server pipelines?
+
Cloud pipelines are hosted in Bitbucket’s environment; Server pipelines are
run on
self-hosted infrastructure.
Diffbet bitbucket pull request approval and merge
check?
+
Approval indicates reviewers’ consent; merge check enforces rules before
allowing a
merge.
Diffbet bitbucket rest api and webhooks?
+
REST API is used for querying and managing resources; webhooks push event
notifications to external systems.
Diffbet branch permissions and user permissions in
bitbucket?
+
Branch permissions restrict actions on specific branches; user permissions
control
overall repository access.
Diffbet commit and push in bitbucket?
+
Commit saves changes locally; push uploads commits to remote repository.
Diffbet environment and branch in bitbucket?
+
Branch is a code version; environment is a deployment target.
Diffbet fork and clone in bitbucket?
+
Fork creates a separate remote repository; clone copies a repository to your
local
machine.
Diffbet git and bitbucket?
+
Git is a version control system, while Bitbucket is a hosting service for
Git
repositories with collaboration features like PRs, pipelines, and access
controls.
Diffbet git and mercurial in bitbucket?
+
Both are distributed version control systems; Git is more widely used and
flexible
Mercurial is simpler with easier workflows.
Diffbet git clone and bitbucket clone?
+
Git clone is a Git command for local copies; Bitbucket clone often refers to
cloning
repositories hosted on Bitbucket.
Diffbet https and ssh in bitbucket?
+
HTTPS requires username/password or app password; SSH uses public-private
key pairs.
Diffbet lightweight and annotated tags in bitbucket?
+
Lightweight tag is just a pointer; annotated tag includes metadata like
author date
and message.
Diffbet manual and automatic merging in bitbucket?
+
Manual merging requires user action; automatic merging merges once all
checks and
approvals pass.
Diffbet manual and automatic triggers in bitbucket?
+
Manual triggers require user action; automatic triggers run based on
configured
events.
Diffbet master and main in bitbucket?
+
Main is the modern default branch name; master is the legacy default branch
name.
Diffbet merge and pull request?
+
Merge is the action of combining code; pull request is the workflow for
review and
discussion before merging.
Diffbet merge checks and branch permissions?
+
Merge checks enforce conditions for pull requests; branch permissions
restrict
direct actions on branches.
Diffbet mirror and fork in bitbucket?
+
Mirror replicates a repository; fork creates an independent copy for
development.
Diffbet pipeline step and pipeline?
+
Pipeline is a sequence of steps; step is a single unit within the pipeline.
Diffbet project and repository in bitbucket?
+
Project groups multiple repositories; repository stores the actual code and
history.
Diffbet read
+
write and admin access in Bitbucket? Read allows viewing code write allows
pushing
changes admin allows full control including settings and permissions.
Diffbet rebase and merge in bitbucket?
+
Rebase applies commits on top of base branch for linear history; merge
combines
branches preserving commit history.
Diffbet repository and project permissions in
bitbucket?
+
Repository permissions control access to a specific repository; project
permissions
control access to all repositories under a project.
Fast-forward merge in bitbucket?
+
Fast-forward merge moves the branch pointer forward when there are no
divergent
commits.
Fork in bitbucket?
+
A fork is a copy of a repository in your account to make changes
independently
before submitting a pull request.
Merge in bitbucket?
+
Merge combines changes from one branch into another typically after code
review.
Pull request in bitbucket?
+
Pull request is a mechanism to propose code changes from one branch to
another with
review and approval workflow.
Pull requests in bitbucket?
+
A pull request (PR) lets developers propose code changes for review before
merging
into main branches. It ensures code quality and collaboration.
Squash merge in bitbucket?
+
Squash merge combines multiple commits into a single commit before merging
into the
target branch.
To create a repository in bitbucket?
+
Login → Click Create repository → Provide name, description, access type →
Initialize with README (optional) → Create.
To resolve merge conflicts in bitbucket cloud?
+
Fetch the branch resolve conflicts locally commit and push to the pull
request
branch.
Webhook in bitbucket?
+
Webhook allows Bitbucket to send event notifications to external systems or
services
automatically.
Yaml in bitbucket pipelines?
+
YAML file defines pipeline configuration including steps triggers and
deployment
environments.
You resolve merge conflicts in bitbucket?
+
Resolve conflicts locally in Git commit the changes and push to the branch.
Bitbucket api?
+
Bitbucket API allows programmatic access to repositories pipelines pull
requests and
other resources.
Bitbucket app password?
+
App password allows authentication for API or Git operations without using
your main
password.
Bitbucket artifacts in pipelines?
+
Artifacts are files produced by steps that can be used in later steps or
downloads.
Bitbucket branch model?
+
Branch model defines naming conventions and workflow for feature release and
hotfix
branches.
Bitbucket branch permission?
+
Branch permission restricts who can push merge or delete on specific
branches.
Bitbucket build status?
+
Build status shows pipeline or CI/CD success/failure associated with commits
or pull
requests.
Bitbucket caches in pipelines?
+
Caches store dependencies between builds to speed up pipeline execution.
Bitbucket cloud?
+
Bitbucket Cloud is a SaaS version hosted by Atlassian accessible via web
browser
without local server setup.
Bitbucket code insights?
+
Code Insights provides annotations reports and automated feedback in pull
requests.
Bitbucket code review?
+
Code review is the process of inspecting code changes before merging.
Bitbucket code search?
+
Code search allows searching for keywords across repositories and branches.
Bitbucket commit hook?
+
Commit hook triggers scripts on commit events to enforce rules or
automation.
Bitbucket commit?
+
A commit is a snapshot of changes in the repository with a unique
identifier.
Bitbucket compare feature?
+
Compare shows differences between branches commits or tags.
Bitbucket custom pipeline?
+
Custom pipeline is manually triggered or triggered by specific branches tags
or
events.
Bitbucket default branch?
+
Default branch is the primary branch where new changes are merged usually
main or
master.
Bitbucket default pipeline?
+
Default pipeline is automatically triggered for all branches unless
overridden.
Bitbucket default reviewers?
+
Default reviewers are users automatically added to pull requests for code
review.
Bitbucket default reviewers?
+
Default reviewers are automatically added to pull requests for code review.
Bitbucket deployment environment?
+
Deployment environment represents a target system like development staging
or
production.
Bitbucket deployment permissions?
+
Deployment permissions control who can deploy to specific environments.
Bitbucket deployment tracking?
+
Deployment tracking shows which commit was deployed to which environment.
Bitbucket emoji reactions?
+
Emoji reactions allow quick feedback on pull request comments.
Bitbucket environment variables?
+
Environment variables store configuration values used in pipelines.
Bitbucket forking workflow?
+
Forking workflow involves creating a fork making changes and submitting a
pull
request to the original repository.
Bitbucket inline discussions?
+
Inline discussions allow commenting on specific lines in pull requests.
Bitbucket integration with jira?
+
Integration links commits branches and pull requests to Jira issues for
traceability.
Bitbucket issue tracker integration?
+
Integration links repository commits branches or pull requests to issues for
tracking.
Bitbucket issue tracker?
+
Issue tracker helps manage tasks bugs and feature requests within a
repository.
Bitbucket merge check requiring successful build?
+
This ensures pipelines pass before a pull request can be merged.
Bitbucket merge check?
+
Merge check ensures conditions like passing pipelines approvals or no
conflicts
before merging.
Bitbucket merge conflict?
+
Merge conflict occurs when changes in different branches conflict and cannot
be
merged automatically.
Bitbucket merge permissions?
+
Merge permissions restrict who can merge pull requests into a branch.
Bitbucket merge strategy?
+
Merge strategy determines how branches are combined: merge commit squash or
fast-forward.
Bitbucket pipeline caching?
+
Caching stores files like dependencies between builds to improve speed.
Bitbucket pipeline step?
+
Step defines an individual task in a pipeline such as build test or deploy.
Bitbucket pipeline trigger?
+
Trigger defines events that start a pipeline like push pull request or
schedule.
Bitbucket pipeline?
+
Bitbucket Pipeline is an integrated CI/CD service for building testing and
deploying
code automatically.
Bitbucket pipeline?
+
It’s a CI/CD tool integrated with Bitbucket. It automates build, test, and
deployment processes using a bitbucket-pipelines.yml file.
Bitbucket post-receive hook?
+
Post-receive hook runs after push to notify or trigger workflows.
Bitbucket pre-receive hook?
+
Pre-receive hook runs on the server before accepting pushed changes.
Bitbucket pull request approvals?
+
Approvals are confirmations from reviewers before merging pull requests.
Bitbucket pull request comment?
+
Comment allows discussion or feedback on code changes in pull requests.
Bitbucket pull request inline comment?
+
Inline comment is attached to a specific line in a file within a pull
request.
Bitbucket pull request merge button?
+
Merge button merges the pull request once all conditions are met.
Bitbucket pull request merge conflicts?
+
Merge conflicts occur when changes in branches are incompatible.
Bitbucket pull request merge strategies?
+
Merge strategies: merge commit squash or fast-forward.
Bitbucket pull request tasks?
+
Tasks are action items within pull requests for reviewers or authors to
complete.
Bitbucket release management?
+
Release management tracks versions tags and deployment history.
Bitbucket repository fork vs clone?
+
Fork creates remote copy for independent development; clone copies
repository
locally.
Bitbucket repository forking limit?
+
Cloud repositories can have unlimited forks; limits may apply in Server
based on
configuration.
Bitbucket repository hook?
+
Repository hook is a script triggered by repository events like commits or
pull
requests.
Bitbucket repository mirroring?
+
Repository mirroring synchronizes changes between two repositories.
Bitbucket repository permissions inheritance?
+
Permissions can be inherited from project-level to repository-level for
consistent
access.
Bitbucket repository size limit?
+
Bitbucket Cloud repository limit is 2 GB for free plan; Server can be
configured
based on hardware.
Bitbucket repository watchers vs default reviewers?
+
Watchers receive notifications; default reviewers are added to pull requests
automatically.
Bitbucket repository watchers?
+
Watchers receive notifications about repository activity.
Bitbucket repository?
+
A repository is a storage space on Bitbucket where your project’s code
history and
collaboration features are managed.
Bitbucket rest api?
+
REST API allows programmatic access to Bitbucket resources for automation
and
integrations.
Bitbucket server (data center)?
+
Bitbucket Server is a self-hosted solution for enterprises to manage Git
repositories internally.
Bitbucket smart mirroring?
+
Smart mirroring improves clone and fetch speed by using geographically
closer
mirrors.
Bitbucket snippet permissions?
+
Snippet permissions control who can view or edit code snippets.
Bitbucket snippet?
+
Snippet is a way to share small pieces of code or text with others
independent of
repositories.
Bitbucket ssh key?
+
SSH key is used for secure authentication between local machine and
repository.
Bitbucket tag?
+
Tag marks a specific commit in the repository often used for releases.
Bitbucket tags vs branches?
+
Tags mark specific points; branches are active development lines.
Bitbucket user groups?
+
User groups allow managing access permissions for multiple users
collectively.
Bitbucket workspace?
+
Workspace is a container for repositories users and projects in Bitbucket
Cloud.
Bitbucket?
+
Bitbucket is a web-based platform for hosting Git and Mercurial repositories
providing source code management and collaboration tools.
Bitbucket?
+
Bitbucket is a Git-based repository hosting service by Atlassian. It
supports Git
and Mercurial, pull requests, branch permissions, and integrates with Jira
and CI/CD
pipelines.
Branch in bitbucket?
+
A branch is a parallel version of a repository used to develop features fix
bugs or
experiment without affecting the main codebase.
Diffbet bitbucket and github?
+
Bitbucket supports both Git and Mercurial offers free private repositories
and
integrates well with Atlassian tools; GitHub focuses on Git and public
repositories
with a strong open-source community.
Diffbet bitbucket cloud and server pipelines?
+
Cloud pipelines are hosted in Bitbucket’s environment; Server pipelines are
run on
self-hosted infrastructure.
Diffbet bitbucket pull request approval and merge
check?
+
Approval indicates reviewers’ consent; merge check enforces rules before
allowing a
merge.
Diffbet bitbucket rest api and webhooks?
+
REST API is used for querying and managing resources; webhooks push event
notifications to external systems.
Diffbet branch permissions and user permissions in
bitbucket?
+
Branch permissions restrict actions on specific branches; user permissions
control
overall repository access.
Diffbet commit and push in bitbucket?
+
Commit saves changes locally; push uploads commits to remote repository.
Diffbet environment and branch in bitbucket?
+
Branch is a code version; environment is a deployment target.
Diffbet fork and clone in bitbucket?
+
Fork creates a separate remote repository; clone copies a repository to your
local
machine.
Diffbet git and bitbucket?
+
Git is a version control system, while Bitbucket is a hosting service for
Git
repositories with collaboration features like PRs, pipelines, and access
controls.
Diffbet git and mercurial in bitbucket?
+
Both are distributed version control systems; Git is more widely used and
flexible
Mercurial is simpler with easier workflows.
Diffbet git clone and bitbucket clone?
+
Git clone is a Git command for local copies; Bitbucket clone often refers to
cloning
repositories hosted on Bitbucket.
Diffbet https and ssh in bitbucket?
+
HTTPS requires username/password or app password; SSH uses public-private
key pairs.
Diffbet lightweight and annotated tags in bitbucket?
+
Lightweight tag is just a pointer; annotated tag includes metadata like
author date
and message.
Diffbet manual and automatic merging in bitbucket?
+
Manual merging requires user action; automatic merging merges once all
checks and
approvals pass.
Diffbet manual and automatic triggers in bitbucket?
+
Manual triggers require user action; automatic triggers run based on
configured
events.
Diffbet master and main in bitbucket?
+
Main is the modern default branch name; master is the legacy default branch
name.
Diffbet merge and pull request?
+
Merge is the action of combining code; pull request is the workflow for
review and
discussion before merging.
Diffbet merge checks and branch permissions?
+
Merge checks enforce conditions for pull requests; branch permissions
restrict
direct actions on branches.
Diffbet mirror and fork in bitbucket?
+
Mirror replicates a repository; fork creates an independent copy for
development.
Diffbet pipeline step and pipeline?
+
Pipeline is a sequence of steps; step is a single unit within the pipeline.
Diffbet project and repository in bitbucket?
+
Project groups multiple repositories; repository stores the actual code and
history.
Diffbet read
+
write and admin access in Bitbucket? Read allows viewing code write allows
pushing
changes admin allows full control including settings and permissions.
Diffbet rebase and merge in bitbucket?
+
Rebase applies commits on top of base branch for linear history; merge
combines
branches preserving commit history.
Diffbet repository and project permissions in
bitbucket?
+
Repository permissions control access to a specific repository; project
permissions
control access to all repositories under a project.
Fast-forward merge in bitbucket?
+
Fast-forward merge moves the branch pointer forward when there are no
divergent
commits.
Fork in bitbucket?
+
A fork is a copy of a repository in your account to make changes
independently
before submitting a pull request.
Merge in bitbucket?
+
Merge combines changes from one branch into another typically after code
review.
Pull request in bitbucket?
+
Pull request is a mechanism to propose code changes from one branch to
another with
review and approval workflow.
Pull requests in bitbucket?
+
A pull request (PR) lets developers propose code changes for review before
merging
into main branches. It ensures code quality and collaboration.
Squash merge in bitbucket?
+
Squash merge combines multiple commits into a single commit before merging
into the
target branch.
To create a repository in bitbucket?
+
Login → Click Create repository → Provide name, description, access type →
Initialize with README (optional) → Create.
To resolve merge conflicts in bitbucket cloud?
+
Fetch the branch resolve conflicts locally commit and push to the pull
request
branch.
Webhook in bitbucket?
+
Webhook allows Bitbucket to send event notifications to external systems or
services
automatically.
Yaml in bitbucket pipelines?
+
YAML file defines pipeline configuration including steps triggers and
deployment
environments.
You resolve merge conflicts in bitbucket?
+
Resolve conflicts locally in Git commit the changes and push to the branch.
Bitbucket api?
+
Bitbucket API allows programmatic access to repositories pipelines pull
requests and
other resources.
Bitbucket app password?
+
App password allows authentication for API or Git operations without using
your main
password.
Bitbucket artifacts in pipelines?
+
Artifacts are files produced by steps that can be used in later steps or
downloads.
Bitbucket branch model?
+
Branch model defines naming conventions and workflow for feature release and
hotfix
branches.
Bitbucket branch permission?
+
Branch permission restricts who can push merge or delete on specific
branches.
Bitbucket build status?
+
Build status shows pipeline or CI/CD success/failure associated with commits
or pull
requests.
Bitbucket caches in pipelines?
+
Caches store dependencies between builds to speed up pipeline execution.
Bitbucket cloud?
+
Bitbucket Cloud is a SaaS version hosted by Atlassian accessible via web
browser
without local server setup.
Bitbucket code insights?
+
Code Insights provides annotations reports and automated feedback in pull
requests.
Bitbucket code review?
+
Code review is the process of inspecting code changes before merging.
Bitbucket code search?
+
Code search allows searching for keywords across repositories and branches.
Bitbucket commit hook?
+
Commit hook triggers scripts on commit events to enforce rules or
automation.
Bitbucket commit?
+
A commit is a snapshot of changes in the repository with a unique
identifier.
Bitbucket compare feature?
+
Compare shows differences between branches commits or tags.
Bitbucket custom pipeline?
+
Custom pipeline is manually triggered or triggered by specific branches tags
or
events.
Bitbucket default branch?
+
Default branch is the primary branch where new changes are merged usually
main or
master.
Bitbucket default pipeline?
+
Default pipeline is automatically triggered for all branches unless
overridden.
Bitbucket default reviewers?
+
Default reviewers are users automatically added to pull requests for code
review.
Bitbucket default reviewers?
+
Default reviewers are automatically added to pull requests for code review.
Bitbucket deployment environment?
+
Deployment environment represents a target system like development staging
or
production.
Bitbucket deployment permissions?
+
Deployment permissions control who can deploy to specific environments.
Bitbucket deployment tracking?
+
Deployment tracking shows which commit was deployed to which environment.
Bitbucket emoji reactions?
+
Emoji reactions allow quick feedback on pull request comments.
Bitbucket environment variables?
+
Environment variables store configuration values used in pipelines.
Bitbucket forking workflow?
+
Forking workflow involves creating a fork making changes and submitting a
pull
request to the original repository.
Bitbucket inline discussions?
+
Inline discussions allow commenting on specific lines in pull requests.
Bitbucket integration with jira?
+
Integration links commits branches and pull requests to Jira issues for
traceability.
Bitbucket issue tracker integration?
+
Integration links repository commits branches or pull requests to issues for
tracking.
Bitbucket issue tracker?
+
Issue tracker helps manage tasks bugs and feature requests within a
repository.
Bitbucket merge check requiring successful build?
+
This ensures pipelines pass before a pull request can be merged.
Bitbucket merge check?
+
Merge check ensures conditions like passing pipelines approvals or no
conflicts
before merging.
Bitbucket merge conflict?
+
Merge conflict occurs when changes in different branches conflict and cannot
be
merged automatically.
Bitbucket merge permissions?
+
Merge permissions restrict who can merge pull requests into a branch.
Bitbucket merge strategy?
+
Merge strategy determines how branches are combined: merge commit squash or
fast-forward.
Bitbucket pipeline caching?
+
Caching stores files like dependencies between builds to improve speed.
Bitbucket pipeline step?
+
Step defines an individual task in a pipeline such as build test or deploy.
Bitbucket pipeline trigger?
+
Trigger defines events that start a pipeline like push pull request or
schedule.
Bitbucket pipeline?
+
Bitbucket Pipeline is an integrated CI/CD service for building testing and
deploying
code automatically.
Bitbucket pipeline?
+
It’s a CI/CD tool integrated with Bitbucket. It automates build, test, and
deployment processes using a bitbucket-pipelines.yml file.
Bitbucket post-receive hook?
+
Post-receive hook runs after push to notify or trigger workflows.
Bitbucket pre-receive hook?
+
Pre-receive hook runs on the server before accepting pushed changes.
Bitbucket pull request approvals?
+
Approvals are confirmations from reviewers before merging pull requests.
Bitbucket pull request comment?
+
Comment allows discussion or feedback on code changes in pull requests.
Bitbucket pull request inline comment?
+
Inline comment is attached to a specific line in a file within a pull
request.
Bitbucket pull request merge button?
+
Merge button merges the pull request once all conditions are met.
Bitbucket pull request merge conflicts?
+
Merge conflicts occur when changes in branches are incompatible.
Bitbucket pull request merge strategies?
+
Merge strategies: merge commit squash or fast-forward.
Bitbucket pull request tasks?
+
Tasks are action items within pull requests for reviewers or authors to
complete.
Bitbucket release management?
+
Release management tracks versions tags and deployment history.
Bitbucket repository fork vs clone?
+
Fork creates remote copy for independent development; clone copies
repository
locally.
Bitbucket repository forking limit?
+
Cloud repositories can have unlimited forks; limits may apply in Server
based on
configuration.
Bitbucket repository hook?
+
Repository hook is a script triggered by repository events like commits or
pull
requests.
Bitbucket repository mirroring?
+
Repository mirroring synchronizes changes between two repositories.
Bitbucket repository permissions inheritance?
+
Permissions can be inherited from project-level to repository-level for
consistent
access.
Bitbucket repository size limit?
+
Bitbucket Cloud repository limit is 2 GB for free plan; Server can be
configured
based on hardware.
Bitbucket repository watchers vs default reviewers?
+
Watchers receive notifications; default reviewers are added to pull requests
automatically.
Bitbucket repository watchers?
+
Watchers receive notifications about repository activity.
Bitbucket repository?
+
A repository is a storage space on Bitbucket where your project’s code
history and
collaboration features are managed.
Bitbucket rest api?
+
REST API allows programmatic access to Bitbucket resources for automation
and
integrations.
Bitbucket server (data center)?
+
Bitbucket Server is a self-hosted solution for enterprises to manage Git
repositories internally.
Bitbucket smart mirroring?
+
Smart mirroring improves clone and fetch speed by using geographically
closer
mirrors.
Bitbucket snippet permissions?
+
Snippet permissions control who can view or edit code snippets.
Bitbucket snippet?
+
Snippet is a way to share small pieces of code or text with others
independent of
repositories.
Bitbucket ssh key?
+
SSH key is used for secure authentication between local machine and
repository.
Bitbucket tag?
+
Tag marks a specific commit in the repository often used for releases.
Bitbucket tags vs branches?
+
Tags mark specific points; branches are active development lines.
Bitbucket user groups?
+
User groups allow managing access permissions for multiple users
collectively.
Bitbucket workspace?
+
Workspace is a container for repositories users and projects in Bitbucket
Cloud.
Bitbucket?
+
Bitbucket is a web-based platform for hosting Git and Mercurial repositories
providing source code management and collaboration tools.
Bitbucket?
+
Bitbucket is a Git-based repository hosting service by Atlassian. It
supports Git
and Mercurial, pull requests, branch permissions, and integrates with Jira
and CI/CD
pipelines.
Branch in bitbucket?
+
A branch is a parallel version of a repository used to develop features fix
bugs or
experiment without affecting the main codebase.
Diffbet bitbucket and github?
+
Bitbucket supports both Git and Mercurial offers free private repositories
and
integrates well with Atlassian tools; GitHub focuses on Git and public
repositories
with a strong open-source community.
Diffbet bitbucket cloud and server pipelines?
+
Cloud pipelines are hosted in Bitbucket’s environment; Server pipelines are
run on
self-hosted infrastructure.
Diffbet bitbucket pull request approval and merge
check?
+
Approval indicates reviewers’ consent; merge check enforces rules before
allowing a
merge.
Diffbet bitbucket rest api and webhooks?
+
REST API is used for querying and managing resources; webhooks push event
notifications to external systems.
Diffbet branch permissions and user permissions in
bitbucket?
+
Branch permissions restrict actions on specific branches; user permissions
control
overall repository access.
Diffbet commit and push in bitbucket?
+
Commit saves changes locally; push uploads commits to remote repository.
Diffbet environment and branch in bitbucket?
+
Branch is a code version; environment is a deployment target.
Diffbet fork and clone in bitbucket?
+
Fork creates a separate remote repository; clone copies a repository to your
local
machine.
Diffbet git and bitbucket?
+
Git is a version control system, while Bitbucket is a hosting service for
Git
repositories with collaboration features like PRs, pipelines, and access
controls.
Diffbet git and mercurial in bitbucket?
+
Both are distributed version control systems; Git is more widely used and
flexible
Mercurial is simpler with easier workflows.
Diffbet git clone and bitbucket clone?
+
Git clone is a Git command for local copies; Bitbucket clone often refers to
cloning
repositories hosted on Bitbucket.
Diffbet https and ssh in bitbucket?
+
HTTPS requires username/password or app password; SSH uses public-private
key pairs.
Diffbet lightweight and annotated tags in bitbucket?
+
Lightweight tag is just a pointer; annotated tag includes metadata like
author date
and message.
Diffbet manual and automatic merging in bitbucket?
+
Manual merging requires user action; automatic merging merges once all
checks and
approvals pass.
Diffbet manual and automatic triggers in bitbucket?
+
Manual triggers require user action; automatic triggers run based on
configured
events.
Diffbet master and main in bitbucket?
+
Main is the modern default branch name; master is the legacy default branch
name.
Diffbet merge and pull request?
+
Merge is the action of combining code; pull request is the workflow for
review and
discussion before merging.
Diffbet merge checks and branch permissions?
+
Merge checks enforce conditions for pull requests; branch permissions
restrict
direct actions on branches.
Diffbet mirror and fork in bitbucket?
+
Mirror replicates a repository; fork creates an independent copy for
development.
Diffbet pipeline step and pipeline?
+
Pipeline is a sequence of steps; step is a single unit within the pipeline.
Diffbet project and repository in bitbucket?
+
Project groups multiple repositories; repository stores the actual code and
history.
Diffbet read
+
write and admin access in Bitbucket? Read allows viewing code write allows
pushing
changes admin allows full control including settings and permissions.
Diffbet rebase and merge in bitbucket?
+
Rebase applies commits on top of base branch for linear history; merge
combines
branches preserving commit history.
Diffbet repository and project permissions in
bitbucket?
+
Repository permissions control access to a specific repository; project
permissions
control access to all repositories under a project.
Fast-forward merge in bitbucket?
+
Fast-forward merge moves the branch pointer forward when there are no
divergent
commits.
Fork in bitbucket?
+
A fork is a copy of a repository in your account to make changes
independently
before submitting a pull request.
Merge in bitbucket?
+
Merge combines changes from one branch into another typically after code
review.
Pull request in bitbucket?
+
Pull request is a mechanism to propose code changes from one branch to
another with
review and approval workflow.
Pull requests in bitbucket?
+
A pull request (PR) lets developers propose code changes for review before
merging
into main branches. It ensures code quality and collaboration.
Squash merge in bitbucket?
+
Squash merge combines multiple commits into a single commit before merging
into the
target branch.
To create a repository in bitbucket?
+
Login → Click Create repository → Provide name, description, access type →
Initialize with README (optional) → Create.
To resolve merge conflicts in bitbucket cloud?
+
Fetch the branch resolve conflicts locally commit and push to the pull
request
branch.
Webhook in bitbucket?
+
Webhook allows Bitbucket to send event notifications to external systems or
services
automatically.
Yaml in bitbucket pipelines?
+
YAML file defines pipeline configuration including steps triggers and
deployment
environments.
You resolve merge conflicts in bitbucket?
+
Resolve conflicts locally in Git commit the changes and push to the branch.
Bitbucket api?
+
Bitbucket API allows programmatic access to repositories pipelines pull
requests and
other resources.
Bitbucket app password?
+
App password allows authentication for API or Git operations without using
your main
password.
Bitbucket artifacts in pipelines?
+
Artifacts are files produced by steps that can be used in later steps or
downloads.
Bitbucket branch model?
+
Branch model defines naming conventions and workflow for feature release and
hotfix
branches.
Bitbucket branch permission?
+
Branch permission restricts who can push merge or delete on specific
branches.
Bitbucket build status?
+
Build status shows pipeline or CI/CD success/failure associated with commits
or pull
requests.
Bitbucket caches in pipelines?
+
Caches store dependencies between builds to speed up pipeline execution.
Bitbucket cloud?
+
Bitbucket Cloud is a SaaS version hosted by Atlassian accessible via web
browser
without local server setup.
Bitbucket code insights?
+
Code Insights provides annotations reports and automated feedback in pull
requests.
Bitbucket code review?
+
Code review is the process of inspecting code changes before merging.
Bitbucket code search?
+
Code search allows searching for keywords across repositories and branches.
Bitbucket commit hook?
+
Commit hook triggers scripts on commit events to enforce rules or
automation.
Bitbucket commit?
+
A commit is a snapshot of changes in the repository with a unique
identifier.
Bitbucket compare feature?
+
Compare shows differences between branches commits or tags.
Bitbucket custom pipeline?
+
Custom pipeline is manually triggered or triggered by specific branches tags
or
events.
Bitbucket default branch?
+
Default branch is the primary branch where new changes are merged usually
main or
master.
Bitbucket default pipeline?
+
Default pipeline is automatically triggered for all branches unless
overridden.
Bitbucket default reviewers?
+
Default reviewers are users automatically added to pull requests for code
review.
Bitbucket default reviewers?
+
Default reviewers are automatically added to pull requests for code review.
Bitbucket deployment environment?
+
Deployment environment represents a target system like development staging
or
production.
Bitbucket deployment permissions?
+
Deployment permissions control who can deploy to specific environments.
Bitbucket deployment tracking?
+
Deployment tracking shows which commit was deployed to which environment.
Bitbucket emoji reactions?
+
Emoji reactions allow quick feedback on pull request comments.
Bitbucket environment variables?
+
Environment variables store configuration values used in pipelines.
Bitbucket forking workflow?
+
Forking workflow involves creating a fork making changes and submitting a
pull
request to the original repository.
Bitbucket inline discussions?
+
Inline discussions allow commenting on specific lines in pull requests.
Bitbucket integration with jira?
+
Integration links commits branches and pull requests to Jira issues for
traceability.
Bitbucket issue tracker integration?
+
Integration links repository commits branches or pull requests to issues for
tracking.
Bitbucket issue tracker?
+
Issue tracker helps manage tasks bugs and feature requests within a
repository.
Bitbucket merge check requiring successful build?
+
This ensures pipelines pass before a pull request can be merged.
Bitbucket merge check?
+
Merge check ensures conditions like passing pipelines approvals or no
conflicts
before merging.
Bitbucket merge conflict?
+
Merge conflict occurs when changes in different branches conflict and cannot
be
merged automatically.
Bitbucket merge permissions?
+
Merge permissions restrict who can merge pull requests into a branch.
Bitbucket merge strategy?
+
Merge strategy determines how branches are combined: merge commit squash or
fast-forward.
Bitbucket pipeline caching?
+
Caching stores files like dependencies between builds to improve speed.
Bitbucket pipeline step?
+
Step defines an individual task in a pipeline such as build test or deploy.
Bitbucket pipeline trigger?
+
Trigger defines events that start a pipeline like push pull request or
schedule.
Bitbucket pipeline?
+
Bitbucket Pipeline is an integrated CI/CD service for building testing and
deploying
code automatically.
Bitbucket pipeline?
+
It’s a CI/CD tool integrated with Bitbucket. It automates build, test, and
deployment processes using a bitbucket-pipelines.yml file.
Bitbucket post-receive hook?
+
Post-receive hook runs after push to notify or trigger workflows.
Bitbucket pre-receive hook?
+
Pre-receive hook runs on the server before accepting pushed changes.
Bitbucket pull request approvals?
+
Approvals are confirmations from reviewers before merging pull requests.
Bitbucket pull request comment?
+
Comment allows discussion or feedback on code changes in pull requests.
Bitbucket pull request inline comment?
+
Inline comment is attached to a specific line in a file within a pull
request.
Bitbucket pull request merge button?
+
Merge button merges the pull request once all conditions are met.
Bitbucket pull request merge conflicts?
+
Merge conflicts occur when changes in branches are incompatible.
Bitbucket pull request merge strategies?
+
Merge strategies: merge commit squash or fast-forward.
Bitbucket pull request tasks?
+
Tasks are action items within pull requests for reviewers or authors to
complete.
Bitbucket release management?
+
Release management tracks versions tags and deployment history.
Bitbucket repository fork vs clone?
+
Fork creates remote copy for independent development; clone copies
repository
locally.
Bitbucket repository forking limit?
+
Cloud repositories can have unlimited forks; limits may apply in Server
based on
configuration.
Bitbucket repository hook?
+
Repository hook is a script triggered by repository events like commits or
pull
requests.
Bitbucket repository mirroring?
+
Repository mirroring synchronizes changes between two repositories.
Bitbucket repository permissions inheritance?
+
Permissions can be inherited from project-level to repository-level for
consistent
access.
Bitbucket repository size limit?
+
Bitbucket Cloud repository limit is 2 GB for free plan; Server can be
configured
based on hardware.
Bitbucket repository watchers vs default reviewers?
+
Watchers receive notifications; default reviewers are added to pull requests
automatically.
Bitbucket repository watchers?
+
Watchers receive notifications about repository activity.
Bitbucket repository?
+
A repository is a storage space on Bitbucket where your project’s code
history and
collaboration features are managed.
Bitbucket rest api?
+
REST API allows programmatic access to Bitbucket resources for automation
and
integrations.
Bitbucket server (data center)?
+
Bitbucket Server is a self-hosted solution for enterprises to manage Git
repositories internally.
Bitbucket smart mirroring?
+
Smart mirroring improves clone and fetch speed by using geographically
closer
mirrors.
Bitbucket snippet permissions?
+
Snippet permissions control who can view or edit code snippets.
Bitbucket snippet?
+
Snippet is a way to share small pieces of code or text with others
independent of
repositories.
Bitbucket ssh key?
+
SSH key is used for secure authentication between local machine and
repository.
Bitbucket tag?
+
Tag marks a specific commit in the repository often used for releases.
Bitbucket tags vs branches?
+
Tags mark specific points; branches are active development lines.
Bitbucket user groups?
+
User groups allow managing access permissions for multiple users
collectively.
Bitbucket workspace?
+
Workspace is a container for repositories users and projects in Bitbucket
Cloud.
Bitbucket?
+
Bitbucket is a web-based platform for hosting Git and Mercurial repositories
providing source code management and collaboration tools.
Bitbucket?
+
Bitbucket is a Git-based repository hosting service by Atlassian. It
supports Git
and Mercurial, pull requests, branch permissions, and integrates with Jira
and CI/CD
pipelines.
Branch in bitbucket?
+
A branch is a parallel version of a repository used to develop features fix
bugs or
experiment without affecting the main codebase.
Diffbet bitbucket and github?
+
Bitbucket supports both Git and Mercurial offers free private repositories
and
integrates well with Atlassian tools; GitHub focuses on Git and public
repositories
with a strong open-source community.
Diffbet bitbucket cloud and server pipelines?
+
Cloud pipelines are hosted in Bitbucket’s environment; Server pipelines are
run on
self-hosted infrastructure.
Diffbet bitbucket pull request approval and merge
check?
+
Approval indicates reviewers’ consent; merge check enforces rules before
allowing a
merge.
Diffbet bitbucket rest api and webhooks?
+
REST API is used for querying and managing resources; webhooks push event
notifications to external systems.
Diffbet branch permissions and user permissions in
bitbucket?
+
Branch permissions restrict actions on specific branches; user permissions
control
overall repository access.
Diffbet commit and push in bitbucket?
+
Commit saves changes locally; push uploads commits to remote repository.
Diffbet environment and branch in bitbucket?
+
Branch is a code version; environment is a deployment target.
Diffbet fork and clone in bitbucket?
+
Fork creates a separate remote repository; clone copies a repository to your
local
machine.
Diffbet git and bitbucket?
+
Git is a version control system, while Bitbucket is a hosting service for
Git
repositories with collaboration features like PRs, pipelines, and access
controls.
Diffbet git and mercurial in bitbucket?
+
Both are distributed version control systems; Git is more widely used and
flexible
Mercurial is simpler with easier workflows.
Diffbet git clone and bitbucket clone?
+
Git clone is a Git command for local copies; Bitbucket clone often refers to
cloning
repositories hosted on Bitbucket.
Diffbet https and ssh in bitbucket?
+
HTTPS requires username/password or app password; SSH uses public-private
key pairs.
Diffbet lightweight and annotated tags in bitbucket?
+
Lightweight tag is just a pointer; annotated tag includes metadata like
author date
and message.
Diffbet manual and automatic merging in bitbucket?
+
Manual merging requires user action; automatic merging merges once all
checks and
approvals pass.
Diffbet manual and automatic triggers in bitbucket?
+
Manual triggers require user action; automatic triggers run based on
configured
events.
Diffbet master and main in bitbucket?
+
Main is the modern default branch name; master is the legacy default branch
name.
Diffbet merge and pull request?
+
Merge is the action of combining code; pull request is the workflow for
review and
discussion before merging.
Diffbet merge checks and branch permissions?
+
Merge checks enforce conditions for pull requests; branch permissions
restrict
direct actions on branches.
Diffbet mirror and fork in bitbucket?
+
Mirror replicates a repository; fork creates an independent copy for
development.
Diffbet pipeline step and pipeline?
+
Pipeline is a sequence of steps; step is a single unit within the pipeline.
Diffbet project and repository in bitbucket?
+
Project groups multiple repositories; repository stores the actual code and
history.
Diffbet read
+
write and admin access in Bitbucket? Read allows viewing code write allows
pushing
changes admin allows full control including settings and permissions.
Diffbet rebase and merge in bitbucket?
+
Rebase applies commits on top of base branch for linear history; merge
combines
branches preserving commit history.
Diffbet repository and project permissions in
bitbucket?
+
Repository permissions control access to a specific repository; project
permissions
control access to all repositories under a project.
Fast-forward merge in bitbucket?
+
Fast-forward merge moves the branch pointer forward when there are no
divergent
commits.
Fork in bitbucket?
+
A fork is a copy of a repository in your account to make changes
independently
before submitting a pull request.
Merge in bitbucket?
+
Merge combines changes from one branch into another typically after code
review.
Pull request in bitbucket?
+
Pull request is a mechanism to propose code changes from one branch to
another with
review and approval workflow.
Pull requests in bitbucket?
+
A pull request (PR) lets developers propose code changes for review before
merging
into main branches. It ensures code quality and collaboration.
Squash merge in bitbucket?
+
Squash merge combines multiple commits into a single commit before merging
into the
target branch.
To create a repository in bitbucket?
+
Login → Click Create repository → Provide name, description, access type →
Initialize with README (optional) → Create.
To resolve merge conflicts in bitbucket cloud?
+
Fetch the branch resolve conflicts locally commit and push to the pull
request
branch.
Webhook in bitbucket?
+
Webhook allows Bitbucket to send event notifications to external systems or
services
automatically.
Yaml in bitbucket pipelines?
+
YAML file defines pipeline configuration including steps triggers and
deployment
environments.
You resolve merge conflicts in bitbucket?
+
Resolve conflicts locally in Git commit the changes and push to the branch.
JKM C#
.NET?
+
A framework that provides runtime, libraries, and tools for building
applications.
?. operator?
+
Null conditional operator to avoid NullReferenceException.
“throw” vs “throw ex”
+
throw preserves original stack trace., throw ex resets stack trace.
Abstract class?
+
A class that cannot be instantiated and may contain abstract members.
Abstraction?
+
Exposing essential features while hiding implementation details.
Accessibility in interface
+
All members in an interface are implicitly public., No need for modifiers
because
interfaces define a contract.
ADO.NET?
+
Data access framework for .NET.
Anonymous method?
+
Inline method declared without a name.
Anonymous Types in C#?
+
Anonymous types allow creating objects without defining a class. They are
mostly
used with LINQ queries to store temporary data. Example: var person = new {
Name =
"John", Age = 30 };.
ArrayList?
+
Non-generic dynamic array.
Arrays in C#?
+
Arrays are fixed-size, strongly-typed collections that store elements of the
same
type., They provide indexed access and are stored in contiguous memory.
Async stream?
+
Async iteration using IAsyncEnumerable.
Async/await?
+
Keywords for asynchronous programming.
Attribute in C#?
+
Metadata added to assemblies, classes, or members.
Attributes
+
Metadata added to code elements., Used for runtime behavior control.,
Example:
[Obsolete], [Serializable].
Auto property?
+
Property with implicit backing field.
Base class for all classes
+
System.Object is the root base class in .NET., All classes derive from it
directly
or indirectly.
Base keyword?
+
Used to call base class members.
Boxing and Unboxing:
+
Boxing converts a value type to an object type. Unboxing extracts that value
back
from the object. Boxing is slower and stored on heap.
Boxing?
+
Converting value type to object/reference type.
C#?
+
A modern, object-oriented programming language developed by Microsoft.
C#?
+
C# is an object-oriented programming language developed by Microsoft. It is
used to
build applications for web, desktop, cloud, and mobile platforms. It runs on
the
.NET framework.
C#? Latest version?
+
C# is an object-oriented programming language from Microsoft built on .NET.
It
supports strong typing, inheritance, and modern features like LINQ and
async. The
latest version (as of 2025) is C# 13.
Can “this” be used within a static method?
+
No, the this keyword cannot be used inside a static method., Static methods
belong
to the class, not to a specific object instance., Since this refers to the
current
instance, it is only valid in instance methods.
Can a private virtual method be overridden?
+
No, because private methods are not accessible in derived classes and
virtual
methods require inheritance.
Can multiple catch blocks be executed?
+
No, only one catch block executes—the one that matches the thrown exception.
Other
catch blocks are ignored.
Can multiple catch blocks execute?
+
No, only one matching catch block executes in a try-catch structure., The
first
matching exception handler is executed and others are skipped.
Can we use “this” keyword within a static method?
+
No, because this refers to the current instance, and static methods belong
to the
class—not an object.
Circular references
+
Occur when two or more objects reference each other., This prevents objects
from
being garbage collected., Common in linked structures., Requires proper
cleanup
strategies.
Class vs struct?
+
Class is reference type; struct is value type.
Class?
+
Blueprint for creating objects.
CLR?
+
Common Language Runtime; manages execution, memory, security, and threading.
CLS?
+
Common Language Specification; rules for .NET language interoperability.
Common exception types
+
NullReferenceException, IndexOutOfRangeException, DivideByZeroException,
FormatException, InvalidOperationException
Conflicting interface method names
+
Implement explicitly by specifying interface name:, void
IInterface1.Method() { },
void IInterface2.Method() { }
Conflicting methods in inherited interfaces:
+
If interfaces have identical method signatures, only one implementation is
needed.,
If behavior differs, explicit interface implementation must be used.
Console application
+
Runs in command-line interface., No GUI., Used for scripting or service
apps.
Constant vs Readonly:
+
const is compile-time constant and cannot change after compilation. readonly
can be
assigned at runtime (constructor). const is static by default.
Constructor chaining?
+
Constructor chaining allows one constructor to call another within the same
class
using this()., It helps avoid duplicate code and centralize initialization
logic.
Constructor?
+
Method invoked when an object is created.
Continue vs Break:
+
continue skips remaining loop code and moves to next iteration. break exits
the loop
entirely. Both control loop execution flow.
Contravariance?
+
Allows base types where derived types expected.
Covariance?
+
Allows derived types more liberally.
Create array with non-default values
+
int[] arr = Enumerable.Repeat(5, 10).ToArray();
CTS?
+
Common Type System; defines how data types are declared and used.
Custom Control and User Control?
+
User control is built by combining existing controls (drag and drop).,
Custom
control is created from scratch and reused across applications.
Custom exception?
+
User-defined exception class.
Custom Exceptions
+
User-defined exceptions for specific application errors., Created by
inheriting
Exception class., Helps make error handling meaningful and readable., Used
to
represent domain-specific failures.
Deadlock?
+
Two threads waiting forever for each other’s lock.
Define Constructors
+
A constructor is a special method that initializes objects when created. It
has the
same name as the class and doesn’t return a value.
Delegate?
+
Type-safe function pointer.
Delegates
+
A delegate is a type that holds a reference to a method., Enables event
handling and
callback mechanisms., Supports type safety and encapsulation of method
calls.,
Similar to function pointers in C++.
Dependency injection?
+
Design pattern for providing external dependencies.
Describe the accessibility modifier “protected
internal”.
+
It means the member can be accessed within the same assembly or from derived
classes
in other assemblies.
Deserialization?
+
Converting serialized data back to object.
Destructor?
+
Method called before an object is destroyed by GC.
Dictionary?
+
Key-value collection.
DifBet abstract class and interface?
+
Abstract class can have implementation; interface cannot (before C# 8).
DifBet Array & List?
+
Array has fixed size; List grows dynamically.
DifBet C# and .NET?
+
C# is a programming language; .NET is the runtime and framework.
DifBet const and readonly?
+
const is compile-time constant; readonly is runtime constant.
DifBet Dictionary and Hashtable?
+
Dictionary is generic and faster.
DifBet IEnumerable and IQueryable?
+
IEnumerable executes in memory; IQueryable executes in database.
DifBet ref and out?
+
ref requires initialization; out does not.
DifBet Task and Thread?
+
Task is a higher-level abstraction running on thread pool; Thread is
OS-level.
DiffBet “is” and “as”
+
is checks compatibility., as tries casting and returns null if fails, no
exception.
DiffBet == and Equals():
+
== checks reference equality for objects and value equality for value
types.,
Equals() can be overridden for custom comparison logic.
DiffBet Array and ArrayList:
+
Array has fixed size and stores a single data type., ArrayList is dynamic
and stores
objects, requiring boxing/unboxing for value types.
DiffBet Array and ArrayList?
+
Array has fixed size and stores same data type., ArrayList can grow
dynamically and
stores mixed types.
DiffBet Array.CopyTo() and Array.Clone()
+
Clone() creates a shallow copy of the array including its size., CopyTo()
copies
elements into an existing array starting at a specified index., Clone()
returns a
new array of the same type., CopyTo() requires the destination array to be
allocated
beforehand.
DiffBet Array.CopyTo() and Array.Clone():
+
CopyTo() copies array elements to an existing array., Clone() creates a
shallow copy
of the entire array as a new instance.
DiffBet boxing and unboxing:
+
Boxing converts a value type to a reference type (object)., Unboxing
converts the
object back to its original value type., Boxing is implicit; unboxing must
be
explicit and can cause runtime errors if mismatched.
DiffBet constants and read-only?
+
const must be assigned at compile time and cannot change., readonly can be
assigned
at runtime, usually in a constructor.
DiffBet Dispose and Finalize in C#:
+
Dispose() is called manually to release unmanaged resources using
IDisposable.,
Finalize() (destructor) is called automatically by the Garbage Collector.,
Dispose
provides deterministic cleanup, while Finalize is non-deterministic and
slower.
DiffBet Finalize() and Dispose()
+
Finalize() is called by the garbage collector and cannot be invoked
manually.,
Dispose() is called manually to release unmanaged resources., Finalize() has
performance overhead., Dispose() is implemented via IDisposable.
DiffBet IEnumerable and IQueryable:
+
IEnumerable filters data in memory and is suitable for in-memory
collections.,
IQueryable filters data at the database level using expression trees.,
IQueryable
supports remote querying, improving performance for large datasets.
DiffBet interface and abstract class
+
Interface contains only declarations, no implementation (until default
methods in
new versions)., Abstract class can have both abstract and concrete methods.,
A class
can inherit multiple interfaces but only one abstract class., Interfaces
define a
contract; abstract classes provide a base.
DiffBet Is and As operators:
+
is checks whether an object is compatible with a type and returns
true/false., as
performs safe casting and returns null if the cast fails.
DiffBet late and early binding:
+
Early binding occurs at compile time (e.g., method calls on known types).,
Late
binding happens at runtime (e.g., using dynamic or reflection)., Early
binding is
faster and type-safe, while late binding is flexible but slower.
DiffBet public, static, and void?
+
public means accessible anywhere., static belongs to the class, not the
instance.,
void means the method does not return any value.
DiffBet ref & out parameters?
+
ref requires the variable to be initialized before passing., out does not
require
initialization but must be assigned inside the method.
DiffBet String and StringBuilder in C#:
+
String is immutable, meaning every modification creates a new object.,
StringBuilder
is mutable and efficient for repeated string manipulation., StringBuilder is
preferred when working with dynamic or large text modifications.
DiffBet System.String and StringBuilder
+
String is immutable, meaning any modification creates a new object.,
StringBuilder
is mutable and allows in-place modifications., StringBuilder is preferred
for
frequent string operations like concatenation., String is simpler and better
for
small or static content.
DiffBet Throw Exception and Throw Clause:
+
throw ex; resets the stack trace., throw; preserves the original stack
trace, making
debugging easier.
DirectCast vs CType
+
DirectCast requires exact type., CType supports conversions defined in VB or
framework.
Dynamic keyword?
+
Type resolved at runtime.
Early binding?
+
Object referenced at compile time.
Encapsulation?
+
Binding data and methods inside a class.
Enum:
+
Enum is a value type representing named constants. Helps improve code
readability.
Default underlying type is integer.
Enum?
+
Value type representing named constants.
Event?
+
Used to provide notifications using delegates.
Exception?
+
Runtime error.
Explain types of comment in C# with examples
+
There are three types:, Single-line: // comment, Multi-line: /* comment */,
XML
documentation: ///
Extension method in C#?
+
An extension method adds new functionality to existing classes without
modifying
them., It is defined in a static class and uses the this keyword before the
first
parameter., They are commonly used with LINQ and utility enhancements.
Extension method?
+
Adds new methods to existing types without modifying them.
File Handling in C#.Net?
+
File handling allows reading, writing, and manipulating files using classes
like
File, FileStream, StreamReader, and StreamWriter. It is used to store or
retrieve
data from physical files.
Finally?
+
Block executed regardless of exception.
Garbage collection?
+
Automatic memory management.
GC generations?
+
Gen 0, Gen 1, Gen 2.
Generic type?
+
Allows type parameters for safe and reusable code.
Generics in .NET
+
Generics allow type-safe collections without boxing/unboxing., They improve
performance and reusability., Examples: List , Dictionary ., They enable
compile-time type checking.
Generics?
+
Generics allow classes and methods to operate on types without specifying
them
upfront., They provide type safety and improve performance by avoiding
boxing/unboxing.
HashSet?
+
Collection of unique items.
Hashtable in C#?
+
A Hashtable stores key-value pairs and provides fast access using a hash
key. Keys
are unique, and values can be of any type. It belongs to System.Collections.
Hashtable?
+
Non-generic key-value collection.
How do you use the “using” statement in C#?
+
The using statement ensures that resources like files or database
connections are
properly closed and disposed after use. It helps prevent memory leaks by
automatically calling Dispose(). Example: using(StreamReader sr = new
StreamReader("file.txt")) { }.
How to inherit a class
+
class B : A, {, }
How to prevent SQL Injection?
+
Use parameterized queries.
How to use Nullable<> Types?
+
Nullable types allow value types (like int) to store null using Nullable
or ?.,
Example: int? age = null;.
ICollection?
+
Extends IEnumerable with add/remove operations.
IDisposable?
+
Interface to release unmanaged resources.
IEnumerable vs IEnumerator?
+
IEnumerable returns enumerator; IEnumerator iterates items.
IEnumerable?
+
Interface for forward-only iteration.
IEnumerable<> in C#?
+
IEnumerable is an interface used to iterate through a collection using
foreach.,
It supports forward-only iteration and deferred execution., It does not
support
querying or modifying items directly.
In keyword?
+
Pass parameter by readonly reference.
Indexer?
+
Allows objects to be indexed like arrays.
Indexers
+
Allow a class to be accessed like an array., public string this[int index] {
get;
set; }
Indexers?
+
Indexers allow objects to be accessed like arrays using brackets []., They
provide
dynamic access to internal data without exposing underlying collections.
Inherit class but prevent method override
+
Use sealed keyword on the method., public sealed override void Method() { }
Inheritance?
+
Mechanism to derive new classes from existing classes.
Interface class? Give an example
+
An interface contains declarations of methods without implementation.
Classes must
implement them., Example: interface IShape { void Draw(); }.
Interface vs Abstract Class:
+
Interface only declares members; no implementation (until default
implementations in
newer versions). Abstract class can have both abstract and concrete members.
A class
can implement multiple interfaces but inherit only one abstract class.
Interface?
+
Contract containing method signatures without implementation.
IOC container?
+
Automates dependency injection and object creation.
IQueryable?
+
Supports LINQ queries for remote data sources.
Jagged Array in C#?
+
A jagged array is an array of arrays where each sub-array can have different
lengths. It provides flexibility if the data structure doesn't need uniform
size.
Example: int[][] jagged = new int[2][]; jagged[0]=new int[3]; jagged[1]=new
int[5];.
Jagged Arrays?
+
A jagged array is an array containing different-sized sub-arrays. It
provides
flexibility in storing uneven data structures.
JIT compiler?
+
Converts IL code to machine code at runtime.
JSON serialization?
+
Using System.Text.Json or Newtonsoft.Json to serialize objects.
Lambda expression?
+
Short syntax for writing inline methods/functions.
Late binding?
+
Object created at runtime instead of compile time.
LINQ in C#?
+
LINQ (Language Integrated Query) is a feature used to query data from
collections,
databases, XML, etc., using a unified syntax. It improves readability and
reduces
code. Example: var result = from x in list where x > 10 select x;.
LINQ?
+
Language Integrated Query for querying collections and databases.
List?
+
Generic list that stores strongly typed items.
Lock keyword?
+
Prevents multiple threads from accessing critical code section.
Managed or unmanaged?
+
C# code is managed because it runs under CLR.
Managed vs Unmanaged Code:
+
Managed code runs under CLR with garbage collection and memory management.
Unmanaged
code runs directly on OS without CLR support (like C/C++). Managed code is
safer but
slower.
Method overloading?
+
Multiple methods with the same name but different parameters.
Method overloading?
+
Method overloading allows multiple methods with the same name but different
parameters. It improves flexibility and readability.
Method overriding?
+
Redefining base class methods in derived class using virtual/override.
Monitor?
+
Provides advanced locking features.
MSIL?
+
Microsoft Intermediate Language generated before JIT.
Multicast delegate
+
A delegate that can reference multiple methods., Invokes them in order.,
Used in
event handling.
Multicast delegate?
+
Delegate that references multiple methods.
Multicast delegate?
+
A multicast delegate holds references to multiple methods., When invoked, it
executes all assigned methods in order.
Multithreading with .NET?
+
Multithreading allows a program to run multiple tasks simultaneously,
improving
performance and responsiveness. In .NET, threads can be created using the
Thread
class or Task Parallel Library. It is commonly used in applications
requiring
background processing.
Mutex?
+
Synchronization primitive across processes.
Namespace?
+
A logical grouping of classes and other types.
Nnullable type?
+
Value type that can hold null using ? syntax.
Nullable types
+
int? x = null;, Used to store value types with null support.
Null-Coalescing operator ??
+
Returns right operand if left operand is null.
Object pool
+
Object pooling reuses a set of pre-created objects., Improves performance by
avoiding costly object creation., Common in high-performance applications.,
Useful
for objects with expensive initialization.
Object Pooling?
+
Object pooling reuses frequently used objects instead of creating new ones.,
It
improves performance by reducing memory allocation and garbage collection.
Object?
+
Instance of a class.
Object?
+
An object is an instance of a class containing data and behavior. It
represents
real-world entities in OOP. Objects interact using methods and properties.
Object?
+
An object is an instance of a class that contains data and behavior. It
represents a
real-world entity like student, car, or bank account.
Out keyword?
+
Pass parameter by reference but must be assigned inside method.
Overloading vs overriding
+
Overloading: same method name, different parameters., Overriding: derived
class
changes base class implementation., Overloading happens at compile time;
overriding
at runtime., Overriding requires virtual and override keywords.
Override keyword?
+
Used to override a virtual/abstract method.
Partial class?
+
Class definition split across multiple files.
Partial classes and why needed?
+
Partial classes allow a class definition to be split across multiple files.,
They
help in code organization, especially auto-generated code and manual code
separation., The compiler combines all partial files into a single class at
runtime.
Pattern matching?
+
Technique to match types and conditions.
Polymorphism?
+
Ability of objects to take many forms through inheritance and interfaces.
Preprocessor directive?
+
Instructions to compiler like #if, #region.
Properties in C#?
+
Properties are class members used to read, write, or compute values., They
provide
controlled access to private fields using get and set accessors., Properties
improve
encapsulation and help enforce validation on assignment.
Property?
+
Getter/setter wrapper for fields.
Race Condition?
+
Conflict when multiple threads access shared data.
Readonly?
+
Variable that can only be assigned in constructor.
Record type?
+
Immutable reference type introduced in C# 9.
Ref keyword?
+
Pass parameter by reference.
Ref vs out:
+
ref requires variable initialization before passing. out does not require
initialization but must be assigned inside the method. Both pass arguments
by
reference.
Reflection in C#?
+
Reflection allows inspecting and interacting with metadata (methods,
properties,
types) at runtime. It is used in frameworks, serialization, and dynamic
object
creation using System.Reflection.
Reflection?
+
Inspecting metadata and creating objects dynamically.
Remove element from queue
+
queue.Dequeue();
Role of Access Modifiers:
+
Access modifiers control visibility of classes and members., Examples
include
public, private, protected, and internal to enforce encapsulation.
Sealed class?
+
Class that cannot be inherited.
Sealed classes in C#?
+
A sealed class prevents further inheritance., It is used when modifications
through
inheritance should be restricted., sealed can also be applied to methods to
stop
overriding.
Sealed classes in C#?
+
A sealed class prevents inheritance. It is used to stop modification of
behavior.
Example: sealed class A { }.
Sealed method?
+
Method that cannot be overridden.
Semaphore?
+
Limits number of threads accessing a resource.
Serialization in C#?
+
Serialization is the process of converting an object into a format like XML,
JSON,
or binary for storage or transfer. It allows objects to be saved to files,
memory,
or sent over a network. Deserialization is the reverse, which reconstructs
the
object from serialized data.
Serialization?
+
Converting objects to JSON, XML, or binary.
Serialization?
+
Serialization converts an object into a storable or transferable format like
JSON,
XML, or binary. It is used for saving or transmitting data.
Singleton pattern
+
public class Singleton {, private static readonly Singleton instance = new
Singleton();, private Singleton() {}, public static Singleton Instance =>
instance;,
}
Singleton Pattern and implementation?
+
Singleton ensures only one instance of a class exists globally., It is
implemented
using a private constructor, a static field, and a public static instance
property.
Sorting array in descending order
+
Array.Sort(arr);, Array.Reverse(arr);
SQL Injection?
+
Attack where malicious SQL is injected.
Static class?
+
Class that cannot be instantiated and contains only static members.
Static constructor?
+
Initializes static members of a class.
Static variable?
+
Shared among all instances of a class.
Struct vs class
+
Struct is value type; class is reference type., Structs stored on stack;
classes
stored on heap., Structs cannot inherit but can implement interfaces.,
Classes
support full inheritance.
Struct vs Class:
+
Structs are value types and stored on stack; classes are reference types and
stored
on heap. Structs do not support inheritance. Classes support features like
virtual
methods.
Struct?
+
Value type used to store small data structures.
Syntax to catch an exception
+
try, {, // Code, }, catch(Exception ex), {, // Handle exception, }
Task in C#?
+
Represents an asynchronous operation.
This keyword?
+
Refers to the current instance.
Thread pool?
+
Managed pool of threads used by tasks.
Thread?
+
Smallest unit of execution.
Throw?
+
Used to raise an exception.
Try/catch?
+
Used to handle exceptions.
Tuple in C#?
+
A lightweight data structure with multiple values.
Unboxing?
+
Extracting value type from object.
Use of ‘using’ statement in C#?
+
It ensures automatic cleanup of resources by calling Dispose() when the
scope ends.
Useful for files, streams, and database connections.
Use of a delegate in C#:
+
A delegate represents a reference to a method., It allows methods to be
passed as
parameters and supports callback mechanisms., Delegates enable event
handling and
implement loose coupling.
Using statement?
+
Ensures IDisposable resources are disposed automatically.
Value types and reference types?
+
Value types store data directly (int, float, bool)., Reference types store
memory
addresses to objects (class, array, string).
Var?
+
Implicit local variable type inferred at compile time.
Virtual method?
+
Method that can be overridden in derived class.
Virtual Method?
+
A virtual method allows derived classes to override its implementation., It
supports
runtime polymorphism.
Ways a method can be overloaded:
+
Overloading can be done by changing:, ✓ Number of parameters, ✓ Type of
parameters,
✓ Order of parameters
Ways to overload a method
+
Change number of parameters., Change data type of parameters., Change order
of
parameters (only if type differs).
What type of language is C#?
+
Strongly typed, object-oriented, component-oriented.
Yield keyword?
+
Return sequence of values without storing all items.
.NET?
+
A framework that provides runtime, libraries, and tools for building
applications.
?. operator?
+
Null conditional operator to avoid NullReferenceException.
“throw” vs “throw ex”
+
throw preserves original stack trace., throw ex resets stack trace.
Abstract class?
+
A class that cannot be instantiated and may contain abstract members.
Abstraction?
+
Exposing essential features while hiding implementation details.
Accessibility in interface
+
All members in an interface are implicitly public., No need for modifiers
because
interfaces define a contract.
ADO.NET?
+
Data access framework for .NET.
Anonymous method?
+
Inline method declared without a name.
Anonymous Types in C#?
+
Anonymous types allow creating objects without defining a class. They are
mostly
used with LINQ queries to store temporary data. Example: var person = new {
Name =
"John", Age = 30 };.
ArrayList?
+
Non-generic dynamic array.
Arrays in C#?
+
Arrays are fixed-size, strongly-typed collections that store elements of the
same
type., They provide indexed access and are stored in contiguous memory.
Async stream?
+
Async iteration using IAsyncEnumerable.
Async/await?
+
Keywords for asynchronous programming.
Attribute in C#?
+
Metadata added to assemblies, classes, or members.
Attributes
+
Metadata added to code elements., Used for runtime behavior control.,
Example:
[Obsolete], [Serializable].
Auto property?
+
Property with implicit backing field.
Base class for all classes
+
System.Object is the root base class in .NET., All classes derive from it
directly
or indirectly.
Base keyword?
+
Used to call base class members.
Boxing and Unboxing:
+
Boxing converts a value type to an object type. Unboxing extracts that value
back
from the object. Boxing is slower and stored on heap.
Boxing?
+
Converting value type to object/reference type.
C#?
+
A modern, object-oriented programming language developed by Microsoft.
C#?
+
C# is an object-oriented programming language developed by Microsoft. It is
used to
build applications for web, desktop, cloud, and mobile platforms. It runs on
the
.NET framework.
C#? Latest version?
+
C# is an object-oriented programming language from Microsoft built on .NET.
It
supports strong typing, inheritance, and modern features like LINQ and
async. The
latest version (as of 2025) is C# 13.
Can “this” be used within a static method?
+
No, the this keyword cannot be used inside a static method., Static methods
belong
to the class, not to a specific object instance., Since this refers to the
current
instance, it is only valid in instance methods.
Can a private virtual method be overridden?
+
No, because private methods are not accessible in derived classes and
virtual
methods require inheritance.
Can multiple catch blocks be executed?
+
No, only one catch block executes—the one that matches the thrown exception.
Other
catch blocks are ignored.
Can multiple catch blocks execute?
+
No, only one matching catch block executes in a try-catch structure., The
first
matching exception handler is executed and others are skipped.
Can we use “this” keyword within a static method?
+
No, because this refers to the current instance, and static methods belong
to the
class—not an object.
Circular references
+
Occur when two or more objects reference each other., This prevents objects
from
being garbage collected., Common in linked structures., Requires proper
cleanup
strategies.
Class vs struct?
+
Class is reference type; struct is value type.
Class?
+
Blueprint for creating objects.
CLR?
+
Common Language Runtime; manages execution, memory, security, and threading.
CLS?
+
Common Language Specification; rules for .NET language interoperability.
Common exception types
+
NullReferenceException, IndexOutOfRangeException, DivideByZeroException,
FormatException, InvalidOperationException
Conflicting interface method names
+
Implement explicitly by specifying interface name:, void
IInterface1.Method() { },
void IInterface2.Method() { }
Conflicting methods in inherited interfaces:
+
If interfaces have identical method signatures, only one implementation is
needed.,
If behavior differs, explicit interface implementation must be used.
Console application
+
Runs in command-line interface., No GUI., Used for scripting or service
apps.
Constant vs Readonly:
+
const is compile-time constant and cannot change after compilation. readonly
can be
assigned at runtime (constructor). const is static by default.
Constructor chaining?
+
Constructor chaining allows one constructor to call another within the same
class
using this()., It helps avoid duplicate code and centralize initialization
logic.
Constructor?
+
Method invoked when an object is created.
Continue vs Break:
+
continue skips remaining loop code and moves to next iteration. break exits
the loop
entirely. Both control loop execution flow.
Contravariance?
+
Allows base types where derived types expected.
Covariance?
+
Allows derived types more liberally.
Create array with non-default values
+
int[] arr = Enumerable.Repeat(5, 10).ToArray();
CTS?
+
Common Type System; defines how data types are declared and used.
Custom Control and User Control?
+
User control is built by combining existing controls (drag and drop).,
Custom
control is created from scratch and reused across applications.
Custom exception?
+
User-defined exception class.
Custom Exceptions
+
User-defined exceptions for specific application errors., Created by
inheriting
Exception class., Helps make error handling meaningful and readable., Used
to
represent domain-specific failures.
Deadlock?
+
Two threads waiting forever for each other’s lock.
Define Constructors
+
A constructor is a special method that initializes objects when created. It
has the
same name as the class and doesn’t return a value.
Delegate?
+
Type-safe function pointer.
Delegates
+
A delegate is a type that holds a reference to a method., Enables event
handling and
callback mechanisms., Supports type safety and encapsulation of method
calls.,
Similar to function pointers in C++.
Dependency injection?
+
Design pattern for providing external dependencies.
Describe the accessibility modifier “protected
internal”.
+
It means the member can be accessed within the same assembly or from derived
classes
in other assemblies.
Deserialization?
+
Converting serialized data back to object.
Destructor?
+
Method called before an object is destroyed by GC.
Dictionary?
+
Key-value collection.
DifBet abstract class and interface?
+
Abstract class can have implementation; interface cannot (before C# 8).
DifBet Array & List?
+
Array has fixed size; List grows dynamically.
DifBet C# and .NET?
+
C# is a programming language; .NET is the runtime and framework.
DifBet const and readonly?
+
const is compile-time constant; readonly is runtime constant.
DifBet Dictionary and Hashtable?
+
Dictionary is generic and faster.
DifBet IEnumerable and IQueryable?
+
IEnumerable executes in memory; IQueryable executes in database.
DifBet ref and out?
+
ref requires initialization; out does not.
DifBet Task and Thread?
+
Task is a higher-level abstraction running on thread pool; Thread is
OS-level.
DiffBet “is” and “as”
+
is checks compatibility., as tries casting and returns null if fails, no
exception.
DiffBet == and Equals():
+
== checks reference equality for objects and value equality for value
types.,
Equals() can be overridden for custom comparison logic.
DiffBet Array and ArrayList:
+
Array has fixed size and stores a single data type., ArrayList is dynamic
and stores
objects, requiring boxing/unboxing for value types.
DiffBet Array and ArrayList?
+
Array has fixed size and stores same data type., ArrayList can grow
dynamically and
stores mixed types.
DiffBet Array.CopyTo() and Array.Clone()
+
Clone() creates a shallow copy of the array including its size., CopyTo()
copies
elements into an existing array starting at a specified index., Clone()
returns a
new array of the same type., CopyTo() requires the destination array to be
allocated
beforehand.
DiffBet Array.CopyTo() and Array.Clone():
+
CopyTo() copies array elements to an existing array., Clone() creates a
shallow copy
of the entire array as a new instance.
DiffBet boxing and unboxing:
+
Boxing converts a value type to a reference type (object)., Unboxing
converts the
object back to its original value type., Boxing is implicit; unboxing must
be
explicit and can cause runtime errors if mismatched.
DiffBet constants and read-only?
+
const must be assigned at compile time and cannot change., readonly can be
assigned
at runtime, usually in a constructor.
DiffBet Dispose and Finalize in C#:
+
Dispose() is called manually to release unmanaged resources using
IDisposable.,
Finalize() (destructor) is called automatically by the Garbage Collector.,
Dispose
provides deterministic cleanup, while Finalize is non-deterministic and
slower.
DiffBet Finalize() and Dispose()
+
Finalize() is called by the garbage collector and cannot be invoked
manually.,
Dispose() is called manually to release unmanaged resources., Finalize() has
performance overhead., Dispose() is implemented via IDisposable.
DiffBet IEnumerable and IQueryable:
+
IEnumerable filters data in memory and is suitable for in-memory
collections.,
IQueryable filters data at the database level using expression trees.,
IQueryable
supports remote querying, improving performance for large datasets.
DiffBet interface and abstract class
+
Interface contains only declarations, no implementation (until default
methods in
new versions)., Abstract class can have both abstract and concrete methods.,
A class
can inherit multiple interfaces but only one abstract class., Interfaces
define a
contract; abstract classes provide a base.
DiffBet Is and As operators:
+
is checks whether an object is compatible with a type and returns
true/false., as
performs safe casting and returns null if the cast fails.
DiffBet late and early binding:
+
Early binding occurs at compile time (e.g., method calls on known types).,
Late
binding happens at runtime (e.g., using dynamic or reflection)., Early
binding is
faster and type-safe, while late binding is flexible but slower.
DiffBet public, static, and void?
+
public means accessible anywhere., static belongs to the class, not the
instance.,
void means the method does not return any value.
DiffBet ref & out parameters?
+
ref requires the variable to be initialized before passing., out does not
require
initialization but must be assigned inside the method.
DiffBet String and StringBuilder in C#:
+
String is immutable, meaning every modification creates a new object.,
StringBuilder
is mutable and efficient for repeated string manipulation., StringBuilder is
preferred when working with dynamic or large text modifications.
DiffBet System.String and StringBuilder
+
String is immutable, meaning any modification creates a new object.,
StringBuilder
is mutable and allows in-place modifications., StringBuilder is preferred
for
frequent string operations like concatenation., String is simpler and better
for
small or static content.
DiffBet Throw Exception and Throw Clause:
+
throw ex; resets the stack trace., throw; preserves the original stack
trace, making
debugging easier.
DirectCast vs CType
+
DirectCast requires exact type., CType supports conversions defined in VB or
framework.
Dynamic keyword?
+
Type resolved at runtime.
Early binding?
+
Object referenced at compile time.
Encapsulation?
+
Binding data and methods inside a class.
Enum:
+
Enum is a value type representing named constants. Helps improve code
readability.
Default underlying type is integer.
Enum?
+
Value type representing named constants.
Event?
+
Used to provide notifications using delegates.
Exception?
+
Runtime error.
Explain types of comment in C# with examples
+
There are three types:, Single-line: // comment, Multi-line: /* comment */,
XML
documentation: ///
Extension method in C#?
+
An extension method adds new functionality to existing classes without
modifying
them., It is defined in a static class and uses the this keyword before the
first
parameter., They are commonly used with LINQ and utility enhancements.
Extension method?
+
Adds new methods to existing types without modifying them.
File Handling in C#.Net?
+
File handling allows reading, writing, and manipulating files using classes
like
File, FileStream, StreamReader, and StreamWriter. It is used to store or
retrieve
data from physical files.
Finally?
+
Block executed regardless of exception.
Garbage collection?
+
Automatic memory management.
GC generations?
+
Gen 0, Gen 1, Gen 2.
Generic type?
+
Allows type parameters for safe and reusable code.
Generics in .NET
+
Generics allow type-safe collections without boxing/unboxing., They improve
performance and reusability., Examples: List , Dictionary ., They enable
compile-time type checking.
Generics?
+
Generics allow classes and methods to operate on types without specifying
them
upfront., They provide type safety and improve performance by avoiding
boxing/unboxing.
HashSet?
+
Collection of unique items.
Hashtable in C#?
+
A Hashtable stores key-value pairs and provides fast access using a hash
key. Keys
are unique, and values can be of any type. It belongs to System.Collections.
Hashtable?
+
Non-generic key-value collection.
How do you use the “using” statement in C#?
+
The using statement ensures that resources like files or database
connections are
properly closed and disposed after use. It helps prevent memory leaks by
automatically calling Dispose(). Example: using(StreamReader sr = new
StreamReader("file.txt")) { }.
How to inherit a class
+
class B : A, {, }
How to prevent SQL Injection?
+
Use parameterized queries.
How to use Nullable<> Types?
+
Nullable types allow value types (like int) to store null using Nullable
or ?.,
Example: int? age = null;.
ICollection?
+
Extends IEnumerable with add/remove operations.
IDisposable?
+
Interface to release unmanaged resources.
IEnumerable vs IEnumerator?
+
IEnumerable returns enumerator; IEnumerator iterates items.
IEnumerable?
+
Interface for forward-only iteration.
IEnumerable<> in C#?
+
IEnumerable is an interface used to iterate through a collection using
foreach.,
It supports forward-only iteration and deferred execution., It does not
support
querying or modifying items directly.
In keyword?
+
Pass parameter by readonly reference.
Indexer?
+
Allows objects to be indexed like arrays.
Indexers
+
Allow a class to be accessed like an array., public string this[int index] {
get;
set; }
Indexers?
+
Indexers allow objects to be accessed like arrays using brackets []., They
provide
dynamic access to internal data without exposing underlying collections.
Inherit class but prevent method override
+
Use sealed keyword on the method., public sealed override void Method() { }
Inheritance?
+
Mechanism to derive new classes from existing classes.
Interface class? Give an example
+
An interface contains declarations of methods without implementation.
Classes must
implement them., Example: interface IShape { void Draw(); }.
Interface vs Abstract Class:
+
Interface only declares members; no implementation (until default
implementations in
newer versions). Abstract class can have both abstract and concrete members.
A class
can implement multiple interfaces but inherit only one abstract class.
Interface?
+
Contract containing method signatures without implementation.
IOC container?
+
Automates dependency injection and object creation.
IQueryable?
+
Supports LINQ queries for remote data sources.
Jagged Array in C#?
+
A jagged array is an array of arrays where each sub-array can have different
lengths. It provides flexibility if the data structure doesn't need uniform
size.
Example: int[][] jagged = new int[2][]; jagged[0]=new int[3]; jagged[1]=new
int[5];.
Jagged Arrays?
+
A jagged array is an array containing different-sized sub-arrays. It
provides
flexibility in storing uneven data structures.
JIT compiler?
+
Converts IL code to machine code at runtime.
JSON serialization?
+
Using System.Text.Json or Newtonsoft.Json to serialize objects.
Lambda expression?
+
Short syntax for writing inline methods/functions.
Late binding?
+
Object created at runtime instead of compile time.
LINQ in C#?
+
LINQ (Language Integrated Query) is a feature used to query data from
collections,
databases, XML, etc., using a unified syntax. It improves readability and
reduces
code. Example: var result = from x in list where x > 10 select x;.
LINQ?
+
Language Integrated Query for querying collections and databases.
List?
+
Generic list that stores strongly typed items.
Lock keyword?
+
Prevents multiple threads from accessing critical code section.
Managed or unmanaged?
+
C# code is managed because it runs under CLR.
Managed vs Unmanaged Code:
+
Managed code runs under CLR with garbage collection and memory management.
Unmanaged
code runs directly on OS without CLR support (like C/C++). Managed code is
safer but
slower.
Method overloading?
+
Multiple methods with the same name but different parameters.
Method overloading?
+
Method overloading allows multiple methods with the same name but different
parameters. It improves flexibility and readability.
Method overriding?
+
Redefining base class methods in derived class using virtual/override.
Monitor?
+
Provides advanced locking features.
MSIL?
+
Microsoft Intermediate Language generated before JIT.
Multicast delegate
+
A delegate that can reference multiple methods., Invokes them in order.,
Used in
event handling.
Multicast delegate?
+
Delegate that references multiple methods.
Multicast delegate?
+
A multicast delegate holds references to multiple methods., When invoked, it
executes all assigned methods in order.
Multithreading with .NET?
+
Multithreading allows a program to run multiple tasks simultaneously,
improving
performance and responsiveness. In .NET, threads can be created using the
Thread
class or Task Parallel Library. It is commonly used in applications
requiring
background processing.
Mutex?
+
Synchronization primitive across processes.
Namespace?
+
A logical grouping of classes and other types.
Nnullable type?
+
Value type that can hold null using ? syntax.
Nullable types
+
int? x = null;, Used to store value types with null support.
Null-Coalescing operator ??
+
Returns right operand if left operand is null.
Object pool
+
Object pooling reuses a set of pre-created objects., Improves performance by
avoiding costly object creation., Common in high-performance applications.,
Useful
for objects with expensive initialization.
Object Pooling?
+
Object pooling reuses frequently used objects instead of creating new ones.,
It
improves performance by reducing memory allocation and garbage collection.
Object?
+
Instance of a class.
Object?
+
An object is an instance of a class containing data and behavior. It
represents
real-world entities in OOP. Objects interact using methods and properties.
Object?
+
An object is an instance of a class that contains data and behavior. It
represents a
real-world entity like student, car, or bank account.
Out keyword?
+
Pass parameter by reference but must be assigned inside method.
Overloading vs overriding
+
Overloading: same method name, different parameters., Overriding: derived
class
changes base class implementation., Overloading happens at compile time;
overriding
at runtime., Overriding requires virtual and override keywords.
Override keyword?
+
Used to override a virtual/abstract method.
Partial class?
+
Class definition split across multiple files.
Partial classes and why needed?
+
Partial classes allow a class definition to be split across multiple files.,
They
help in code organization, especially auto-generated code and manual code
separation., The compiler combines all partial files into a single class at
runtime.
Pattern matching?
+
Technique to match types and conditions.
Polymorphism?
+
Ability of objects to take many forms through inheritance and interfaces.
Preprocessor directive?
+
Instructions to compiler like #if, #region.
Properties in C#?
+
Properties are class members used to read, write, or compute values., They
provide
controlled access to private fields using get and set accessors., Properties
improve
encapsulation and help enforce validation on assignment.
Property?
+
Getter/setter wrapper for fields.
Race Condition?
+
Conflict when multiple threads access shared data.
Readonly?
+
Variable that can only be assigned in constructor.
Record type?
+
Immutable reference type introduced in C# 9.
Ref keyword?
+
Pass parameter by reference.
Ref vs out:
+
ref requires variable initialization before passing. out does not require
initialization but must be assigned inside the method. Both pass arguments
by
reference.
Reflection in C#?
+
Reflection allows inspecting and interacting with metadata (methods,
properties,
types) at runtime. It is used in frameworks, serialization, and dynamic
object
creation using System.Reflection.
Reflection?
+
Inspecting metadata and creating objects dynamically.
Remove element from queue
+
queue.Dequeue();
Role of Access Modifiers:
+
Access modifiers control visibility of classes and members., Examples
include
public, private, protected, and internal to enforce encapsulation.
Sealed class?
+
Class that cannot be inherited.
Sealed classes in C#?
+
A sealed class prevents further inheritance., It is used when modifications
through
inheritance should be restricted., sealed can also be applied to methods to
stop
overriding.
Sealed classes in C#?
+
A sealed class prevents inheritance. It is used to stop modification of
behavior.
Example: sealed class A { }.
Sealed method?
+
Method that cannot be overridden.
Semaphore?
+
Limits number of threads accessing a resource.
Serialization in C#?
+
Serialization is the process of converting an object into a format like XML,
JSON,
or binary for storage or transfer. It allows objects to be saved to files,
memory,
or sent over a network. Deserialization is the reverse, which reconstructs
the
object from serialized data.
Serialization?
+
Converting objects to JSON, XML, or binary.
Serialization?
+
Serialization converts an object into a storable or transferable format like
JSON,
XML, or binary. It is used for saving or transmitting data.
Singleton pattern
+
public class Singleton {, private static readonly Singleton instance = new
Singleton();, private Singleton() {}, public static Singleton Instance =>
instance;,
}
Singleton Pattern and implementation?
+
Singleton ensures only one instance of a class exists globally., It is
implemented
using a private constructor, a static field, and a public static instance
property.
Sorting array in descending order
+
Array.Sort(arr);, Array.Reverse(arr);
SQL Injection?
+
Attack where malicious SQL is injected.
Static class?
+
Class that cannot be instantiated and contains only static members.
Static constructor?
+
Initializes static members of a class.
Static variable?
+
Shared among all instances of a class.
Struct vs class
+
Struct is value type; class is reference type., Structs stored on stack;
classes
stored on heap., Structs cannot inherit but can implement interfaces.,
Classes
support full inheritance.
Struct vs Class:
+
Structs are value types and stored on stack; classes are reference types and
stored
on heap. Structs do not support inheritance. Classes support features like
virtual
methods.
Struct?
+
Value type used to store small data structures.
Syntax to catch an exception
+
try, {, // Code, }, catch(Exception ex), {, // Handle exception, }
Task in C#?
+
Represents an asynchronous operation.
This keyword?
+
Refers to the current instance.
Thread pool?
+
Managed pool of threads used by tasks.
Thread?
+
Smallest unit of execution.
Throw?
+
Used to raise an exception.
Try/catch?
+
Used to handle exceptions.
Tuple in C#?
+
A lightweight data structure with multiple values.
Unboxing?
+
Extracting value type from object.
Use of ‘using’ statement in C#?
+
It ensures automatic cleanup of resources by calling Dispose() when the
scope ends.
Useful for files, streams, and database connections.
Use of a delegate in C#:
+
A delegate represents a reference to a method., It allows methods to be
passed as
parameters and supports callback mechanisms., Delegates enable event
handling and
implement loose coupling.
Using statement?
+
Ensures IDisposable resources are disposed automatically.
Value types and reference types?
+
Value types store data directly (int, float, bool)., Reference types store
memory
addresses to objects (class, array, string).
Var?
+
Implicit local variable type inferred at compile time.
Virtual method?
+
Method that can be overridden in derived class.
Virtual Method?
+
A virtual method allows derived classes to override its implementation., It
supports
runtime polymorphism.
Ways a method can be overloaded:
+
Overloading can be done by changing:, ✓ Number of parameters, ✓ Type of
parameters,
✓ Order of parameters
Ways to overload a method
+
Change number of parameters., Change data type of parameters., Change order
of
parameters (only if type differs).
What type of language is C#?
+
Strongly typed, object-oriented, component-oriented.
Yield keyword?
+
Return sequence of values without storing all items.
.NET?
+
A framework that provides runtime, libraries, and tools for building
applications.
?. operator?
+
Null conditional operator to avoid NullReferenceException.
“throw” vs “throw ex”
+
throw preserves original stack trace., throw ex resets stack trace.
Abstract class?
+
A class that cannot be instantiated and may contain abstract members.
Abstraction?
+
Exposing essential features while hiding implementation details.
Accessibility in interface
+
All members in an interface are implicitly public., No need for modifiers
because
interfaces define a contract.
ADO.NET?
+
Data access framework for .NET.
Anonymous method?
+
Inline method declared without a name.
Anonymous Types in C#?
+
Anonymous types allow creating objects without defining a class. They are
mostly
used with LINQ queries to store temporary data. Example: var person = new {
Name =
"John", Age = 30 };.
ArrayList?
+
Non-generic dynamic array.
Arrays in C#?
+
Arrays are fixed-size, strongly-typed collections that store elements of the
same
type., They provide indexed access and are stored in contiguous memory.
Async stream?
+
Async iteration using IAsyncEnumerable.
Async/await?
+
Keywords for asynchronous programming.
Attribute in C#?
+
Metadata added to assemblies, classes, or members.
Attributes
+
Metadata added to code elements., Used for runtime behavior control.,
Example:
[Obsolete], [Serializable].
Auto property?
+
Property with implicit backing field.
Base class for all classes
+
System.Object is the root base class in .NET., All classes derive from it
directly
or indirectly.
Base keyword?
+
Used to call base class members.
Boxing and Unboxing:
+
Boxing converts a value type to an object type. Unboxing extracts that value
back
from the object. Boxing is slower and stored on heap.
Boxing?
+
Converting value type to object/reference type.
C#?
+
A modern, object-oriented programming language developed by Microsoft.
C#?
+
C# is an object-oriented programming language developed by Microsoft. It is
used to
build applications for web, desktop, cloud, and mobile platforms. It runs on
the
.NET framework.
C#? Latest version?
+
C# is an object-oriented programming language from Microsoft built on .NET.
It
supports strong typing, inheritance, and modern features like LINQ and
async. The
latest version (as of 2025) is C# 13.
Can “this” be used within a static method?
+
No, the this keyword cannot be used inside a static method., Static methods
belong
to the class, not to a specific object instance., Since this refers to the
current
instance, it is only valid in instance methods.
Can a private virtual method be overridden?
+
No, because private methods are not accessible in derived classes and
virtual
methods require inheritance.
Can multiple catch blocks be executed?
+
No, only one catch block executes—the one that matches the thrown exception.
Other
catch blocks are ignored.
Can multiple catch blocks execute?
+
No, only one matching catch block executes in a try-catch structure., The
first
matching exception handler is executed and others are skipped.
Can we use “this” keyword within a static method?
+
No, because this refers to the current instance, and static methods belong
to the
class—not an object.
Circular references
+
Occur when two or more objects reference each other., This prevents objects
from
being garbage collected., Common in linked structures., Requires proper
cleanup
strategies.
Class vs struct?
+
Class is reference type; struct is value type.
Class?
+
Blueprint for creating objects.
CLR?
+
Common Language Runtime; manages execution, memory, security, and threading.
CLS?
+
Common Language Specification; rules for .NET language interoperability.
Common exception types
+
NullReferenceException, IndexOutOfRangeException, DivideByZeroException,
FormatException, InvalidOperationException
Conflicting interface method names
+
Implement explicitly by specifying interface name:, void
IInterface1.Method() { },
void IInterface2.Method() { }
Conflicting methods in inherited interfaces:
+
If interfaces have identical method signatures, only one implementation is
needed.,
If behavior differs, explicit interface implementation must be used.
Console application
+
Runs in command-line interface., No GUI., Used for scripting or service
apps.
Constant vs Readonly:
+
const is compile-time constant and cannot change after compilation. readonly
can be
assigned at runtime (constructor). const is static by default.
Constructor chaining?
+
Constructor chaining allows one constructor to call another within the same
class
using this()., It helps avoid duplicate code and centralize initialization
logic.
Constructor?
+
Method invoked when an object is created.
Continue vs Break:
+
continue skips remaining loop code and moves to next iteration. break exits
the loop
entirely. Both control loop execution flow.
Contravariance?
+
Allows base types where derived types expected.
Covariance?
+
Allows derived types more liberally.
Create array with non-default values
+
int[] arr = Enumerable.Repeat(5, 10).ToArray();
CTS?
+
Common Type System; defines how data types are declared and used.
Custom Control and User Control?
+
User control is built by combining existing controls (drag and drop).,
Custom
control is created from scratch and reused across applications.
Custom exception?
+
User-defined exception class.
Custom Exceptions
+
User-defined exceptions for specific application errors., Created by
inheriting
Exception class., Helps make error handling meaningful and readable., Used
to
represent domain-specific failures.
Deadlock?
+
Two threads waiting forever for each other’s lock.
Define Constructors
+
A constructor is a special method that initializes objects when created. It
has the
same name as the class and doesn’t return a value.
Delegate?
+
Type-safe function pointer.
Delegates
+
A delegate is a type that holds a reference to a method., Enables event
handling and
callback mechanisms., Supports type safety and encapsulation of method
calls.,
Similar to function pointers in C++.
Dependency injection?
+
Design pattern for providing external dependencies.
Describe the accessibility modifier “protected
internal”.
+
It means the member can be accessed within the same assembly or from derived
classes
in other assemblies.
Deserialization?
+
Converting serialized data back to object.
Destructor?
+
Method called before an object is destroyed by GC.
Dictionary?
+
Key-value collection.
DifBet abstract class and interface?
+
Abstract class can have implementation; interface cannot (before C# 8).
DifBet Array & List?
+
Array has fixed size; List grows dynamically.
DifBet C# and .NET?
+
C# is a programming language; .NET is the runtime and framework.
DifBet const and readonly?
+
const is compile-time constant; readonly is runtime constant.
DifBet Dictionary and Hashtable?
+
Dictionary is generic and faster.
DifBet IEnumerable and IQueryable?
+
IEnumerable executes in memory; IQueryable executes in database.
DifBet ref and out?
+
ref requires initialization; out does not.
DifBet Task and Thread?
+
Task is a higher-level abstraction running on thread pool; Thread is
OS-level.
DiffBet “is” and “as”
+
is checks compatibility., as tries casting and returns null if fails, no
exception.
DiffBet == and Equals():
+
== checks reference equality for objects and value equality for value
types.,
Equals() can be overridden for custom comparison logic.
DiffBet Array and ArrayList:
+
Array has fixed size and stores a single data type., ArrayList is dynamic
and stores
objects, requiring boxing/unboxing for value types.
DiffBet Array and ArrayList?
+
Array has fixed size and stores same data type., ArrayList can grow
dynamically and
stores mixed types.
DiffBet Array.CopyTo() and Array.Clone()
+
Clone() creates a shallow copy of the array including its size., CopyTo()
copies
elements into an existing array starting at a specified index., Clone()
returns a
new array of the same type., CopyTo() requires the destination array to be
allocated
beforehand.
DiffBet Array.CopyTo() and Array.Clone():
+
CopyTo() copies array elements to an existing array., Clone() creates a
shallow copy
of the entire array as a new instance.
DiffBet boxing and unboxing:
+
Boxing converts a value type to a reference type (object)., Unboxing
converts the
object back to its original value type., Boxing is implicit; unboxing must
be
explicit and can cause runtime errors if mismatched.
DiffBet constants and read-only?
+
const must be assigned at compile time and cannot change., readonly can be
assigned
at runtime, usually in a constructor.
DiffBet Dispose and Finalize in C#:
+
Dispose() is called manually to release unmanaged resources using
IDisposable.,
Finalize() (destructor) is called automatically by the Garbage Collector.,
Dispose
provides deterministic cleanup, while Finalize is non-deterministic and
slower.
DiffBet Finalize() and Dispose()
+
Finalize() is called by the garbage collector and cannot be invoked
manually.,
Dispose() is called manually to release unmanaged resources., Finalize() has
performance overhead., Dispose() is implemented via IDisposable.
DiffBet IEnumerable and IQueryable:
+
IEnumerable filters data in memory and is suitable for in-memory
collections.,
IQueryable filters data at the database level using expression trees.,
IQueryable
supports remote querying, improving performance for large datasets.
DiffBet interface and abstract class
+
Interface contains only declarations, no implementation (until default
methods in
new versions)., Abstract class can have both abstract and concrete methods.,
A class
can inherit multiple interfaces but only one abstract class., Interfaces
define a
contract; abstract classes provide a base.
DiffBet Is and As operators:
+
is checks whether an object is compatible with a type and returns
true/false., as
performs safe casting and returns null if the cast fails.
DiffBet late and early binding:
+
Early binding occurs at compile time (e.g., method calls on known types).,
Late
binding happens at runtime (e.g., using dynamic or reflection)., Early
binding is
faster and type-safe, while late binding is flexible but slower.
DiffBet public, static, and void?
+
public means accessible anywhere., static belongs to the class, not the
instance.,
void means the method does not return any value.
DiffBet ref & out parameters?
+
ref requires the variable to be initialized before passing., out does not
require
initialization but must be assigned inside the method.
DiffBet String and StringBuilder in C#:
+
String is immutable, meaning every modification creates a new object.,
StringBuilder
is mutable and efficient for repeated string manipulation., StringBuilder is
preferred when working with dynamic or large text modifications.
DiffBet System.String and StringBuilder
+
String is immutable, meaning any modification creates a new object.,
StringBuilder
is mutable and allows in-place modifications., StringBuilder is preferred
for
frequent string operations like concatenation., String is simpler and better
for
small or static content.
DiffBet Throw Exception and Throw Clause:
+
throw ex; resets the stack trace., throw; preserves the original stack
trace, making
debugging easier.
DirectCast vs CType
+
DirectCast requires exact type., CType supports conversions defined in VB or
framework.
Dynamic keyword?
+
Type resolved at runtime.
Early binding?
+
Object referenced at compile time.
Encapsulation?
+
Binding data and methods inside a class.
Enum:
+
Enum is a value type representing named constants. Helps improve code
readability.
Default underlying type is integer.
Enum?
+
Value type representing named constants.
Event?
+
Used to provide notifications using delegates.
Exception?
+
Runtime error.
Explain types of comment in C# with examples
+
There are three types:, Single-line: // comment, Multi-line: /* comment */,
XML
documentation: ///
Extension method in C#?
+
An extension method adds new functionality to existing classes without
modifying
them., It is defined in a static class and uses the this keyword before the
first
parameter., They are commonly used with LINQ and utility enhancements.
Extension method?
+
Adds new methods to existing types without modifying them.
File Handling in C#.Net?
+
File handling allows reading, writing, and manipulating files using classes
like
File, FileStream, StreamReader, and StreamWriter. It is used to store or
retrieve
data from physical files.
Finally?
+
Block executed regardless of exception.
Garbage collection?
+
Automatic memory management.
GC generations?
+
Gen 0, Gen 1, Gen 2.
Generic type?
+
Allows type parameters for safe and reusable code.
Generics in .NET
+
Generics allow type-safe collections without boxing/unboxing., They improve
performance and reusability., Examples: List , Dictionary ., They enable
compile-time type checking.
Generics?
+
Generics allow classes and methods to operate on types without specifying
them
upfront., They provide type safety and improve performance by avoiding
boxing/unboxing.
HashSet?
+
Collection of unique items.
Hashtable in C#?
+
A Hashtable stores key-value pairs and provides fast access using a hash
key. Keys
are unique, and values can be of any type. It belongs to System.Collections.
Hashtable?
+
Non-generic key-value collection.
How do you use the “using” statement in C#?
+
The using statement ensures that resources like files or database
connections are
properly closed and disposed after use. It helps prevent memory leaks by
automatically calling Dispose(). Example: using(StreamReader sr = new
StreamReader("file.txt")) { }.
How to inherit a class
+
class B : A, {, }
How to prevent SQL Injection?
+
Use parameterized queries.
How to use Nullable<> Types?
+
Nullable types allow value types (like int) to store null using Nullable
or ?.,
Example: int? age = null;.
ICollection?
+
Extends IEnumerable with add/remove operations.
IDisposable?
+
Interface to release unmanaged resources.
IEnumerable vs IEnumerator?
+
IEnumerable returns enumerator; IEnumerator iterates items.
IEnumerable?
+
Interface for forward-only iteration.
IEnumerable<> in C#?
+
IEnumerable is an interface used to iterate through a collection using
foreach.,
It supports forward-only iteration and deferred execution., It does not
support
querying or modifying items directly.
In keyword?
+
Pass parameter by readonly reference.
Indexer?
+
Allows objects to be indexed like arrays.
Indexers
+
Allow a class to be accessed like an array., public string this[int index] {
get;
set; }
Indexers?
+
Indexers allow objects to be accessed like arrays using brackets []., They
provide
dynamic access to internal data without exposing underlying collections.
Inherit class but prevent method override
+
Use sealed keyword on the method., public sealed override void Method() { }
Inheritance?
+
Mechanism to derive new classes from existing classes.
Interface class? Give an example
+
An interface contains declarations of methods without implementation.
Classes must
implement them., Example: interface IShape { void Draw(); }.
Interface vs Abstract Class:
+
Interface only declares members; no implementation (until default
implementations in
newer versions). Abstract class can have both abstract and concrete members.
A class
can implement multiple interfaces but inherit only one abstract class.
Interface?
+
Contract containing method signatures without implementation.
IOC container?
+
Automates dependency injection and object creation.
IQueryable?
+
Supports LINQ queries for remote data sources.
Jagged Array in C#?
+
A jagged array is an array of arrays where each sub-array can have different
lengths. It provides flexibility if the data structure doesn't need uniform
size.
Example: int[][] jagged = new int[2][]; jagged[0]=new int[3]; jagged[1]=new
int[5];.
Jagged Arrays?
+
A jagged array is an array containing different-sized sub-arrays. It
provides
flexibility in storing uneven data structures.
JIT compiler?
+
Converts IL code to machine code at runtime.
JSON serialization?
+
Using System.Text.Json or Newtonsoft.Json to serialize objects.
Lambda expression?
+
Short syntax for writing inline methods/functions.
Late binding?
+
Object created at runtime instead of compile time.
LINQ in C#?
+
LINQ (Language Integrated Query) is a feature used to query data from
collections,
databases, XML, etc., using a unified syntax. It improves readability and
reduces
code. Example: var result = from x in list where x > 10 select x;.
LINQ?
+
Language Integrated Query for querying collections and databases.
List?
+
Generic list that stores strongly typed items.
Lock keyword?
+
Prevents multiple threads from accessing critical code section.
Managed or unmanaged?
+
C# code is managed because it runs under CLR.
Managed vs Unmanaged Code:
+
Managed code runs under CLR with garbage collection and memory management.
Unmanaged
code runs directly on OS without CLR support (like C/C++). Managed code is
safer but
slower.
Method overloading?
+
Multiple methods with the same name but different parameters.
Method overloading?
+
Method overloading allows multiple methods with the same name but different
parameters. It improves flexibility and readability.
Method overriding?
+
Redefining base class methods in derived class using virtual/override.
Monitor?
+
Provides advanced locking features.
MSIL?
+
Microsoft Intermediate Language generated before JIT.
Multicast delegate
+
A delegate that can reference multiple methods., Invokes them in order.,
Used in
event handling.
Multicast delegate?
+
Delegate that references multiple methods.
Multicast delegate?
+
A multicast delegate holds references to multiple methods., When invoked, it
executes all assigned methods in order.
Multithreading with .NET?
+
Multithreading allows a program to run multiple tasks simultaneously,
improving
performance and responsiveness. In .NET, threads can be created using the
Thread
class or Task Parallel Library. It is commonly used in applications
requiring
background processing.
Mutex?
+
Synchronization primitive across processes.
Namespace?
+
A logical grouping of classes and other types.
Nnullable type?
+
Value type that can hold null using ? syntax.
Nullable types
+
int? x = null;, Used to store value types with null support.
Null-Coalescing operator ??
+
Returns right operand if left operand is null.
Object pool
+
Object pooling reuses a set of pre-created objects., Improves performance by
avoiding costly object creation., Common in high-performance applications.,
Useful
for objects with expensive initialization.
Object Pooling?
+
Object pooling reuses frequently used objects instead of creating new ones.,
It
improves performance by reducing memory allocation and garbage collection.
Object?
+
Instance of a class.
Object?
+
An object is an instance of a class containing data and behavior. It
represents
real-world entities in OOP. Objects interact using methods and properties.
Object?
+
An object is an instance of a class that contains data and behavior. It
represents a
real-world entity like student, car, or bank account.
Out keyword?
+
Pass parameter by reference but must be assigned inside method.
Overloading vs overriding
+
Overloading: same method name, different parameters., Overriding: derived
class
changes base class implementation., Overloading happens at compile time;
overriding
at runtime., Overriding requires virtual and override keywords.
Override keyword?
+
Used to override a virtual/abstract method.
Partial class?
+
Class definition split across multiple files.
Partial classes and why needed?
+
Partial classes allow a class definition to be split across multiple files.,
They
help in code organization, especially auto-generated code and manual code
separation., The compiler combines all partial files into a single class at
runtime.
Pattern matching?
+
Technique to match types and conditions.
Polymorphism?
+
Ability of objects to take many forms through inheritance and interfaces.
Preprocessor directive?
+
Instructions to compiler like #if, #region.
Properties in C#?
+
Properties are class members used to read, write, or compute values., They
provide
controlled access to private fields using get and set accessors., Properties
improve
encapsulation and help enforce validation on assignment.
Property?
+
Getter/setter wrapper for fields.
Race Condition?
+
Conflict when multiple threads access shared data.
Readonly?
+
Variable that can only be assigned in constructor.
Record type?
+
Immutable reference type introduced in C# 9.
Ref keyword?
+
Pass parameter by reference.
Ref vs out:
+
ref requires variable initialization before passing. out does not require
initialization but must be assigned inside the method. Both pass arguments
by
reference.
Reflection in C#?
+
Reflection allows inspecting and interacting with metadata (methods,
properties,
types) at runtime. It is used in frameworks, serialization, and dynamic
object
creation using System.Reflection.
Reflection?
+
Inspecting metadata and creating objects dynamically.
Remove element from queue
+
queue.Dequeue();
Role of Access Modifiers:
+
Access modifiers control visibility of classes and members., Examples
include
public, private, protected, and internal to enforce encapsulation.
Sealed class?
+
Class that cannot be inherited.
Sealed classes in C#?
+
A sealed class prevents further inheritance., It is used when modifications
through
inheritance should be restricted., sealed can also be applied to methods to
stop
overriding.
Sealed classes in C#?
+
A sealed class prevents inheritance. It is used to stop modification of
behavior.
Example: sealed class A { }.
Sealed method?
+
Method that cannot be overridden.
Semaphore?
+
Limits number of threads accessing a resource.
Serialization in C#?
+
Serialization is the process of converting an object into a format like XML,
JSON,
or binary for storage or transfer. It allows objects to be saved to files,
memory,
or sent over a network. Deserialization is the reverse, which reconstructs
the
object from serialized data.
Serialization?
+
Converting objects to JSON, XML, or binary.
Serialization?
+
Serialization converts an object into a storable or transferable format like
JSON,
XML, or binary. It is used for saving or transmitting data.
Singleton pattern
+
public class Singleton {, private static readonly Singleton instance = new
Singleton();, private Singleton() {}, public static Singleton Instance =>
instance;,
}
Singleton Pattern and implementation?
+
Singleton ensures only one instance of a class exists globally., It is
implemented
using a private constructor, a static field, and a public static instance
property.
Sorting array in descending order
+
Array.Sort(arr);, Array.Reverse(arr);
SQL Injection?
+
Attack where malicious SQL is injected.
Static class?
+
Class that cannot be instantiated and contains only static members.
Static constructor?
+
Initializes static members of a class.
Static variable?
+
Shared among all instances of a class.
Struct vs class
+
Struct is value type; class is reference type., Structs stored on stack;
classes
stored on heap., Structs cannot inherit but can implement interfaces.,
Classes
support full inheritance.
Struct vs Class:
+
Structs are value types and stored on stack; classes are reference types and
stored
on heap. Structs do not support inheritance. Classes support features like
virtual
methods.
Struct?
+
Value type used to store small data structures.
Syntax to catch an exception
+
try, {, // Code, }, catch(Exception ex), {, // Handle exception, }
Task in C#?
+
Represents an asynchronous operation.
This keyword?
+
Refers to the current instance.
Thread pool?
+
Managed pool of threads used by tasks.
Thread?
+
Smallest unit of execution.
Throw?
+
Used to raise an exception.
Try/catch?
+
Used to handle exceptions.
Tuple in C#?
+
A lightweight data structure with multiple values.
Unboxing?
+
Extracting value type from object.
Use of ‘using’ statement in C#?
+
It ensures automatic cleanup of resources by calling Dispose() when the
scope ends.
Useful for files, streams, and database connections.
Use of a delegate in C#:
+
A delegate represents a reference to a method., It allows methods to be
passed as
parameters and supports callback mechanisms., Delegates enable event
handling and
implement loose coupling.
Using statement?
+
Ensures IDisposable resources are disposed automatically.
Value types and reference types?
+
Value types store data directly (int, float, bool)., Reference types store
memory
addresses to objects (class, array, string).
Var?
+
Implicit local variable type inferred at compile time.
Virtual method?
+
Method that can be overridden in derived class.
Virtual Method?
+
A virtual method allows derived classes to override its implementation., It
supports
runtime polymorphism.
Ways a method can be overloaded:
+
Overloading can be done by changing:, ✓ Number of parameters, ✓ Type of
parameters,
✓ Order of parameters
Ways to overload a method
+
Change number of parameters., Change data type of parameters., Change order
of
parameters (only if type differs).
What type of language is C#?
+
Strongly typed, object-oriented, component-oriented.
Yield keyword?
+
Return sequence of values without storing all items.
.NET?
+
A framework that provides runtime, libraries, and tools for building
applications.
?. operator?
+
Null conditional operator to avoid NullReferenceException.
“throw” vs “throw ex”
+
throw preserves original stack trace., throw ex resets stack trace.
Abstract class?
+
A class that cannot be instantiated and may contain abstract members.
Abstraction?
+
Exposing essential features while hiding implementation details.
Accessibility in interface
+
All members in an interface are implicitly public., No need for modifiers
because
interfaces define a contract.
ADO.NET?
+
Data access framework for .NET.
Anonymous method?
+
Inline method declared without a name.
Anonymous Types in C#?
+
Anonymous types allow creating objects without defining a class. They are
mostly
used with LINQ queries to store temporary data. Example: var person = new {
Name =
"John", Age = 30 };.
ArrayList?
+
Non-generic dynamic array.
Arrays in C#?
+
Arrays are fixed-size, strongly-typed collections that store elements of the
same
type., They provide indexed access and are stored in contiguous memory.
Async stream?
+
Async iteration using IAsyncEnumerable.
Async/await?
+
Keywords for asynchronous programming.
Attribute in C#?
+
Metadata added to assemblies, classes, or members.
Attributes
+
Metadata added to code elements., Used for runtime behavior control.,
Example:
[Obsolete], [Serializable].
Auto property?
+
Property with implicit backing field.
Base class for all classes
+
System.Object is the root base class in .NET., All classes derive from it
directly
or indirectly.
Base keyword?
+
Used to call base class members.
Boxing and Unboxing:
+
Boxing converts a value type to an object type. Unboxing extracts that value
back
from the object. Boxing is slower and stored on heap.
Boxing?
+
Converting value type to object/reference type.
C#?
+
A modern, object-oriented programming language developed by Microsoft.
C#?
+
C# is an object-oriented programming language developed by Microsoft. It is
used to
build applications for web, desktop, cloud, and mobile platforms. It runs on
the
.NET framework.
C#? Latest version?
+
C# is an object-oriented programming language from Microsoft built on .NET.
It
supports strong typing, inheritance, and modern features like LINQ and
async. The
latest version (as of 2025) is C# 13.
Can “this” be used within a static method?
+
No, the this keyword cannot be used inside a static method., Static methods
belong
to the class, not to a specific object instance., Since this refers to the
current
instance, it is only valid in instance methods.
Can a private virtual method be overridden?
+
No, because private methods are not accessible in derived classes and
virtual
methods require inheritance.
Can multiple catch blocks be executed?
+
No, only one catch block executes—the one that matches the thrown exception.
Other
catch blocks are ignored.
Can multiple catch blocks execute?
+
No, only one matching catch block executes in a try-catch structure., The
first
matching exception handler is executed and others are skipped.
Can we use “this” keyword within a static method?
+
No, because this refers to the current instance, and static methods belong
to the
class—not an object.
Circular references
+
Occur when two or more objects reference each other., This prevents objects
from
being garbage collected., Common in linked structures., Requires proper
cleanup
strategies.
Class vs struct?
+
Class is reference type; struct is value type.
Class?
+
Blueprint for creating objects.
CLR?
+
Common Language Runtime; manages execution, memory, security, and threading.
CLS?
+
Common Language Specification; rules for .NET language interoperability.
Common exception types
+
NullReferenceException, IndexOutOfRangeException, DivideByZeroException,
FormatException, InvalidOperationException
Conflicting interface method names
+
Implement explicitly by specifying interface name:, void
IInterface1.Method() { },
void IInterface2.Method() { }
Conflicting methods in inherited interfaces:
+
If interfaces have identical method signatures, only one implementation is
needed.,
If behavior differs, explicit interface implementation must be used.
Console application
+
Runs in command-line interface., No GUI., Used for scripting or service
apps.
Constant vs Readonly:
+
const is compile-time constant and cannot change after compilation. readonly
can be
assigned at runtime (constructor). const is static by default.
Constructor chaining?
+
Constructor chaining allows one constructor to call another within the same
class
using this()., It helps avoid duplicate code and centralize initialization
logic.
Constructor?
+
Method invoked when an object is created.
Continue vs Break:
+
continue skips remaining loop code and moves to next iteration. break exits
the loop
entirely. Both control loop execution flow.
Contravariance?
+
Allows base types where derived types expected.
Covariance?
+
Allows derived types more liberally.
Create array with non-default values
+
int[] arr = Enumerable.Repeat(5, 10).ToArray();
CTS?
+
Common Type System; defines how data types are declared and used.
Custom Control and User Control?
+
User control is built by combining existing controls (drag and drop).,
Custom
control is created from scratch and reused across applications.
Custom exception?
+
User-defined exception class.
Custom Exceptions
+
User-defined exceptions for specific application errors., Created by
inheriting
Exception class., Helps make error handling meaningful and readable., Used
to
represent domain-specific failures.
Deadlock?
+
Two threads waiting forever for each other’s lock.
Define Constructors
+
A constructor is a special method that initializes objects when created. It
has the
same name as the class and doesn’t return a value.
Delegate?
+
Type-safe function pointer.
Delegates
+
A delegate is a type that holds a reference to a method., Enables event
handling and
callback mechanisms., Supports type safety and encapsulation of method
calls.,
Similar to function pointers in C++.
Dependency injection?
+
Design pattern for providing external dependencies.
Describe the accessibility modifier “protected
internal”.
+
It means the member can be accessed within the same assembly or from derived
classes
in other assemblies.
Deserialization?
+
Converting serialized data back to object.
Destructor?
+
Method called before an object is destroyed by GC.
Dictionary?
+
Key-value collection.
DifBet abstract class and interface?
+
Abstract class can have implementation; interface cannot (before C# 8).
DifBet Array & List?
+
Array has fixed size; List grows dynamically.
DifBet C# and .NET?
+
C# is a programming language; .NET is the runtime and framework.
DifBet const and readonly?
+
const is compile-time constant; readonly is runtime constant.
DifBet Dictionary and Hashtable?
+
Dictionary is generic and faster.
DifBet IEnumerable and IQueryable?
+
IEnumerable executes in memory; IQueryable executes in database.
DifBet ref and out?
+
ref requires initialization; out does not.
DifBet Task and Thread?
+
Task is a higher-level abstraction running on thread pool; Thread is
OS-level.
DiffBet “is” and “as”
+
is checks compatibility., as tries casting and returns null if fails, no
exception.
DiffBet == and Equals():
+
== checks reference equality for objects and value equality for value
types.,
Equals() can be overridden for custom comparison logic.
DiffBet Array and ArrayList:
+
Array has fixed size and stores a single data type., ArrayList is dynamic
and stores
objects, requiring boxing/unboxing for value types.
DiffBet Array and ArrayList?
+
Array has fixed size and stores same data type., ArrayList can grow
dynamically and
stores mixed types.
DiffBet Array.CopyTo() and Array.Clone()
+
Clone() creates a shallow copy of the array including its size., CopyTo()
copies
elements into an existing array starting at a specified index., Clone()
returns a
new array of the same type., CopyTo() requires the destination array to be
allocated
beforehand.
DiffBet Array.CopyTo() and Array.Clone():
+
CopyTo() copies array elements to an existing array., Clone() creates a
shallow copy
of the entire array as a new instance.
DiffBet boxing and unboxing:
+
Boxing converts a value type to a reference type (object)., Unboxing
converts the
object back to its original value type., Boxing is implicit; unboxing must
be
explicit and can cause runtime errors if mismatched.
DiffBet constants and read-only?
+
const must be assigned at compile time and cannot change., readonly can be
assigned
at runtime, usually in a constructor.
DiffBet Dispose and Finalize in C#:
+
Dispose() is called manually to release unmanaged resources using
IDisposable.,
Finalize() (destructor) is called automatically by the Garbage Collector.,
Dispose
provides deterministic cleanup, while Finalize is non-deterministic and
slower.
DiffBet Finalize() and Dispose()
+
Finalize() is called by the garbage collector and cannot be invoked
manually.,
Dispose() is called manually to release unmanaged resources., Finalize() has
performance overhead., Dispose() is implemented via IDisposable.
DiffBet IEnumerable and IQueryable:
+
IEnumerable filters data in memory and is suitable for in-memory
collections.,
IQueryable filters data at the database level using expression trees.,
IQueryable
supports remote querying, improving performance for large datasets.
DiffBet interface and abstract class
+
Interface contains only declarations, no implementation (until default
methods in
new versions)., Abstract class can have both abstract and concrete methods.,
A class
can inherit multiple interfaces but only one abstract class., Interfaces
define a
contract; abstract classes provide a base.
DiffBet Is and As operators:
+
is checks whether an object is compatible with a type and returns
true/false., as
performs safe casting and returns null if the cast fails.
DiffBet late and early binding:
+
Early binding occurs at compile time (e.g., method calls on known types).,
Late
binding happens at runtime (e.g., using dynamic or reflection)., Early
binding is
faster and type-safe, while late binding is flexible but slower.
DiffBet public, static, and void?
+
public means accessible anywhere., static belongs to the class, not the
instance.,
void means the method does not return any value.
DiffBet ref & out parameters?
+
ref requires the variable to be initialized before passing., out does not
require
initialization but must be assigned inside the method.
DiffBet String and StringBuilder in C#:
+
String is immutable, meaning every modification creates a new object.,
StringBuilder
is mutable and efficient for repeated string manipulation., StringBuilder is
preferred when working with dynamic or large text modifications.
DiffBet System.String and StringBuilder
+
String is immutable, meaning any modification creates a new object.,
StringBuilder
is mutable and allows in-place modifications., StringBuilder is preferred
for
frequent string operations like concatenation., String is simpler and better
for
small or static content.
DiffBet Throw Exception and Throw Clause:
+
throw ex; resets the stack trace., throw; preserves the original stack
trace, making
debugging easier.
DirectCast vs CType
+
DirectCast requires exact type., CType supports conversions defined in VB or
framework.
Dynamic keyword?
+
Type resolved at runtime.
Early binding?
+
Object referenced at compile time.
Encapsulation?
+
Binding data and methods inside a class.
Enum:
+
Enum is a value type representing named constants. Helps improve code
readability.
Default underlying type is integer.
Enum?
+
Value type representing named constants.
Event?
+
Used to provide notifications using delegates.
Exception?
+
Runtime error.
Explain types of comment in C# with examples
+
There are three types:, Single-line: // comment, Multi-line: /* comment */,
XML
documentation: ///
Extension method in C#?
+
An extension method adds new functionality to existing classes without
modifying
them., It is defined in a static class and uses the this keyword before the
first
parameter., They are commonly used with LINQ and utility enhancements.
Extension method?
+
Adds new methods to existing types without modifying them.
File Handling in C#.Net?
+
File handling allows reading, writing, and manipulating files using classes
like
File, FileStream, StreamReader, and StreamWriter. It is used to store or
retrieve
data from physical files.
Finally?
+
Block executed regardless of exception.
Garbage collection?
+
Automatic memory management.
GC generations?
+
Gen 0, Gen 1, Gen 2.
Generic type?
+
Allows type parameters for safe and reusable code.
Generics in .NET
+
Generics allow type-safe collections without boxing/unboxing., They improve
performance and reusability., Examples: List , Dictionary ., They enable
compile-time type checking.
Generics?
+
Generics allow classes and methods to operate on types without specifying
them
upfront., They provide type safety and improve performance by avoiding
boxing/unboxing.
HashSet?
+
Collection of unique items.
Hashtable in C#?
+
A Hashtable stores key-value pairs and provides fast access using a hash
key. Keys
are unique, and values can be of any type. It belongs to System.Collections.
Hashtable?
+
Non-generic key-value collection.
How do you use the “using” statement in C#?
+
The using statement ensures that resources like files or database
connections are
properly closed and disposed after use. It helps prevent memory leaks by
automatically calling Dispose(). Example: using(StreamReader sr = new
StreamReader("file.txt")) { }.
How to inherit a class
+
class B : A, {, }
How to prevent SQL Injection?
+
Use parameterized queries.
How to use Nullable<> Types?
+
Nullable types allow value types (like int) to store null using Nullable
or ?.,
Example: int? age = null;.
ICollection?
+
Extends IEnumerable with add/remove operations.
IDisposable?
+
Interface to release unmanaged resources.
IEnumerable vs IEnumerator?
+
IEnumerable returns enumerator; IEnumerator iterates items.
IEnumerable?
+
Interface for forward-only iteration.
IEnumerable<> in C#?
+
IEnumerable is an interface used to iterate through a collection using
foreach.,
It supports forward-only iteration and deferred execution., It does not
support
querying or modifying items directly.
In keyword?
+
Pass parameter by readonly reference.
Indexer?
+
Allows objects to be indexed like arrays.
Indexers
+
Allow a class to be accessed like an array., public string this[int index] {
get;
set; }
Indexers?
+
Indexers allow objects to be accessed like arrays using brackets []., They
provide
dynamic access to internal data without exposing underlying collections.
Inherit class but prevent method override
+
Use sealed keyword on the method., public sealed override void Method() { }
Inheritance?
+
Mechanism to derive new classes from existing classes.
Interface class? Give an example
+
An interface contains declarations of methods without implementation.
Classes must
implement them., Example: interface IShape { void Draw(); }.
Interface vs Abstract Class:
+
Interface only declares members; no implementation (until default
implementations in
newer versions). Abstract class can have both abstract and concrete members.
A class
can implement multiple interfaces but inherit only one abstract class.
Interface?
+
Contract containing method signatures without implementation.
IOC container?
+
Automates dependency injection and object creation.
IQueryable?
+
Supports LINQ queries for remote data sources.
Jagged Array in C#?
+
A jagged array is an array of arrays where each sub-array can have different
lengths. It provides flexibility if the data structure doesn't need uniform
size.
Example: int[][] jagged = new int[2][]; jagged[0]=new int[3]; jagged[1]=new
int[5];.
Jagged Arrays?
+
A jagged array is an array containing different-sized sub-arrays. It
provides
flexibility in storing uneven data structures.
JIT compiler?
+
Converts IL code to machine code at runtime.
JSON serialization?
+
Using System.Text.Json or Newtonsoft.Json to serialize objects.
Lambda expression?
+
Short syntax for writing inline methods/functions.
Late binding?
+
Object created at runtime instead of compile time.
LINQ in C#?
+
LINQ (Language Integrated Query) is a feature used to query data from
collections,
databases, XML, etc., using a unified syntax. It improves readability and
reduces
code. Example: var result = from x in list where x > 10 select x;.
LINQ?
+
Language Integrated Query for querying collections and databases.
List?
+
Generic list that stores strongly typed items.
Lock keyword?
+
Prevents multiple threads from accessing critical code section.
Managed or unmanaged?
+
C# code is managed because it runs under CLR.
Managed vs Unmanaged Code:
+
Managed code runs under CLR with garbage collection and memory management.
Unmanaged
code runs directly on OS without CLR support (like C/C++). Managed code is
safer but
slower.
Method overloading?
+
Multiple methods with the same name but different parameters.
Method overloading?
+
Method overloading allows multiple methods with the same name but different
parameters. It improves flexibility and readability.
Method overriding?
+
Redefining base class methods in derived class using virtual/override.
Monitor?
+
Provides advanced locking features.
MSIL?
+
Microsoft Intermediate Language generated before JIT.
Multicast delegate
+
A delegate that can reference multiple methods., Invokes them in order.,
Used in
event handling.
Multicast delegate?
+
Delegate that references multiple methods.
Multicast delegate?
+
A multicast delegate holds references to multiple methods., When invoked, it
executes all assigned methods in order.
Multithreading with .NET?
+
Multithreading allows a program to run multiple tasks simultaneously,
improving
performance and responsiveness. In .NET, threads can be created using the
Thread
class or Task Parallel Library. It is commonly used in applications
requiring
background processing.
Mutex?
+
Synchronization primitive across processes.
Namespace?
+
A logical grouping of classes and other types.
Nnullable type?
+
Value type that can hold null using ? syntax.
Nullable types
+
int? x = null;, Used to store value types with null support.
Null-Coalescing operator ??
+
Returns right operand if left operand is null.
Object pool
+
Object pooling reuses a set of pre-created objects., Improves performance by
avoiding costly object creation., Common in high-performance applications.,
Useful
for objects with expensive initialization.
Object Pooling?
+
Object pooling reuses frequently used objects instead of creating new ones.,
It
improves performance by reducing memory allocation and garbage collection.
Object?
+
Instance of a class.
Object?
+
An object is an instance of a class containing data and behavior. It
represents
real-world entities in OOP. Objects interact using methods and properties.
Object?
+
An object is an instance of a class that contains data and behavior. It
represents a
real-world entity like student, car, or bank account.
Out keyword?
+
Pass parameter by reference but must be assigned inside method.
Overloading vs overriding
+
Overloading: same method name, different parameters., Overriding: derived
class
changes base class implementation., Overloading happens at compile time;
overriding
at runtime., Overriding requires virtual and override keywords.
Override keyword?
+
Used to override a virtual/abstract method.
Partial class?
+
Class definition split across multiple files.
Partial classes and why needed?
+
Partial classes allow a class definition to be split across multiple files.,
They
help in code organization, especially auto-generated code and manual code
separation., The compiler combines all partial files into a single class at
runtime.
Pattern matching?
+
Technique to match types and conditions.
Polymorphism?
+
Ability of objects to take many forms through inheritance and interfaces.
Preprocessor directive?
+
Instructions to compiler like #if, #region.
Properties in C#?
+
Properties are class members used to read, write, or compute values., They
provide
controlled access to private fields using get and set accessors., Properties
improve
encapsulation and help enforce validation on assignment.
Property?
+
Getter/setter wrapper for fields.
Race Condition?
+
Conflict when multiple threads access shared data.
Readonly?
+
Variable that can only be assigned in constructor.
Record type?
+
Immutable reference type introduced in C# 9.
Ref keyword?
+
Pass parameter by reference.
Ref vs out:
+
ref requires variable initialization before passing. out does not require
initialization but must be assigned inside the method. Both pass arguments
by
reference.
Reflection in C#?
+
Reflection allows inspecting and interacting with metadata (methods,
properties,
types) at runtime. It is used in frameworks, serialization, and dynamic
object
creation using System.Reflection.
Reflection?
+
Inspecting metadata and creating objects dynamically.
Remove element from queue
+
queue.Dequeue();
Role of Access Modifiers:
+
Access modifiers control visibility of classes and members., Examples
include
public, private, protected, and internal to enforce encapsulation.
Sealed class?
+
Class that cannot be inherited.
Sealed classes in C#?
+
A sealed class prevents further inheritance., It is used when modifications
through
inheritance should be restricted., sealed can also be applied to methods to
stop
overriding.
Sealed classes in C#?
+
A sealed class prevents inheritance. It is used to stop modification of
behavior.
Example: sealed class A { }.
Sealed method?
+
Method that cannot be overridden.
Semaphore?
+
Limits number of threads accessing a resource.
Serialization in C#?
+
Serialization is the process of converting an object into a format like XML,
JSON,
or binary for storage or transfer. It allows objects to be saved to files,
memory,
or sent over a network. Deserialization is the reverse, which reconstructs
the
object from serialized data.
Serialization?
+
Converting objects to JSON, XML, or binary.
Serialization?
+
Serialization converts an object into a storable or transferable format like
JSON,
XML, or binary. It is used for saving or transmitting data.
Singleton pattern
+
public class Singleton {, private static readonly Singleton instance = new
Singleton();, private Singleton() {}, public static Singleton Instance =>
instance;,
}
Singleton Pattern and implementation?
+
Singleton ensures only one instance of a class exists globally., It is
implemented
using a private constructor, a static field, and a public static instance
property.
Sorting array in descending order
+
Array.Sort(arr);, Array.Reverse(arr);
SQL Injection?
+
Attack where malicious SQL is injected.
Static class?
+
Class that cannot be instantiated and contains only static members.
Static constructor?
+
Initializes static members of a class.
Static variable?
+
Shared among all instances of a class.
Struct vs class
+
Struct is value type; class is reference type., Structs stored on stack;
classes
stored on heap., Structs cannot inherit but can implement interfaces.,
Classes
support full inheritance.
Struct vs Class:
+
Structs are value types and stored on stack; classes are reference types and
stored
on heap. Structs do not support inheritance. Classes support features like
virtual
methods.
Struct?
+
Value type used to store small data structures.
Syntax to catch an exception
+
try, {, // Code, }, catch(Exception ex), {, // Handle exception, }
Task in C#?
+
Represents an asynchronous operation.
This keyword?
+
Refers to the current instance.
Thread pool?
+
Managed pool of threads used by tasks.
Thread?
+
Smallest unit of execution.
Throw?
+
Used to raise an exception.
Try/catch?
+
Used to handle exceptions.
Tuple in C#?
+
A lightweight data structure with multiple values.
Unboxing?
+
Extracting value type from object.
Use of ‘using’ statement in C#?
+
It ensures automatic cleanup of resources by calling Dispose() when the
scope ends.
Useful for files, streams, and database connections.
Use of a delegate in C#:
+
A delegate represents a reference to a method., It allows methods to be
passed as
parameters and supports callback mechanisms., Delegates enable event
handling and
implement loose coupling.
Using statement?
+
Ensures IDisposable resources are disposed automatically.
Value types and reference types?
+
Value types store data directly (int, float, bool)., Reference types store
memory
addresses to objects (class, array, string).
Var?
+
Implicit local variable type inferred at compile time.
Virtual method?
+
Method that can be overridden in derived class.
Virtual Method?
+
A virtual method allows derived classes to override its implementation., It
supports
runtime polymorphism.
Ways a method can be overloaded:
+
Overloading can be done by changing:, ✓ Number of parameters, ✓ Type of
parameters,
✓ Order of parameters
Ways to overload a method
+
Change number of parameters., Change data type of parameters., Change order
of
parameters (only if type differs).
What type of language is C#?
+
Strongly typed, object-oriented, component-oriented.
Yield keyword?
+
Return sequence of values without storing all items.
What is C#?
+
C# is a modern, strongly typed, object-oriented programming language
developed by
Microsoft.
What type of language is C#?
+
C# is a strongly typed, object-oriented, component-oriented language.
What is .NET?
+
.NET is a framework that provides runtime, libraries, and tools for building
applications.
What is the CLR?
+
CLR (Common Language Runtime) manages execution, memory, security, and
threading.
What is CTS?
+
CTS (Common Type System) defines how data types are declared and used in
.NET.
What is CLS?
+
CLS (Common Language Specification) defines rules for language
interoperability.
What is MSIL?
+
Microsoft Intermediate Language generated before JIT compilation.
What is the JIT compiler?
+
It converts IL code into machine code at runtime.
Is C# managed or unmanaged?
+
C# is managed code because it runs under CLR.
What is managed code?
+
Code executed under CLR with garbage collection and memory management.
What is unmanaged code?
+
Code that runs directly on OS without CLR support.
What is garbage collection?
+
Automatic memory management in .NET.
What are GC generations?
+
Generation 0, Generation 1, and Generation 2.
What is a console application?
+
An application that runs in a command-line interface.
What is a namespace?
+
A logical grouping of classes and types.
What is an object?
+
An instance of a class containing data and behavior.
What is a class?
+
A blueprint for creating objects.
What is the base class for all classes?
+
System.Object is the root base class.
What is an enum?
+
A value type representing named constants.
What is a struct?
+
A value type used to store small data structures.
What is Object-Oriented Programming (OOP)?
+
OOP is a programming paradigm based on objects containing data and behavior.
What are the four pillars of OOP?
+
Encapsulation, Inheritance, Polymorphism, and Abstraction.
What is encapsulation?
+
Encapsulation bundles data and methods together and restricts access.
How is encapsulation achieved in C#?
+
Using access modifiers like private, protected, internal, and public.
What is a property in C#?
+
A member that provides controlled access to class fields.
What is inheritance?
+
A mechanism where a class inherits properties and behavior from another
class.
What is the base class?
+
A class whose members are inherited by another class.
What is a derived class?
+
A class that inherits from a base class.
Does C# support multiple inheritance?
+
No, C# supports single inheritance with multiple interfaces.
What is polymorphism?
+
The ability of objects to behave differently through a common interface.
What are types of polymorphism in C#?
+
Compile-time and runtime polymorphism.
What is method overloading?
+
Defining multiple methods with the same name but different parameters.
What is method overriding?
+
Providing a new implementation of a base class method.
What keyword enables method overriding?
+
The virtual keyword in base class and override in derived class.
What is abstraction?
+
Hiding implementation details and showing only essential features.
How is abstraction achieved in C#?
+
Using abstract classes and interfaces.
What is an abstract class?
+
A class that cannot be instantiated and may contain abstract methods.
What is an interface?
+
A contract that defines method signatures without implementation.
Can an interface have implementation in C#?
+
Yes, default interface methods are allowed from C# 8.0.
What is loose coupling?
+
Design where components depend on abstractions rather than concrete classes.
What are data types in C#?
+
Data types define the kind of data a variable can hold.
What are the main categories of data types?
+
Value types and Reference types.
What are value types?
+
Types that store data directly in memory.
What are reference types?
+
Types that store references to data in memory.
What are examples of value types?
+
int, float, double, bool, struct, enum.
What are examples of reference types?
+
class, interface, array, string, object.
What is a variable?
+
A named storage location that holds data.
What is variable declaration?
+
Specifying data type and name of a variable.
What is variable initialization?
+
Assigning an initial value to a variable.
What is implicit typing?
+
Using var keyword to infer variable type.
What is explicit typing?
+
Declaring variable with a specific data type.
What is boxing?
+
Converting a value type to an object type.
What is unboxing?
+
Converting an object back to a value type.
What is stack memory?
+
Memory used for storing value types and method calls.
What is heap memory?
+
Memory used for storing reference types.
What is managed heap?
+
Heap memory managed by the CLR.
What is garbage collection?
+
Automatic cleanup of unused objects from heap.
What causes garbage collection?
+
Low memory conditions or explicit GC calls.
What is memory leak in .NET?
+
Objects not released due to active references.
How are memory leaks avoided?
+
Proper disposal and avoiding unnecessary references.
What are control statements in C#?
+
Statements that control the flow of program execution.
What are decision-making statements?
+
if, if-else, else-if, and switch.
What is an if statement?
+
Executes code when a condition is true.
What is an if-else statement?
+
Executes one block when true and another when false.
What is else-if ladder?
+
Multiple conditional checks executed sequentially.
What is a switch statement?
+
Executes code based on matching cases.
What data types are allowed in switch?
+
int, char, string, enum, and integral types.
What is pattern matching in switch?
+
Matching values and types using patterns.
What are looping statements?
+
Statements used to execute code repeatedly.
What is a for loop?
+
Loop with initialization, condition, and iteration.
What is a while loop?
+
Executes while a condition remains true.
What is a do-while loop?
+
Executes at least once before checking condition.
What is foreach loop?
+
Iterates through collections sequentially.
When is foreach preferred?
+
When iterating over collections safely.
What is break statement?
+
Exits a loop or switch.
What is continue statement?
+
Skips current iteration and continues loop.
What is goto statement?
+
Transfers control to a labeled statement.
Why is goto discouraged?
+
It reduces code readability and maintainability.
What is nested loop?
+
A loop inside another loop.
What is infinite loop?
+
A loop that never terminates unless broken.
What is an array in C#?
+
An array is a fixed-size collection of elements of the same type.
How are arrays declared in C#?
+
Using dataType[] arrayName syntax.
What is array initialization?
+
Assigning values to an array at creation.
What is a multidimensional array?
+
An array with more than one dimension.
What is a jagged array?
+
An array of arrays with different lengths.
What is a string in C#?
+
An immutable sequence of Unicode characters.
Why are strings immutable?
+
To improve performance and security.
What is StringBuilder?
+
A mutable string class for efficient string modifications.
When should StringBuilder be used?
+
When frequent string modifications are required.
What are collections in C#?
+
Classes used to store, manage, and manipulate groups of objects.
What is ArrayList?
+
A non-generic collection that stores objects.
Why is ArrayList not recommended?
+
It lacks type safety and causes boxing/unboxing.
What is List
+
?
What is Dictionary
+
?
What is Hashtable?
+
A non-generic key-value collection.
What is Stack
+
?
What is Queue
+
?
What is IEnumerable?
+
An interface for iterating over collections.
What is ICollection?
+
An interface defining size and modification methods.
What is generic collection advantage?
+
Type safety, performance, and reusability.
What is an exception in C#?
+
An exception is a runtime error that disrupts normal program execution.
What is exception handling?
+
A mechanism to handle runtime errors gracefully.
What keyword is used to handle exceptions?
+
try, catch, finally, and throw.
What is try block?
+
Contains code that may cause an exception.
What is catch block?
+
Handles exceptions thrown in try block.
What is finally block?
+
Executes code regardless of exception occurrence.
Can multiple catch blocks be used?
+
Yes, to handle different exception types.
What is throw keyword?
+
Used to explicitly throw an exception.
What is rethrowing an exception?
+
Throwing the same exception again after catching it.
What is the base class of all exceptions?
+
System.Exception.
What is checked vs unchecked exception in C#?
+
C# supports only unchecked exceptions.
What is custom exception?
+
A user-defined exception class.
Why create custom exceptions?
+
To represent application-specific error conditions.
What is inner exception?
+
An exception that caused another exception.
What is stack trace?
+
A list of method calls leading to the exception.
What is debugging?
+
The process of finding and fixing errors.
What is breakpoint?
+
A marker that pauses execution during debugging.
What is step over in debugging?
+
Executes current line without entering method.
What is step into in debugging?
+
Steps inside the called method.
What is step out in debugging?
+
Completes current method and returns control.
What is a delegate in C#?
+
A delegate is a type-safe reference to a method.
Why are delegates used?
+
To pass methods as parameters and enable callback mechanisms.
What is a multicast delegate?
+
A delegate that can reference multiple methods.
How are delegates invoked?
+
By calling the delegate instance like a method.
What is Func delegate?
+
A generic delegate that returns a value.
What is Action delegate?
+
A generic delegate that does not return a value.
What is Predicate delegate?
+
A delegate that returns a boolean value.
What is an event in C#?
+
A mechanism for notifying subscribers when something happens.
What is event publisher?
+
A class that raises an event.
What is event subscriber?
+
A class that listens and reacts to an event.
What keyword is used to declare an event?
+
The event keyword.
What is EventHandler delegate?
+
A predefined delegate for handling events.
What is event encapsulation?
+
Restricting direct access to delegate invocation.
What is a lambda expression?
+
An anonymous function used to write concise code.
What is lambda syntax?
+
(parameters) => expression or statement block.
Why are lambda expressions used?
+
To simplify delegate and LINQ expressions.
What is expression-bodied member?
+
A concise syntax using lambda expressions.
What is closure in lambda?
+
Capturing external variables inside a lambda.
What is anonymous method?
+
A method without a name defined inline.
What is difference between lambda and anonymous
method?
+
Lambda expressions are more concise and expressive.
What is multithreading in C#?
+
Multithreading allows multiple threads to execute concurrently.
What is a thread?
+
A thread is the smallest unit of execution in a process.
What namespace provides threading support?
+
System.Threading.
What is Task in C#?
+
Task represents an asynchronous operation.
What is asynchronous programming?
+
Executing tasks without blocking the main thread.
What problem does async programming solve?
+
Improves responsiveness and scalability.
What is async keyword?
+
Marks a method as asynchronous.
What is await keyword?
+
Pauses execution until an awaited task completes.
What does await return?
+
The result of the completed task.
Can async methods return void?
+
Yes, but only for event handlers.
What are valid async return types?
+
Task, Task, and void.
What is Task.Run()?
+
Runs code on a background thread.
What is thread pool?
+
A pool of reusable threads managed by CLR.
What is synchronization context?
+
Controls where async continuations execute.
What is deadlock?
+
A situation where threads wait indefinitely.
How are deadlocks avoided?
+
Using async/await properly and avoiding blocking calls.
What is parallel programming?
+
Executing multiple tasks simultaneously.
What is Parallel.For?
+
Executes loop iterations in parallel.
What is race condition?
+
Multiple threads accessing shared data unsafely.
How are race conditions prevented?
+
Using locks, mutexes, or thread-safe collections.
What is file handling in C#?
+
File handling allows reading from and writing to files.
What namespace supports file handling?
+
System.IO.
What is File class?
+
A static class providing methods to create, read, write, and delete files.
What is FileStream?
+
A stream used for reading and writing files at byte level.
What is StreamReader?
+
A class used to read text from a stream.
What is StreamWriter?
+
A class used to write text to a stream.
What is BinaryReader?
+
A class used to read binary data from a stream.
What is BinaryWriter?
+
A class used to write binary data to a stream.
What is directory handling?
+
Managing folders using Directory and DirectoryInfo classes.
What is serialization?
+
Converting an object into a format suitable for storage or transfer.
What is deserialization?
+
Reconstructing an object from serialized data.
What is binary serialization?
+
Serializing objects into binary format.
What is XML serialization?
+
Serializing objects into XML format.
What is JSON serialization?
+
Serializing objects into JSON format.
What library is used for JSON serialization?
+
System.Text.Json or Newtonsoft.Json.
What is I/O operation?
+
Input and output operations involving data streams.
What is synchronous I/O?
+
I/O operations that block execution until completed.
What is asynchronous I/O?
+
Non-blocking I/O operations using async and await.
What is buffering in I/O?
+
Temporarily storing data in memory during I/O operations.
Why is proper resource disposal important?
+
To release unmanaged resources and avoid memory leaks.
What is reflection in C#?
+
Reflection allows inspecting metadata of assemblies, types, and members at
runtime.
Which namespace supports reflection?
+
System.Reflection.
What can reflection be used for?
+
Inspecting types, invoking methods, and creating instances dynamically.
What is Assembly class?
+
Represents a loaded .NET assembly.
What is Type class?
+
Provides information about data types at runtime.
What is GetType() method?
+
Returns the Type information of an object.
What is Activator class?
+
Used to create object instances dynamically.
What are attributes in C#?
+
Metadata used to add declarative information to code elements.
What is a custom attribute?
+
A user-defined attribute created by inheriting Attribute class.
Where can attributes be applied?
+
Classes, methods, properties, fields, and assemblies.
What is attribute usage?
+
Defines where and how an attribute can be applied.
What is reflection used for attributes?
+
To read attribute metadata at runtime.
What is dynamic keyword?
+
Allows bypassing compile-time type checking.
What is late binding?
+
Method binding resolved at runtime.
What is early binding?
+
Method binding resolved at compile time.
What is unsafe code?
+
Code that allows pointer operations.
What keyword enables unsafe code?
+
unsafe keyword.
What is Span
+
?
What is ReadOnlySpan
+
?
What are advanced C# best practices?
+
Use async properly, avoid reflection misuse, and write clean, maintainable
code.
.NET?
+
A framework that provides runtime, libraries, and tools for building
applications.
?. operator?
+
Null conditional operator to avoid NullReferenceException.
“throw” vs “throw ex”
+
throw preserves original stack trace., throw ex resets stack trace.
Abstract class?
+
A class that cannot be instantiated and may contain abstract members.
Abstraction?
+
Exposing essential features while hiding implementation details.
Accessibility in interface
+
All members in an interface are implicitly public., No need for modifiers
because
interfaces define a contract.
ADO.NET?
+
Data access framework for .NET.
Anonymous method?
+
Inline method declared without a name.
Anonymous Types in C#?
+
Anonymous types allow creating objects without defining a class. They are
mostly
used with LINQ queries to store temporary data. Example: var person = new {
Name =
"John", Age = 30 };.
ArrayList?
+
Non-generic dynamic array.
Arrays in C#?
+
Arrays are fixed-size, strongly-typed collections that store elements of the
same
type., They provide indexed access and are stored in contiguous memory.
Async stream?
+
Async iteration using IAsyncEnumerable.
Async/await?
+
Keywords for asynchronous programming.
Attribute in C#?
+
Metadata added to assemblies, classes, or members.
Attributes
+
Metadata added to code elements., Used for runtime behavior control.,
Example:
[Obsolete], [Serializable].
Auto property?
+
Property with implicit backing field.
Base class for all classes
+
System.Object is the root base class in .NET., All classes derive from it
directly
or indirectly.
Base keyword?
+
Used to call base class members.
Boxing and Unboxing:
+
Boxing converts a value type to an object type. Unboxing extracts that value
back
from the object. Boxing is slower and stored on heap.
Boxing?
+
Converting value type to object/reference type.
C#?
+
A modern, object-oriented programming language developed by Microsoft.
C#?
+
C# is an object-oriented programming language developed by Microsoft. It is
used to
build applications for web, desktop, cloud, and mobile platforms. It runs on
the
.NET framework.
C#? Latest version?
+
C# is an object-oriented programming language from Microsoft built on .NET.
It
supports strong typing, inheritance, and modern features like LINQ and
async. The
latest version (as of 2025) is C# 13.
Can “this” be used within a static method?
+
No, the this keyword cannot be used inside a static method., Static methods
belong
to the class, not to a specific object instance., Since this refers to the
current
instance, it is only valid in instance methods.
Can a private virtual method be overridden?
+
No, because private methods are not accessible in derived classes and
virtual
methods require inheritance.
Can multiple catch blocks be executed?
+
No, only one catch block executes—the one that matches the thrown exception.
Other
catch blocks are ignored.
Can multiple catch blocks execute?
+
No, only one matching catch block executes in a try-catch structure., The
first
matching exception handler is executed and others are skipped.
Can we use “this” keyword within a static method?
+
No, because this refers to the current instance, and static methods belong
to the
class—not an object.
Circular references
+
Occur when two or more objects reference each other., This prevents objects
from
being garbage collected., Common in linked structures., Requires proper
cleanup
strategies.
Class vs struct?
+
Class is reference type; struct is value type.
Class?
+
Blueprint for creating objects.
CLR?
+
Common Language Runtime; manages execution, memory, security, and threading.
CLS?
+
Common Language Specification; rules for .NET language interoperability.
Common exception types
+
NullReferenceException, IndexOutOfRangeException, DivideByZeroException,
FormatException, InvalidOperationException
Conflicting interface method names
+
Implement explicitly by specifying interface name:, void
IInterface1.Method() { },
void IInterface2.Method() { }
Conflicting methods in inherited interfaces:
+
If interfaces have identical method signatures, only one implementation is
needed.,
If behavior differs, explicit interface implementation must be used.
Console application
+
Runs in command-line interface., No GUI., Used for scripting or service
apps.
Constant vs Readonly:
+
const is compile-time constant and cannot change after compilation. readonly
can be
assigned at runtime (constructor). const is static by default.
Constructor chaining?
+
Constructor chaining allows one constructor to call another within the same
class
using this()., It helps avoid duplicate code and centralize initialization
logic.
Constructor?
+
Method invoked when an object is created.
Continue vs Break:
+
continue skips remaining loop code and moves to next iteration. break exits
the loop
entirely. Both control loop execution flow.
Contravariance?
+
Allows base types where derived types expected.
Covariance?
+
Allows derived types more liberally.
Create array with non-default values
+
int[] arr = Enumerable.Repeat(5, 10).ToArray();
CTS?
+
Common Type System; defines how data types are declared and used.
Custom Control and User Control?
+
User control is built by combining existing controls (drag and drop).,
Custom
control is created from scratch and reused across applications.
Custom exception?
+
User-defined exception class.
Custom Exceptions
+
User-defined exceptions for specific application errors., Created by
inheriting
Exception class., Helps make error handling meaningful and readable., Used
to
represent domain-specific failures.
Deadlock?
+
Two threads waiting forever for each other’s lock.
Define Constructors
+
A constructor is a special method that initializes objects when created. It
has the
same name as the class and doesn’t return a value.
Delegate?
+
Type-safe function pointer.
Delegates
+
A delegate is a type that holds a reference to a method., Enables event
handling and
callback mechanisms., Supports type safety and encapsulation of method
calls.,
Similar to function pointers in C++.
Dependency injection?
+
Design pattern for providing external dependencies.
Describe the accessibility modifier “protected
internal”.
+
It means the member can be accessed within the same assembly or from derived
classes
in other assemblies.
Deserialization?
+
Converting serialized data back to object.
Destructor?
+
Method called before an object is destroyed by GC.
Dictionary?
+
Key-value collection.
DifBet abstract class and interface?
+
Abstract class can have implementation; interface cannot (before C# 8).
DifBet Array & List?
+
Array has fixed size; List grows dynamically.
DifBet C# and .NET?
+
C# is a programming language; .NET is the runtime and framework.
DifBet const and readonly?
+
const is compile-time constant; readonly is runtime constant.
DifBet Dictionary and Hashtable?
+
Dictionary is generic and faster.
DifBet IEnumerable and IQueryable?
+
IEnumerable executes in memory; IQueryable executes in database.
DifBet ref and out?
+
ref requires initialization; out does not.
DifBet Task and Thread?
+
Task is a higher-level abstraction running on thread pool; Thread is
OS-level.
DiffBet “is” and “as”
+
is checks compatibility., as tries casting and returns null if fails, no
exception.
DiffBet == and Equals():
+
== checks reference equality for objects and value equality for value
types.,
Equals() can be overridden for custom comparison logic.
DiffBet Array and ArrayList:
+
Array has fixed size and stores a single data type., ArrayList is dynamic
and stores
objects, requiring boxing/unboxing for value types.
DiffBet Array and ArrayList?
+
Array has fixed size and stores same data type., ArrayList can grow
dynamically and
stores mixed types.
DiffBet Array.CopyTo() and Array.Clone()
+
Clone() creates a shallow copy of the array including its size., CopyTo()
copies
elements into an existing array starting at a specified index., Clone()
returns a
new array of the same type., CopyTo() requires the destination array to be
allocated
beforehand.
DiffBet Array.CopyTo() and Array.Clone():
+
CopyTo() copies array elements to an existing array., Clone() creates a
shallow copy
of the entire array as a new instance.
DiffBet boxing and unboxing:
+
Boxing converts a value type to a reference type (object)., Unboxing
converts the
object back to its original value type., Boxing is implicit; unboxing must
be
explicit and can cause runtime errors if mismatched.
DiffBet constants and read-only?
+
const must be assigned at compile time and cannot change., readonly can be
assigned
at runtime, usually in a constructor.
DiffBet Dispose and Finalize in C#:
+
Dispose() is called manually to release unmanaged resources using
IDisposable.,
Finalize() (destructor) is called automatically by the Garbage Collector.,
Dispose
provides deterministic cleanup, while Finalize is non-deterministic and
slower.
DiffBet Finalize() and Dispose()
+
Finalize() is called by the garbage collector and cannot be invoked
manually.,
Dispose() is called manually to release unmanaged resources., Finalize() has
performance overhead., Dispose() is implemented via IDisposable.
DiffBet IEnumerable and IQueryable:
+
IEnumerable filters data in memory and is suitable for in-memory
collections.,
IQueryable filters data at the database level using expression trees.,
IQueryable
supports remote querying, improving performance for large datasets.
DiffBet interface and abstract class
+
Interface contains only declarations, no implementation (until default
methods in
new versions)., Abstract class can have both abstract and concrete methods.,
A class
can inherit multiple interfaces but only one abstract class., Interfaces
define a
contract; abstract classes provide a base.
DiffBet Is and As operators:
+
is checks whether an object is compatible with a type and returns
true/false., as
performs safe casting and returns null if the cast fails.
DiffBet late and early binding:
+
Early binding occurs at compile time (e.g., method calls on known types).,
Late
binding happens at runtime (e.g., using dynamic or reflection)., Early
binding is
faster and type-safe, while late binding is flexible but slower.
DiffBet public, static, and void?
+
public means accessible anywhere., static belongs to the class, not the
instance.,
void means the method does not return any value.
DiffBet ref & out parameters?
+
ref requires the variable to be initialized before passing., out does not
require
initialization but must be assigned inside the method.
DiffBet String and StringBuilder in C#:
+
String is immutable, meaning every modification creates a new object.,
StringBuilder
is mutable and efficient for repeated string manipulation., StringBuilder is
preferred when working with dynamic or large text modifications.
DiffBet System.String and StringBuilder
+
String is immutable, meaning any modification creates a new object.,
StringBuilder
is mutable and allows in-place modifications., StringBuilder is preferred
for
frequent string operations like concatenation., String is simpler and better
for
small or static content.
DiffBet Throw Exception and Throw Clause:
+
throw ex; resets the stack trace., throw; preserves the original stack
trace, making
debugging easier.
DirectCast vs CType
+
DirectCast requires exact type., CType supports conversions defined in VB or
framework.
Dynamic keyword?
+
Type resolved at runtime.
Early binding?
+
Object referenced at compile time.
Encapsulation?
+
Binding data and methods inside a class.
Enum:
+
Enum is a value type representing named constants. Helps improve code
readability.
Default underlying type is integer.
Enum?
+
Value type representing named constants.
Event?
+
Used to provide notifications using delegates.
Exception?
+
Runtime error.
Explain types of comment in C# with examples
+
There are three types:, Single-line: // comment, Multi-line: /* comment */,
XML
documentation: ///
Extension method in C#?
+
An extension method adds new functionality to existing classes without
modifying
them., It is defined in a static class and uses the this keyword before the
first
parameter., They are commonly used with LINQ and utility enhancements.
Extension method?
+
Adds new methods to existing types without modifying them.
File Handling in C#.Net?
+
File handling allows reading, writing, and manipulating files using classes
like
File, FileStream, StreamReader, and StreamWriter. It is used to store or
retrieve
data from physical files.
Finally?
+
Block executed regardless of exception.
Garbage collection?
+
Automatic memory management.
GC generations?
+
Gen 0, Gen 1, Gen 2.
Generic type?
+
Allows type parameters for safe and reusable code.
Generics in .NET
+
Generics allow type-safe collections without boxing/unboxing., They improve
performance and reusability., Examples: List , Dictionary ., They enable
compile-time type checking.
Generics?
+
Generics allow classes and methods to operate on types without specifying
them
upfront., They provide type safety and improve performance by avoiding
boxing/unboxing.
HashSet?
+
Collection of unique items.
Hashtable in C#?
+
A Hashtable stores key-value pairs and provides fast access using a hash
key. Keys
are unique, and values can be of any type. It belongs to System.Collections.
Hashtable?
+
Non-generic key-value collection.
How do you use the “using” statement in C#?
+
The using statement ensures that resources like files or database
connections are
properly closed and disposed after use. It helps prevent memory leaks by
automatically calling Dispose(). Example: using(StreamReader sr = new
StreamReader("file.txt")) { }.
How to inherit a class
+
class B : A, {, }
How to prevent SQL Injection?
+
Use parameterized queries.
How to use Nullable<> Types?
+
Nullable types allow value types (like int) to store null using Nullable
or ?.,
Example: int? age = null;.
ICollection?
+
Extends IEnumerable with add/remove operations.
IDisposable?
+
Interface to release unmanaged resources.
IEnumerable vs IEnumerator?
+
IEnumerable returns enumerator; IEnumerator iterates items.
IEnumerable?
+
Interface for forward-only iteration.
IEnumerable<> in C#?
+
IEnumerable is an interface used to iterate through a collection using
foreach.,
It supports forward-only iteration and deferred execution., It does not
support
querying or modifying items directly.
In keyword?
+
Pass parameter by readonly reference.
Indexer?
+
Allows objects to be indexed like arrays.
Indexers
+
Allow a class to be accessed like an array., public string this[int index] {
get;
set; }
Indexers?
+
Indexers allow objects to be accessed like arrays using brackets []., They
provide
dynamic access to internal data without exposing underlying collections.
Inherit class but prevent method override
+
Use sealed keyword on the method., public sealed override void Method() { }
Inheritance?
+
Mechanism to derive new classes from existing classes.
Interface class? Give an example
+
An interface contains declarations of methods without implementation.
Classes must
implement them., Example: interface IShape { void Draw(); }.
Interface vs Abstract Class:
+
Interface only declares members; no implementation (until default
implementations in
newer versions). Abstract class can have both abstract and concrete members.
A class
can implement multiple interfaces but inherit only one abstract class.
Interface?
+
Contract containing method signatures without implementation.
IOC container?
+
Automates dependency injection and object creation.
IQueryable?
+
Supports LINQ queries for remote data sources.
Jagged Array in C#?
+
A jagged array is an array of arrays where each sub-array can have different
lengths. It provides flexibility if the data structure doesn't need uniform
size.
Example: int[][] jagged = new int[2][]; jagged[0]=new int[3]; jagged[1]=new
int[5];.
Jagged Arrays?
+
A jagged array is an array containing different-sized sub-arrays. It
provides
flexibility in storing uneven data structures.
JIT compiler?
+
Converts IL code to machine code at runtime.
JSON serialization?
+
Using System.Text.Json or Newtonsoft.Json to serialize objects.
Lambda expression?
+
Short syntax for writing inline methods/functions.
Late binding?
+
Object created at runtime instead of compile time.
LINQ in C#?
+
LINQ (Language Integrated Query) is a feature used to query data from
collections,
databases, XML, etc., using a unified syntax. It improves readability and
reduces
code. Example: var result = from x in list where x > 10 select x;.
LINQ?
+
Language Integrated Query for querying collections and databases.
List?
+
Generic list that stores strongly typed items.
Lock keyword?
+
Prevents multiple threads from accessing critical code section.
Managed or unmanaged?
+
C# code is managed because it runs under CLR.
Managed vs Unmanaged Code:
+
Managed code runs under CLR with garbage collection and memory management.
Unmanaged
code runs directly on OS without CLR support (like C/C++). Managed code is
safer but
slower.
Method overloading?
+
Multiple methods with the same name but different parameters.
Method overloading?
+
Method overloading allows multiple methods with the same name but different
parameters. It improves flexibility and readability.
Method overriding?
+
Redefining base class methods in derived class using virtual/override.
Monitor?
+
Provides advanced locking features.
MSIL?
+
Microsoft Intermediate Language generated before JIT.
Multicast delegate
+
A delegate that can reference multiple methods., Invokes them in order.,
Used in
event handling.
Multicast delegate?
+
Delegate that references multiple methods.
Multicast delegate?
+
A multicast delegate holds references to multiple methods., When invoked, it
executes all assigned methods in order.
Multithreading with .NET?
+
Multithreading allows a program to run multiple tasks simultaneously,
improving
performance and responsiveness. In .NET, threads can be created using the
Thread
class or Task Parallel Library. It is commonly used in applications
requiring
background processing.
Mutex?
+
Synchronization primitive across processes.
Namespace?
+
A logical grouping of classes and other types.
Nnullable type?
+
Value type that can hold null using ? syntax.
Nullable types
+
int? x = null;, Used to store value types with null support.
Null-Coalescing operator ??
+
Returns right operand if left operand is null.
Object pool
+
Object pooling reuses a set of pre-created objects., Improves performance by
avoiding costly object creation., Common in high-performance applications.,
Useful
for objects with expensive initialization.
Object Pooling?
+
Object pooling reuses frequently used objects instead of creating new ones.,
It
improves performance by reducing memory allocation and garbage collection.
Object?
+
Instance of a class.
Object?
+
An object is an instance of a class containing data and behavior. It
represents
real-world entities in OOP. Objects interact using methods and properties.
Object?
+
An object is an instance of a class that contains data and behavior. It
represents a
real-world entity like student, car, or bank account.
Out keyword?
+
Pass parameter by reference but must be assigned inside method.
Overloading vs overriding
+
Overloading: same method name, different parameters., Overriding: derived
class
changes base class implementation., Overloading happens at compile time;
overriding
at runtime., Overriding requires virtual and override keywords.
Override keyword?
+
Used to override a virtual/abstract method.
Partial class?
+
Class definition split across multiple files.
Partial classes and why needed?
+
Partial classes allow a class definition to be split across multiple files.,
They
help in code organization, especially auto-generated code and manual code
separation., The compiler combines all partial files into a single class at
runtime.
Pattern matching?
+
Technique to match types and conditions.
Polymorphism?
+
Ability of objects to take many forms through inheritance and interfaces.
Preprocessor directive?
+
Instructions to compiler like #if, #region.
Properties in C#?
+
Properties are class members used to read, write, or compute values., They
provide
controlled access to private fields using get and set accessors., Properties
improve
encapsulation and help enforce validation on assignment.
Property?
+
Getter/setter wrapper for fields.
Race Condition?
+
Conflict when multiple threads access shared data.
Readonly?
+
Variable that can only be assigned in constructor.
Record type?
+
Immutable reference type introduced in C# 9.
Ref keyword?
+
Pass parameter by reference.
Ref vs out:
+
ref requires variable initialization before passing. out does not require
initialization but must be assigned inside the method. Both pass arguments
by
reference.
Reflection in C#?
+
Reflection allows inspecting and interacting with metadata (methods,
properties,
types) at runtime. It is used in frameworks, serialization, and dynamic
object
creation using System.Reflection.
Reflection?
+
Inspecting metadata and creating objects dynamically.
Remove element from queue
+
queue.Dequeue();
Role of Access Modifiers:
+
Access modifiers control visibility of classes and members., Examples
include
public, private, protected, and internal to enforce encapsulation.
Sealed class?
+
Class that cannot be inherited.
Sealed classes in C#?
+
A sealed class prevents further inheritance., It is used when modifications
through
inheritance should be restricted., sealed can also be applied to methods to
stop
overriding.
Sealed classes in C#?
+
A sealed class prevents inheritance. It is used to stop modification of
behavior.
Example: sealed class A { }.
Sealed method?
+
Method that cannot be overridden.
Semaphore?
+
Limits number of threads accessing a resource.
Serialization in C#?
+
Serialization is the process of converting an object into a format like XML,
JSON,
or binary for storage or transfer. It allows objects to be saved to files,
memory,
or sent over a network. Deserialization is the reverse, which reconstructs
the
object from serialized data.
Serialization?
+
Converting objects to JSON, XML, or binary.
Serialization?
+
Serialization converts an object into a storable or transferable format like
JSON,
XML, or binary. It is used for saving or transmitting data.
Singleton pattern
+
public class Singleton {, private static readonly Singleton instance = new
Singleton();, private Singleton() {}, public static Singleton Instance =>
instance;,
}
Singleton Pattern and implementation?
+
Singleton ensures only one instance of a class exists globally., It is
implemented
using a private constructor, a static field, and a public static instance
property.
Sorting array in descending order
+
Array.Sort(arr);, Array.Reverse(arr);
SQL Injection?
+
Attack where malicious SQL is injected.
Static class?
+
Class that cannot be instantiated and contains only static members.
Static constructor?
+
Initializes static members of a class.
Static variable?
+
Shared among all instances of a class.
Struct vs class
+
Struct is value type; class is reference type., Structs stored on stack;
classes
stored on heap., Structs cannot inherit but can implement interfaces.,
Classes
support full inheritance.
Struct vs Class:
+
Structs are value types and stored on stack; classes are reference types and
stored
on heap. Structs do not support inheritance. Classes support features like
virtual
methods.
Struct?
+
Value type used to store small data structures.
Syntax to catch an exception
+
try, {, // Code, }, catch(Exception ex), {, // Handle exception, }
Task in C#?
+
Represents an asynchronous operation.
This keyword?
+
Refers to the current instance.
Thread pool?
+
Managed pool of threads used by tasks.
Thread?
+
Smallest unit of execution.
Throw?
+
Used to raise an exception.
Try/catch?
+
Used to handle exceptions.
Tuple in C#?
+
A lightweight data structure with multiple values.
Unboxing?
+
Extracting value type from object.
Use of ‘using’ statement in C#?
+
It ensures automatic cleanup of resources by calling Dispose() when the
scope ends.
Useful for files, streams, and database connections.
Use of a delegate in C#:
+
A delegate represents a reference to a method., It allows methods to be
passed as
parameters and supports callback mechanisms., Delegates enable event
handling and
implement loose coupling.
Using statement?
+
Ensures IDisposable resources are disposed automatically.
Value types and reference types?
+
Value types store data directly (int, float, bool)., Reference types store
memory
addresses to objects (class, array, string).
Var?
+
Implicit local variable type inferred at compile time.
Virtual method?
+
Method that can be overridden in derived class.
Virtual Method?
+
A virtual method allows derived classes to override its implementation., It
supports
runtime polymorphism.
Ways a method can be overloaded:
+
Overloading can be done by changing:, ✓ Number of parameters, ✓ Type of
parameters,
✓ Order of parameters
Ways to overload a method
+
Change number of parameters., Change data type of parameters., Change order
of
parameters (only if type differs).
What type of language is C#?
+
Strongly typed, object-oriented, component-oriented.
Yield keyword?
+
Return sequence of values without storing all items.
JKM CI/CD
A/b testing in ci/cd?
+
A/B testing compares two versions of an application to evaluate performance
or user
engagement.
Ansible in ci/cd?
+
Ansible automates configuration management provisioning and application
deployment.
Artifact promotion?
+
Artifact promotion moves build artifacts from development or staging to
production
environments.
Artifact repository?
+
Artifact repository stores build outputs libraries and packages for reuse
such as
Nexus or Artifactory.
Artifact repository?
+
Central storage for build outputs like binaries, Docker images, or NuGet
packages.
Automated deployment in ci/cd?
+
Automated deployment delivers application changes to environments without
manual
intervention.
Automated testing in ci/cd?
+
Automated testing runs tests automatically to validate code functionality
and
quality during CI/CD pipelines.
Azure devops pipelines?
+
Azure DevOps Pipelines automates builds tests and deployments in Azure
DevOps
environment.
Benefits of ci/cd?
+
Faster delivery improved code quality early bug detection reduced
integration issues
and automated workflows.
Bitbucket pipelines?
+
Bitbucket Pipelines is a CI/CD service integrated with Bitbucket
repositories for
automated builds tests and deployments.
Blue-green deployment?
+
Blue-green deployment switches traffic between two identical environments to
minimize downtime during release.
Blue-green deployment?
+
Deploy a new version in parallel with the old one and switch traffic once
validated.
Build artifact?
+
Build artifact is the output of a build process such as compiled binaries
Docker
images or packages.
Build in ci/cd?
+
A build compiles source code into executable artifacts often including
dependency
resolution and packaging.
Build matrix?
+
Build matrix runs pipeline jobs across multiple environments configurations
or
versions.
Build pipeline stage?
+
A stage in a pipeline represents a major step such as build test or deploy.
Build trigger?
+
Build trigger automatically starts a pipeline based on events like commit
merge
request or schedule.
Canary deployment?
+
Canary deployment releases new changes to a small subset of users to monitor
behavior before full rollout.
Canary deployment?
+
Deploy a new version to a small subset of users to monitor stability before
full
release.
Canary monitoring?
+
Canary monitoring observes new releases for errors or performance issues
before full
rollout.
Chef in ci/cd?
+
Chef is an automation tool for managing infrastructure and deployments.
Ci/cd best practice?
+
Best practices include version control automated tests code review fast
feedback
secure secrets and monitoring.
Ci/cd metrics?
+
CI/CD metrics track build duration success rate deployment frequency mean
time to
recovery and failure rate.
Ci/cd pipeline?
+
A CI/CD pipeline is an automated sequence of stages that code goes through
from
commit to deployment.
Ci/cd security?
+
CI/CD security ensures secure code pipeline configuration secrets management
and
deployment.
Ci/cd?
+
CI/CD stands for Continuous Integration and Continuous Deployment/Delivery a
practice to automate software development testing and deployment.
Ci/cd?
+
CI (Continuous Integration) automatically builds and tests code on commit.
CD
(Continuous Deployment/Delivery) deploys it to staging or production.
Circleci?
+
CircleCI is a cloud-based CI/CD platform that automates build test and
deployment
workflows.
Code quality analysis in ci/cd?
+
Code quality analysis checks code for bugs vulnerabilities style and
maintainability
using tools like SonarQube.
Configuration file in ci/cd?
+
Configuration file defines the pipeline steps environment variables triggers
and
deployment settings.
Containerization in ci/cd?
+
Containerization packages software and dependencies into a portable
container often
using Docker.
Continuous delivery (cd)?
+
CD is the practice of automatically preparing code changes for release to
production.
Continuous deployment?
+
Continuous Deployment automatically deploys code changes to production after
passing
tests without manual intervention.
Continuous integration (ci)?
+
CI is the practice of frequently integrating code changes into a shared
repository
with automated builds and tests.
Continuous monitoring in ci/cd?
+
Continuous monitoring tracks application performance errors and metrics
post-deployment.
Dependency management in ci/cd?
+
Dependency management ensures required libraries packages and modules are
available
during builds and deployments.
Deployment frequency?
+
Deployment frequency measures how often software changes are deployed to
production.
Deployment pipeline?
+
Deployment pipeline automates the process of delivering software to
different
environments like dev test and production.
Devops?
+
DevOps is a culture and set of practices combining development and
operations to
deliver software faster and reliably.
Diffbet a pipeline and a workflow?
+
Pipeline refers to a sequence of automated steps; workflow includes
branching
approvals and manual triggers in CI/CD.
Diffbet ci and cd?
+
CI (Continuous Integration) merges code frequently, builds, and tests
automatically., CD (Continuous Delivery/Deployment) deploys tested code to
environments automatically.
Diffbet ci and nightly builds?
+
CI triggers builds on each commit; nightly builds run at scheduled times
typically
once per day.
Diffbet ci/cd and devops?
+
CI/CD is a subset of DevOps practices focused on automation; DevOps includes
culture
collaboration and infrastructure practices.
Diffbet continuous delivery and continuous deployment?
+
Continuous Delivery requires manual approval for deployment; Continuous
Deployment
is fully automated to production.
Diffbet declarative and scripted jenkins pipelines?
+
Declarative pipelines use a structured readable syntax; scripted pipelines
use
Groovy scripts with more flexibility.
Docker in ci/cd?
+
Docker is a platform to build ship and run applications in containers.
Dynamic code analysis in ci/cd?
+
Dynamic code analysis inspects running code to detect runtime errors or
performance
issues.
Feature branching in ci/cd?
+
Feature branching involves developing new features in isolated branches to
prevent
conflicts in the main branch.
Fork vs clone?
+
Fork is a copy on the server; clone is a local copy of a repo. Fork enables
collaboration via PRs.
Gitlab ci file?
+
.gitlab-ci.yml defines GitLab CI/CD pipeline stages jobs and configurations.
Gitlab ci/cd pipeline?
+
Pipeline defines jobs, stages, and scripts to automate build, test, and
deploy.
Gitlab ci/cd?
+
GitLab CI/CD is a tool integrated with GitLab for automating builds tests
and
deployments.
Gitlab runner?
+
A GitLab runner executes CI/CD jobs defined in GitLab pipelines.
Immutable infrastructure in ci/cd?
+
Immutable infrastructure involves replacing servers or environments rather
than
modifying them.
Infrastructure as code (iac)?
+
IaC automates infrastructure provisioning using code such as Terraform or
Ansible.
Integration test?
+
Integration test checks the interaction between multiple components or
systems.
Is ci/cd implemented in azure repos?
+
Using Azure Pipelines linked to repos, automatically triggering builds and
deployments.
Is ci/cd implemented in bitbucket?
+
Using Bitbucket Pipelines defined in bitbucket-pipelines.yml.
Is ci/cd implemented in github?
+
Using GitHub Actions defined in .yml workflows, triggered on push, PR, or
schedule.
Is ci/cd implemented in gitlab?
+
Using .gitlab-ci.yml and GitLab Runners to automate builds, tests, and
deployments.
Jenkins job?
+
A Jenkins job defines tasks such as build test or deploy within a CI/CD
pipeline.
Jenkins pipeline?
+
Jenkins pipeline is a set of instructions defining the stages and steps for
automated build test and deployment.
Jenkins?
+
Jenkins is an open-source automation server used for building testing and
deploying
software in CI/CD pipelines.
Jenkinsfile?
+
Jenkinsfile defines a Jenkins pipeline using code specifying stages steps
and
agents.
Key components of ci/cd pipeline?
+
Source code management build automation automated testing artifact
management
deployment automation monitoring.
Kubernetes in ci/cd?
+
Kubernetes is a container orchestration platform used to deploy scale and
manage
containers in CI/CD pipelines.
Lead time for changes?
+
Lead time measures the duration from code commit to deployment in
production.
Manual trigger?
+
Manual trigger requires user action to start a pipeline or deploy a release.
Mean time to recovery (mttr)?
+
MTTR measures the average time to recover from failures in deployment or
production.
Pipeline approval?
+
Pipeline approval requires manual authorization before proceeding to
deployment
stages.
Pipeline artifact vs build artifact?
+
Pipeline artifacts are shared between jobs/stages; build artifacts are
outputs of a
single build.
Pipeline artifact?
+
Pipeline artifact is an output from a job or stage such as binaries or
reports used
in later stages.
Pipeline as code?
+
Pipeline as code defines CI/CD pipelines using code or configuration files
enabling
version control and automation.
Pipeline as code?
+
Defining CI/CD pipelines in versioned files (YAML, Jenkinsfile) to track
changes and
standardize workflows.
Pipeline caching?
+
Pipeline caching stores dependencies or artifacts to speed up build times.
Pipeline concurrency?
+
Pipeline concurrency allows multiple pipelines or jobs to run
simultaneously.
Pipeline drift?
+
Pipeline drift occurs when pipelines are inconsistent across environments or
teams.
Pipeline environment variable?
+
Environment variable stores configuration values used by pipeline jobs.
Pipeline failure?
+
Pipeline failure occurs when a job or stage fails due to code errors test
failures
or configuration issues.
Pipeline job?
+
A job is a specific task executed in a pipeline stage like running tests or
building
artifacts.
Pipeline notifications?
+
Pipeline notifications alert teams about build or deployment status via
email Slack
or other channels.
Pipeline observability?
+
Pipeline observability monitors pipeline performance failures and
bottlenecks.
Pipeline optimization?
+
Pipeline optimization improves speed reliability and efficiency of CI/CD
processes.
Pipeline retry?
+
Pipeline retry reruns failed jobs automatically or manually.
Pipeline scheduling?
+
Pipeline scheduling triggers builds or deployments at specified times.
Pipeline visualization?
+
Pipeline visualization shows the flow of stages jobs and results
graphically.
Post-deployment testing?
+
Post-deployment testing validates functionality performance and monitoring
after
deployment.
Pre-deployment testing?
+
Pre-deployment testing validates changes in staging or test environments
before
production deployment.
Production environment?
+
Production environment is where the live application runs and is accessible
to end
users.
Puppet in ci/cd?
+
Puppet automates infrastructure configuration management and compliance.
Regression test?
+
Regression test ensures that new changes do not break existing
functionality.
Release in ci/cd?
+
Release is a version of the software ready to be deployed to production or
other
environments.
Role of a build server in ci/cd?
+
Build server automates compiling testing and packaging code changes for
integration
and deployment.
Role of automation in ci/cd?
+
Automation reduces manual intervention improves consistency speeds up
delivery and
ensures quality.
Rollback automation?
+
Rollback automation automatically reverts deployments when failures are
detected.
Rollback in ci/cd?
+
Rollback is reverting a deployment to a previous stable version in case of
issues.
Rollback strategy in ci/cd?
+
Rollback strategy defines procedures to revert deployments safely in case of
failures.
Rollback testing?
+
Rollback testing validates the rollback process and ensures previous
versions work
correctly.
Rolling deployment?
+
Rolling deployment gradually replaces old versions with new ones across
servers or
pods.
Rolling deployment?
+
Deploying updates gradually to reduce downtime and risk.
Secrets management in ci/cd?
+
Secrets management securely stores sensitive information like passwords API
keys or
certificates.
Shift-left testing in ci/cd?
+
Shift-left testing moves testing earlier in the development lifecycle to
catch
defects sooner.
Smoke test?
+
Smoke test is a preliminary test to check basic functionality before
detailed
testing.
Sonarqube in ci/cd?
+
SonarQube analyzes code quality technical debt and vulnerabilities
integrating into
CI/CD pipelines.
Staging environment?
+
Staging environment mimics production to test releases before deployment.
Static code analysis in ci/cd?
+
Static code analysis inspects code without execution to find errors security
issues
or style violations.
System test?
+
System test validates the complete and integrated software system against
requirements.
Terraform in ci/cd?
+
Terraform is an IaC tool used to define provision and manage infrastructure
declaratively.
Test environment?
+
Test environment is a setup where testing is performed to validate software
functionality and quality.
To handle secrets in ci/cd?
+
Use encrypted variables, secret management tools, or vault integration to
store
credentials securely.
To protect branches in github?
+
Use branch protection rules: require PR reviews, status checks, and restrict
who can
push.
To roll back commits in git?
+
Use git revert (creates a new commit) or git reset (rewinds history)
depending on
requirement.
Travis ci?
+
Travis CI is a hosted CI/CD service for building and testing software
projects
hosted on GitHub.
Trunk-based development?
+
Trunk-based development involves frequent commits to the main branch with
short-lived feature branches.
Unit test?
+
Unit test verifies the functionality of individual components or functions
in
isolation.
Vault in ci/cd?
+
Vault is a tool for securely storing and managing secrets and sensitive
data.
Version control in ci/cd?
+
Version control is the management of code changes using tools like Git or
SVN for
tracking and collaboration.
Version control integration?
+
CI/CD tools integrate with Git, SVN, or Mercurial to detect code changes and
trigger
pipelines.
Webhooks in github/bitbucket/gitlab?
+
Webhooks trigger external services when events occur, like push, PR, or
merge
events, enabling CI/CD and integrations.
Yaml in ci/cd?
+
YAML is a human-readable format used to define CI/CD pipeline
configurations.
You monitor ci/cd pipelines?
+
Using dashboards, logs, notifications, or metrics for build health and
performance.
A/b testing in ci/cd?
+
A/B testing compares two versions of an application to evaluate performance
or user
engagement.
Ansible in ci/cd?
+
Ansible automates configuration management provisioning and application
deployment.
Artifact promotion?
+
Artifact promotion moves build artifacts from development or staging to
production
environments.
Artifact repository?
+
Artifact repository stores build outputs libraries and packages for reuse
such as
Nexus or Artifactory.
Artifact repository?
+
Central storage for build outputs like binaries, Docker images, or NuGet
packages.
Automated deployment in ci/cd?
+
Automated deployment delivers application changes to environments without
manual
intervention.
Automated testing in ci/cd?
+
Automated testing runs tests automatically to validate code functionality
and
quality during CI/CD pipelines.
Azure devops pipelines?
+
Azure DevOps Pipelines automates builds tests and deployments in Azure
DevOps
environment.
Benefits of ci/cd?
+
Faster delivery improved code quality early bug detection reduced
integration issues
and automated workflows.
Bitbucket pipelines?
+
Bitbucket Pipelines is a CI/CD service integrated with Bitbucket
repositories for
automated builds tests and deployments.
Blue-green deployment?
+
Blue-green deployment switches traffic between two identical environments to
minimize downtime during release.
Blue-green deployment?
+
Deploy a new version in parallel with the old one and switch traffic once
validated.
Build artifact?
+
Build artifact is the output of a build process such as compiled binaries
Docker
images or packages.
Build in ci/cd?
+
A build compiles source code into executable artifacts often including
dependency
resolution and packaging.
Build matrix?
+
Build matrix runs pipeline jobs across multiple environments configurations
or
versions.
Build pipeline stage?
+
A stage in a pipeline represents a major step such as build test or deploy.
Build trigger?
+
Build trigger automatically starts a pipeline based on events like commit
merge
request or schedule.
Canary deployment?
+
Canary deployment releases new changes to a small subset of users to monitor
behavior before full rollout.
Canary deployment?
+
Deploy a new version to a small subset of users to monitor stability before
full
release.
Canary monitoring?
+
Canary monitoring observes new releases for errors or performance issues
before full
rollout.
Chef in ci/cd?
+
Chef is an automation tool for managing infrastructure and deployments.
Ci/cd best practice?
+
Best practices include version control automated tests code review fast
feedback
secure secrets and monitoring.
Ci/cd metrics?
+
CI/CD metrics track build duration success rate deployment frequency mean
time to
recovery and failure rate.
Ci/cd pipeline?
+
A CI/CD pipeline is an automated sequence of stages that code goes through
from
commit to deployment.
Ci/cd security?
+
CI/CD security ensures secure code pipeline configuration secrets management
and
deployment.
Ci/cd?
+
CI/CD stands for Continuous Integration and Continuous Deployment/Delivery a
practice to automate software development testing and deployment.
Ci/cd?
+
CI (Continuous Integration) automatically builds and tests code on commit.
CD
(Continuous Deployment/Delivery) deploys it to staging or production.
Circleci?
+
CircleCI is a cloud-based CI/CD platform that automates build test and
deployment
workflows.
Code quality analysis in ci/cd?
+
Code quality analysis checks code for bugs vulnerabilities style and
maintainability
using tools like SonarQube.
Configuration file in ci/cd?
+
Configuration file defines the pipeline steps environment variables triggers
and
deployment settings.
Containerization in ci/cd?
+
Containerization packages software and dependencies into a portable
container often
using Docker.
Continuous delivery (cd)?
+
CD is the practice of automatically preparing code changes for release to
production.
Continuous deployment?
+
Continuous Deployment automatically deploys code changes to production after
passing
tests without manual intervention.
Continuous integration (ci)?
+
CI is the practice of frequently integrating code changes into a shared
repository
with automated builds and tests.
Continuous monitoring in ci/cd?
+
Continuous monitoring tracks application performance errors and metrics
post-deployment.
Dependency management in ci/cd?
+
Dependency management ensures required libraries packages and modules are
available
during builds and deployments.
Deployment frequency?
+
Deployment frequency measures how often software changes are deployed to
production.
Deployment pipeline?
+
Deployment pipeline automates the process of delivering software to
different
environments like dev test and production.
Devops?
+
DevOps is a culture and set of practices combining development and
operations to
deliver software faster and reliably.
Diffbet a pipeline and a workflow?
+
Pipeline refers to a sequence of automated steps; workflow includes
branching
approvals and manual triggers in CI/CD.
Diffbet ci and cd?
+
CI (Continuous Integration) merges code frequently, builds, and tests
automatically., CD (Continuous Delivery/Deployment) deploys tested code to
environments automatically.
Diffbet ci and nightly builds?
+
CI triggers builds on each commit; nightly builds run at scheduled times
typically
once per day.
Diffbet ci/cd and devops?
+
CI/CD is a subset of DevOps practices focused on automation; DevOps includes
culture
collaboration and infrastructure practices.
Diffbet continuous delivery and continuous deployment?
+
Continuous Delivery requires manual approval for deployment; Continuous
Deployment
is fully automated to production.
Diffbet declarative and scripted jenkins pipelines?
+
Declarative pipelines use a structured readable syntax; scripted pipelines
use
Groovy scripts with more flexibility.
Docker in ci/cd?
+
Docker is a platform to build ship and run applications in containers.
Dynamic code analysis in ci/cd?
+
Dynamic code analysis inspects running code to detect runtime errors or
performance
issues.
Feature branching in ci/cd?
+
Feature branching involves developing new features in isolated branches to
prevent
conflicts in the main branch.
Fork vs clone?
+
Fork is a copy on the server; clone is a local copy of a repo. Fork enables
collaboration via PRs.
Gitlab ci file?
+
.gitlab-ci.yml defines GitLab CI/CD pipeline stages jobs and configurations.
Gitlab ci/cd pipeline?
+
Pipeline defines jobs, stages, and scripts to automate build, test, and
deploy.
Gitlab ci/cd?
+
GitLab CI/CD is a tool integrated with GitLab for automating builds tests
and
deployments.
Gitlab runner?
+
A GitLab runner executes CI/CD jobs defined in GitLab pipelines.
Immutable infrastructure in ci/cd?
+
Immutable infrastructure involves replacing servers or environments rather
than
modifying them.
Infrastructure as code (iac)?
+
IaC automates infrastructure provisioning using code such as Terraform or
Ansible.
Integration test?
+
Integration test checks the interaction between multiple components or
systems.
Is ci/cd implemented in azure repos?
+
Using Azure Pipelines linked to repos, automatically triggering builds and
deployments.
Is ci/cd implemented in bitbucket?
+
Using Bitbucket Pipelines defined in bitbucket-pipelines.yml.
Is ci/cd implemented in github?
+
Using GitHub Actions defined in .yml workflows, triggered on push, PR, or
schedule.
Is ci/cd implemented in gitlab?
+
Using .gitlab-ci.yml and GitLab Runners to automate builds, tests, and
deployments.
Jenkins job?
+
A Jenkins job defines tasks such as build test or deploy within a CI/CD
pipeline.
Jenkins pipeline?
+
Jenkins pipeline is a set of instructions defining the stages and steps for
automated build test and deployment.
Jenkins?
+
Jenkins is an open-source automation server used for building testing and
deploying
software in CI/CD pipelines.
Jenkinsfile?
+
Jenkinsfile defines a Jenkins pipeline using code specifying stages steps
and
agents.
Key components of ci/cd pipeline?
+
Source code management build automation automated testing artifact
management
deployment automation monitoring.
Kubernetes in ci/cd?
+
Kubernetes is a container orchestration platform used to deploy scale and
manage
containers in CI/CD pipelines.
Lead time for changes?
+
Lead time measures the duration from code commit to deployment in
production.
Manual trigger?
+
Manual trigger requires user action to start a pipeline or deploy a release.
Mean time to recovery (mttr)?
+
MTTR measures the average time to recover from failures in deployment or
production.
Pipeline approval?
+
Pipeline approval requires manual authorization before proceeding to
deployment
stages.
Pipeline artifact vs build artifact?
+
Pipeline artifacts are shared between jobs/stages; build artifacts are
outputs of a
single build.
Pipeline artifact?
+
Pipeline artifact is an output from a job or stage such as binaries or
reports used
in later stages.
Pipeline as code?
+
Pipeline as code defines CI/CD pipelines using code or configuration files
enabling
version control and automation.
Pipeline as code?
+
Defining CI/CD pipelines in versioned files (YAML, Jenkinsfile) to track
changes and
standardize workflows.
Pipeline caching?
+
Pipeline caching stores dependencies or artifacts to speed up build times.
Pipeline concurrency?
+
Pipeline concurrency allows multiple pipelines or jobs to run
simultaneously.
Pipeline drift?
+
Pipeline drift occurs when pipelines are inconsistent across environments or
teams.
Pipeline environment variable?
+
Environment variable stores configuration values used by pipeline jobs.
Pipeline failure?
+
Pipeline failure occurs when a job or stage fails due to code errors test
failures
or configuration issues.
Pipeline job?
+
A job is a specific task executed in a pipeline stage like running tests or
building
artifacts.
Pipeline notifications?
+
Pipeline notifications alert teams about build or deployment status via
email Slack
or other channels.
Pipeline observability?
+
Pipeline observability monitors pipeline performance failures and
bottlenecks.
Pipeline optimization?
+
Pipeline optimization improves speed reliability and efficiency of CI/CD
processes.
Pipeline retry?
+
Pipeline retry reruns failed jobs automatically or manually.
Pipeline scheduling?
+
Pipeline scheduling triggers builds or deployments at specified times.
Pipeline visualization?
+
Pipeline visualization shows the flow of stages jobs and results
graphically.
Post-deployment testing?
+
Post-deployment testing validates functionality performance and monitoring
after
deployment.
Pre-deployment testing?
+
Pre-deployment testing validates changes in staging or test environments
before
production deployment.
Production environment?
+
Production environment is where the live application runs and is accessible
to end
users.
Puppet in ci/cd?
+
Puppet automates infrastructure configuration management and compliance.
Regression test?
+
Regression test ensures that new changes do not break existing
functionality.
Release in ci/cd?
+
Release is a version of the software ready to be deployed to production or
other
environments.
Role of a build server in ci/cd?
+
Build server automates compiling testing and packaging code changes for
integration
and deployment.
Role of automation in ci/cd?
+
Automation reduces manual intervention improves consistency speeds up
delivery and
ensures quality.
Rollback automation?
+
Rollback automation automatically reverts deployments when failures are
detected.
Rollback in ci/cd?
+
Rollback is reverting a deployment to a previous stable version in case of
issues.
Rollback strategy in ci/cd?
+
Rollback strategy defines procedures to revert deployments safely in case of
failures.
Rollback testing?
+
Rollback testing validates the rollback process and ensures previous
versions work
correctly.
Rolling deployment?
+
Rolling deployment gradually replaces old versions with new ones across
servers or
pods.
Rolling deployment?
+
Deploying updates gradually to reduce downtime and risk.
Secrets management in ci/cd?
+
Secrets management securely stores sensitive information like passwords API
keys or
certificates.
Shift-left testing in ci/cd?
+
Shift-left testing moves testing earlier in the development lifecycle to
catch
defects sooner.
Smoke test?
+
Smoke test is a preliminary test to check basic functionality before
detailed
testing.
Sonarqube in ci/cd?
+
SonarQube analyzes code quality technical debt and vulnerabilities
integrating into
CI/CD pipelines.
Staging environment?
+
Staging environment mimics production to test releases before deployment.
Static code analysis in ci/cd?
+
Static code analysis inspects code without execution to find errors security
issues
or style violations.
System test?
+
System test validates the complete and integrated software system against
requirements.
Terraform in ci/cd?
+
Terraform is an IaC tool used to define provision and manage infrastructure
declaratively.
Test environment?
+
Test environment is a setup where testing is performed to validate software
functionality and quality.
To handle secrets in ci/cd?
+
Use encrypted variables, secret management tools, or vault integration to
store
credentials securely.
To protect branches in github?
+
Use branch protection rules: require PR reviews, status checks, and restrict
who can
push.
To roll back commits in git?
+
Use git revert (creates a new commit) or git reset (rewinds history)
depending on
requirement.
Travis ci?
+
Travis CI is a hosted CI/CD service for building and testing software
projects
hosted on GitHub.
Trunk-based development?
+
Trunk-based development involves frequent commits to the main branch with
short-lived feature branches.
Unit test?
+
Unit test verifies the functionality of individual components or functions
in
isolation.
Vault in ci/cd?
+
Vault is a tool for securely storing and managing secrets and sensitive
data.
Version control in ci/cd?
+
Version control is the management of code changes using tools like Git or
SVN for
tracking and collaboration.
Version control integration?
+
CI/CD tools integrate with Git, SVN, or Mercurial to detect code changes and
trigger
pipelines.
Webhooks in github/bitbucket/gitlab?
+
Webhooks trigger external services when events occur, like push, PR, or
merge
events, enabling CI/CD and integrations.
Yaml in ci/cd?
+
YAML is a human-readable format used to define CI/CD pipeline
configurations.
You monitor ci/cd pipelines?
+
Using dashboards, logs, notifications, or metrics for build health and
performance.
A/b testing in ci/cd?
+
A/B testing compares two versions of an application to evaluate performance
or user
engagement.
Ansible in ci/cd?
+
Ansible automates configuration management provisioning and application
deployment.
Artifact promotion?
+
Artifact promotion moves build artifacts from development or staging to
production
environments.
Artifact repository?
+
Artifact repository stores build outputs libraries and packages for reuse
such as
Nexus or Artifactory.
Artifact repository?
+
Central storage for build outputs like binaries, Docker images, or NuGet
packages.
Automated deployment in ci/cd?
+
Automated deployment delivers application changes to environments without
manual
intervention.
Automated testing in ci/cd?
+
Automated testing runs tests automatically to validate code functionality
and
quality during CI/CD pipelines.
Azure devops pipelines?
+
Azure DevOps Pipelines automates builds tests and deployments in Azure
DevOps
environment.
Benefits of ci/cd?
+
Faster delivery improved code quality early bug detection reduced
integration issues
and automated workflows.
Bitbucket pipelines?
+
Bitbucket Pipelines is a CI/CD service integrated with Bitbucket
repositories for
automated builds tests and deployments.
Blue-green deployment?
+
Blue-green deployment switches traffic between two identical environments to
minimize downtime during release.
Blue-green deployment?
+
Deploy a new version in parallel with the old one and switch traffic once
validated.
Build artifact?
+
Build artifact is the output of a build process such as compiled binaries
Docker
images or packages.
Build in ci/cd?
+
A build compiles source code into executable artifacts often including
dependency
resolution and packaging.
Build matrix?
+
Build matrix runs pipeline jobs across multiple environments configurations
or
versions.
Build pipeline stage?
+
A stage in a pipeline represents a major step such as build test or deploy.
Build trigger?
+
Build trigger automatically starts a pipeline based on events like commit
merge
request or schedule.
Canary deployment?
+
Canary deployment releases new changes to a small subset of users to monitor
behavior before full rollout.
Canary deployment?
+
Deploy a new version to a small subset of users to monitor stability before
full
release.
Canary monitoring?
+
Canary monitoring observes new releases for errors or performance issues
before full
rollout.
Chef in ci/cd?
+
Chef is an automation tool for managing infrastructure and deployments.
Ci/cd best practice?
+
Best practices include version control automated tests code review fast
feedback
secure secrets and monitoring.
Ci/cd metrics?
+
CI/CD metrics track build duration success rate deployment frequency mean
time to
recovery and failure rate.
Ci/cd pipeline?
+
A CI/CD pipeline is an automated sequence of stages that code goes through
from
commit to deployment.
Ci/cd security?
+
CI/CD security ensures secure code pipeline configuration secrets management
and
deployment.
Ci/cd?
+
CI/CD stands for Continuous Integration and Continuous Deployment/Delivery a
practice to automate software development testing and deployment.
Ci/cd?
+
CI (Continuous Integration) automatically builds and tests code on commit.
CD
(Continuous Deployment/Delivery) deploys it to staging or production.
Circleci?
+
CircleCI is a cloud-based CI/CD platform that automates build test and
deployment
workflows.
Code quality analysis in ci/cd?
+
Code quality analysis checks code for bugs vulnerabilities style and
maintainability
using tools like SonarQube.
Configuration file in ci/cd?
+
Configuration file defines the pipeline steps environment variables triggers
and
deployment settings.
Containerization in ci/cd?
+
Containerization packages software and dependencies into a portable
container often
using Docker.
Continuous delivery (cd)?
+
CD is the practice of automatically preparing code changes for release to
production.
Continuous deployment?
+
Continuous Deployment automatically deploys code changes to production after
passing
tests without manual intervention.
Continuous integration (ci)?
+
CI is the practice of frequently integrating code changes into a shared
repository
with automated builds and tests.
Continuous monitoring in ci/cd?
+
Continuous monitoring tracks application performance errors and metrics
post-deployment.
Dependency management in ci/cd?
+
Dependency management ensures required libraries packages and modules are
available
during builds and deployments.
Deployment frequency?
+
Deployment frequency measures how often software changes are deployed to
production.
Deployment pipeline?
+
Deployment pipeline automates the process of delivering software to
different
environments like dev test and production.
Devops?
+
DevOps is a culture and set of practices combining development and
operations to
deliver software faster and reliably.
Diffbet a pipeline and a workflow?
+
Pipeline refers to a sequence of automated steps; workflow includes
branching
approvals and manual triggers in CI/CD.
Diffbet ci and cd?
+
CI (Continuous Integration) merges code frequently, builds, and tests
automatically., CD (Continuous Delivery/Deployment) deploys tested code to
environments automatically.
Diffbet ci and nightly builds?
+
CI triggers builds on each commit; nightly builds run at scheduled times
typically
once per day.
Diffbet ci/cd and devops?
+
CI/CD is a subset of DevOps practices focused on automation; DevOps includes
culture
collaboration and infrastructure practices.
Diffbet continuous delivery and continuous deployment?
+
Continuous Delivery requires manual approval for deployment; Continuous
Deployment
is fully automated to production.
Diffbet declarative and scripted jenkins pipelines?
+
Declarative pipelines use a structured readable syntax; scripted pipelines
use
Groovy scripts with more flexibility.
Docker in ci/cd?
+
Docker is a platform to build ship and run applications in containers.
Dynamic code analysis in ci/cd?
+
Dynamic code analysis inspects running code to detect runtime errors or
performance
issues.
Feature branching in ci/cd?
+
Feature branching involves developing new features in isolated branches to
prevent
conflicts in the main branch.
Fork vs clone?
+
Fork is a copy on the server; clone is a local copy of a repo. Fork enables
collaboration via PRs.
Gitlab ci file?
+
.gitlab-ci.yml defines GitLab CI/CD pipeline stages jobs and configurations.
Gitlab ci/cd pipeline?
+
Pipeline defines jobs, stages, and scripts to automate build, test, and
deploy.
Gitlab ci/cd?
+
GitLab CI/CD is a tool integrated with GitLab for automating builds tests
and
deployments.
Gitlab runner?
+
A GitLab runner executes CI/CD jobs defined in GitLab pipelines.
Immutable infrastructure in ci/cd?
+
Immutable infrastructure involves replacing servers or environments rather
than
modifying them.
Infrastructure as code (iac)?
+
IaC automates infrastructure provisioning using code such as Terraform or
Ansible.
Integration test?
+
Integration test checks the interaction between multiple components or
systems.
Is ci/cd implemented in azure repos?
+
Using Azure Pipelines linked to repos, automatically triggering builds and
deployments.
Is ci/cd implemented in bitbucket?
+
Using Bitbucket Pipelines defined in bitbucket-pipelines.yml.
Is ci/cd implemented in github?
+
Using GitHub Actions defined in .yml workflows, triggered on push, PR, or
schedule.
Is ci/cd implemented in gitlab?
+
Using .gitlab-ci.yml and GitLab Runners to automate builds, tests, and
deployments.
Jenkins job?
+
A Jenkins job defines tasks such as build test or deploy within a CI/CD
pipeline.
Jenkins pipeline?
+
Jenkins pipeline is a set of instructions defining the stages and steps for
automated build test and deployment.
Jenkins?
+
Jenkins is an open-source automation server used for building testing and
deploying
software in CI/CD pipelines.
Jenkinsfile?
+
Jenkinsfile defines a Jenkins pipeline using code specifying stages steps
and
agents.
Key components of ci/cd pipeline?
+
Source code management build automation automated testing artifact
management
deployment automation monitoring.
Kubernetes in ci/cd?
+
Kubernetes is a container orchestration platform used to deploy scale and
manage
containers in CI/CD pipelines.
Lead time for changes?
+
Lead time measures the duration from code commit to deployment in
production.
Manual trigger?
+
Manual trigger requires user action to start a pipeline or deploy a release.
Mean time to recovery (mttr)?
+
MTTR measures the average time to recover from failures in deployment or
production.
Pipeline approval?
+
Pipeline approval requires manual authorization before proceeding to
deployment
stages.
Pipeline artifact vs build artifact?
+
Pipeline artifacts are shared between jobs/stages; build artifacts are
outputs of a
single build.
Pipeline artifact?
+
Pipeline artifact is an output from a job or stage such as binaries or
reports used
in later stages.
Pipeline as code?
+
Pipeline as code defines CI/CD pipelines using code or configuration files
enabling
version control and automation.
Pipeline as code?
+
Defining CI/CD pipelines in versioned files (YAML, Jenkinsfile) to track
changes and
standardize workflows.
Pipeline caching?
+
Pipeline caching stores dependencies or artifacts to speed up build times.
Pipeline concurrency?
+
Pipeline concurrency allows multiple pipelines or jobs to run
simultaneously.
Pipeline drift?
+
Pipeline drift occurs when pipelines are inconsistent across environments or
teams.
Pipeline environment variable?
+
Environment variable stores configuration values used by pipeline jobs.
Pipeline failure?
+
Pipeline failure occurs when a job or stage fails due to code errors test
failures
or configuration issues.
Pipeline job?
+
A job is a specific task executed in a pipeline stage like running tests or
building
artifacts.
Pipeline notifications?
+
Pipeline notifications alert teams about build or deployment status via
email Slack
or other channels.
Pipeline observability?
+
Pipeline observability monitors pipeline performance failures and
bottlenecks.
Pipeline optimization?
+
Pipeline optimization improves speed reliability and efficiency of CI/CD
processes.
Pipeline retry?
+
Pipeline retry reruns failed jobs automatically or manually.
Pipeline scheduling?
+
Pipeline scheduling triggers builds or deployments at specified times.
Pipeline visualization?
+
Pipeline visualization shows the flow of stages jobs and results
graphically.
Post-deployment testing?
+
Post-deployment testing validates functionality performance and monitoring
after
deployment.
Pre-deployment testing?
+
Pre-deployment testing validates changes in staging or test environments
before
production deployment.
Production environment?
+
Production environment is where the live application runs and is accessible
to end
users.
Puppet in ci/cd?
+
Puppet automates infrastructure configuration management and compliance.
Regression test?
+
Regression test ensures that new changes do not break existing
functionality.
Release in ci/cd?
+
Release is a version of the software ready to be deployed to production or
other
environments.
Role of a build server in ci/cd?
+
Build server automates compiling testing and packaging code changes for
integration
and deployment.
Role of automation in ci/cd?
+
Automation reduces manual intervention improves consistency speeds up
delivery and
ensures quality.
Rollback automation?
+
Rollback automation automatically reverts deployments when failures are
detected.
Rollback in ci/cd?
+
Rollback is reverting a deployment to a previous stable version in case of
issues.
Rollback strategy in ci/cd?
+
Rollback strategy defines procedures to revert deployments safely in case of
failures.
Rollback testing?
+
Rollback testing validates the rollback process and ensures previous
versions work
correctly.
Rolling deployment?
+
Rolling deployment gradually replaces old versions with new ones across
servers or
pods.
Rolling deployment?
+
Deploying updates gradually to reduce downtime and risk.
Secrets management in ci/cd?
+
Secrets management securely stores sensitive information like passwords API
keys or
certificates.
Shift-left testing in ci/cd?
+
Shift-left testing moves testing earlier in the development lifecycle to
catch
defects sooner.
Smoke test?
+
Smoke test is a preliminary test to check basic functionality before
detailed
testing.
Sonarqube in ci/cd?
+
SonarQube analyzes code quality technical debt and vulnerabilities
integrating into
CI/CD pipelines.
Staging environment?
+
Staging environment mimics production to test releases before deployment.
Static code analysis in ci/cd?
+
Static code analysis inspects code without execution to find errors security
issues
or style violations.
System test?
+
System test validates the complete and integrated software system against
requirements.
Terraform in ci/cd?
+
Terraform is an IaC tool used to define provision and manage infrastructure
declaratively.
Test environment?
+
Test environment is a setup where testing is performed to validate software
functionality and quality.
To handle secrets in ci/cd?
+
Use encrypted variables, secret management tools, or vault integration to
store
credentials securely.
To protect branches in github?
+
Use branch protection rules: require PR reviews, status checks, and restrict
who can
push.
To roll back commits in git?
+
Use git revert (creates a new commit) or git reset (rewinds history)
depending on
requirement.
Travis ci?
+
Travis CI is a hosted CI/CD service for building and testing software
projects
hosted on GitHub.
Trunk-based development?
+
Trunk-based development involves frequent commits to the main branch with
short-lived feature branches.
Unit test?
+
Unit test verifies the functionality of individual components or functions
in
isolation.
Vault in ci/cd?
+
Vault is a tool for securely storing and managing secrets and sensitive
data.
Version control in ci/cd?
+
Version control is the management of code changes using tools like Git or
SVN for
tracking and collaboration.
Version control integration?
+
CI/CD tools integrate with Git, SVN, or Mercurial to detect code changes and
trigger
pipelines.
Webhooks in github/bitbucket/gitlab?
+
Webhooks trigger external services when events occur, like push, PR, or
merge
events, enabling CI/CD and integrations.
Yaml in ci/cd?
+
YAML is a human-readable format used to define CI/CD pipeline
configurations.
You monitor ci/cd pipelines?
+
Using dashboards, logs, notifications, or metrics for build health and
performance.
A/b testing in ci/cd?
+
A/B testing compares two versions of an application to evaluate performance
or user
engagement.
Ansible in ci/cd?
+
Ansible automates configuration management provisioning and application
deployment.
Artifact promotion?
+
Artifact promotion moves build artifacts from development or staging to
production
environments.
Artifact repository?
+
Artifact repository stores build outputs libraries and packages for reuse
such as
Nexus or Artifactory.
Artifact repository?
+
Central storage for build outputs like binaries, Docker images, or NuGet
packages.
Automated deployment in ci/cd?
+
Automated deployment delivers application changes to environments without
manual
intervention.
Automated testing in ci/cd?
+
Automated testing runs tests automatically to validate code functionality
and
quality during CI/CD pipelines.
Azure devops pipelines?
+
Azure DevOps Pipelines automates builds tests and deployments in Azure
DevOps
environment.
Benefits of ci/cd?
+
Faster delivery improved code quality early bug detection reduced
integration issues
and automated workflows.
Bitbucket pipelines?
+
Bitbucket Pipelines is a CI/CD service integrated with Bitbucket
repositories for
automated builds tests and deployments.
Blue-green deployment?
+
Blue-green deployment switches traffic between two identical environments to
minimize downtime during release.
Blue-green deployment?
+
Deploy a new version in parallel with the old one and switch traffic once
validated.
Build artifact?
+
Build artifact is the output of a build process such as compiled binaries
Docker
images or packages.
Build in ci/cd?
+
A build compiles source code into executable artifacts often including
dependency
resolution and packaging.
Build matrix?
+
Build matrix runs pipeline jobs across multiple environments configurations
or
versions.
Build pipeline stage?
+
A stage in a pipeline represents a major step such as build test or deploy.
Build trigger?
+
Build trigger automatically starts a pipeline based on events like commit
merge
request or schedule.
Canary deployment?
+
Canary deployment releases new changes to a small subset of users to monitor
behavior before full rollout.
Canary deployment?
+
Deploy a new version to a small subset of users to monitor stability before
full
release.
Canary monitoring?
+
Canary monitoring observes new releases for errors or performance issues
before full
rollout.
Chef in ci/cd?
+
Chef is an automation tool for managing infrastructure and deployments.
Ci/cd best practice?
+
Best practices include version control automated tests code review fast
feedback
secure secrets and monitoring.
Ci/cd metrics?
+
CI/CD metrics track build duration success rate deployment frequency mean
time to
recovery and failure rate.
Ci/cd pipeline?
+
A CI/CD pipeline is an automated sequence of stages that code goes through
from
commit to deployment.
Ci/cd security?
+
CI/CD security ensures secure code pipeline configuration secrets management
and
deployment.
Ci/cd?
+
CI/CD stands for Continuous Integration and Continuous Deployment/Delivery a
practice to automate software development testing and deployment.
Ci/cd?
+
CI (Continuous Integration) automatically builds and tests code on commit.
CD
(Continuous Deployment/Delivery) deploys it to staging or production.
Circleci?
+
CircleCI is a cloud-based CI/CD platform that automates build test and
deployment
workflows.
Code quality analysis in ci/cd?
+
Code quality analysis checks code for bugs vulnerabilities style and
maintainability
using tools like SonarQube.
Configuration file in ci/cd?
+
Configuration file defines the pipeline steps environment variables triggers
and
deployment settings.
Containerization in ci/cd?
+
Containerization packages software and dependencies into a portable
container often
using Docker.
Continuous delivery (cd)?
+
CD is the practice of automatically preparing code changes for release to
production.
Continuous deployment?
+
Continuous Deployment automatically deploys code changes to production after
passing
tests without manual intervention.
Continuous integration (ci)?
+
CI is the practice of frequently integrating code changes into a shared
repository
with automated builds and tests.
Continuous monitoring in ci/cd?
+
Continuous monitoring tracks application performance errors and metrics
post-deployment.
Dependency management in ci/cd?
+
Dependency management ensures required libraries packages and modules are
available
during builds and deployments.
Deployment frequency?
+
Deployment frequency measures how often software changes are deployed to
production.
Deployment pipeline?
+
Deployment pipeline automates the process of delivering software to
different
environments like dev test and production.
Devops?
+
DevOps is a culture and set of practices combining development and
operations to
deliver software faster and reliably.
Diffbet a pipeline and a workflow?
+
Pipeline refers to a sequence of automated steps; workflow includes
branching
approvals and manual triggers in CI/CD.
Diffbet ci and cd?
+
CI (Continuous Integration) merges code frequently, builds, and tests
automatically., CD (Continuous Delivery/Deployment) deploys tested code to
environments automatically.
Diffbet ci and nightly builds?
+
CI triggers builds on each commit; nightly builds run at scheduled times
typically
once per day.
Diffbet ci/cd and devops?
+
CI/CD is a subset of DevOps practices focused on automation; DevOps includes
culture
collaboration and infrastructure practices.
Diffbet continuous delivery and continuous deployment?
+
Continuous Delivery requires manual approval for deployment; Continuous
Deployment
is fully automated to production.
Diffbet declarative and scripted jenkins pipelines?
+
Declarative pipelines use a structured readable syntax; scripted pipelines
use
Groovy scripts with more flexibility.
Docker in ci/cd?
+
Docker is a platform to build ship and run applications in containers.
Dynamic code analysis in ci/cd?
+
Dynamic code analysis inspects running code to detect runtime errors or
performance
issues.
Feature branching in ci/cd?
+
Feature branching involves developing new features in isolated branches to
prevent
conflicts in the main branch.
Fork vs clone?
+
Fork is a copy on the server; clone is a local copy of a repo. Fork enables
collaboration via PRs.
Gitlab ci file?
+
.gitlab-ci.yml defines GitLab CI/CD pipeline stages jobs and configurations.
Gitlab ci/cd pipeline?
+
Pipeline defines jobs, stages, and scripts to automate build, test, and
deploy.
Gitlab ci/cd?
+
GitLab CI/CD is a tool integrated with GitLab for automating builds tests
and
deployments.
Gitlab runner?
+
A GitLab runner executes CI/CD jobs defined in GitLab pipelines.
Immutable infrastructure in ci/cd?
+
Immutable infrastructure involves replacing servers or environments rather
than
modifying them.
Infrastructure as code (iac)?
+
IaC automates infrastructure provisioning using code such as Terraform or
Ansible.
Integration test?
+
Integration test checks the interaction between multiple components or
systems.
Is ci/cd implemented in azure repos?
+
Using Azure Pipelines linked to repos, automatically triggering builds and
deployments.
Is ci/cd implemented in bitbucket?
+
Using Bitbucket Pipelines defined in bitbucket-pipelines.yml.
Is ci/cd implemented in github?
+
Using GitHub Actions defined in .yml workflows, triggered on push, PR, or
schedule.
Is ci/cd implemented in gitlab?
+
Using .gitlab-ci.yml and GitLab Runners to automate builds, tests, and
deployments.
Jenkins job?
+
A Jenkins job defines tasks such as build test or deploy within a CI/CD
pipeline.
Jenkins pipeline?
+
Jenkins pipeline is a set of instructions defining the stages and steps for
automated build test and deployment.
Jenkins?
+
Jenkins is an open-source automation server used for building testing and
deploying
software in CI/CD pipelines.
Jenkinsfile?
+
Jenkinsfile defines a Jenkins pipeline using code specifying stages steps
and
agents.
Key components of ci/cd pipeline?
+
Source code management build automation automated testing artifact
management
deployment automation monitoring.
Kubernetes in ci/cd?
+
Kubernetes is a container orchestration platform used to deploy scale and
manage
containers in CI/CD pipelines.
Lead time for changes?
+
Lead time measures the duration from code commit to deployment in
production.
Manual trigger?
+
Manual trigger requires user action to start a pipeline or deploy a release.
Mean time to recovery (mttr)?
+
MTTR measures the average time to recover from failures in deployment or
production.
Pipeline approval?
+
Pipeline approval requires manual authorization before proceeding to
deployment
stages.
Pipeline artifact vs build artifact?
+
Pipeline artifacts are shared between jobs/stages; build artifacts are
outputs of a
single build.
Pipeline artifact?
+
Pipeline artifact is an output from a job or stage such as binaries or
reports used
in later stages.
Pipeline as code?
+
Pipeline as code defines CI/CD pipelines using code or configuration files
enabling
version control and automation.
Pipeline as code?
+
Defining CI/CD pipelines in versioned files (YAML, Jenkinsfile) to track
changes and
standardize workflows.
Pipeline caching?
+
Pipeline caching stores dependencies or artifacts to speed up build times.
Pipeline concurrency?
+
Pipeline concurrency allows multiple pipelines or jobs to run
simultaneously.
Pipeline drift?
+
Pipeline drift occurs when pipelines are inconsistent across environments or
teams.
Pipeline environment variable?
+
Environment variable stores configuration values used by pipeline jobs.
Pipeline failure?
+
Pipeline failure occurs when a job or stage fails due to code errors test
failures
or configuration issues.
Pipeline job?
+
A job is a specific task executed in a pipeline stage like running tests or
building
artifacts.
Pipeline notifications?
+
Pipeline notifications alert teams about build or deployment status via
email Slack
or other channels.
Pipeline observability?
+
Pipeline observability monitors pipeline performance failures and
bottlenecks.
Pipeline optimization?
+
Pipeline optimization improves speed reliability and efficiency of CI/CD
processes.
Pipeline retry?
+
Pipeline retry reruns failed jobs automatically or manually.
Pipeline scheduling?
+
Pipeline scheduling triggers builds or deployments at specified times.
Pipeline visualization?
+
Pipeline visualization shows the flow of stages jobs and results
graphically.
Post-deployment testing?
+
Post-deployment testing validates functionality performance and monitoring
after
deployment.
Pre-deployment testing?
+
Pre-deployment testing validates changes in staging or test environments
before
production deployment.
Production environment?
+
Production environment is where the live application runs and is accessible
to end
users.
Puppet in ci/cd?
+
Puppet automates infrastructure configuration management and compliance.
Regression test?
+
Regression test ensures that new changes do not break existing
functionality.
Release in ci/cd?
+
Release is a version of the software ready to be deployed to production or
other
environments.
Role of a build server in ci/cd?
+
Build server automates compiling testing and packaging code changes for
integration
and deployment.
Role of automation in ci/cd?
+
Automation reduces manual intervention improves consistency speeds up
delivery and
ensures quality.
Rollback automation?
+
Rollback automation automatically reverts deployments when failures are
detected.
Rollback in ci/cd?
+
Rollback is reverting a deployment to a previous stable version in case of
issues.
Rollback strategy in ci/cd?
+
Rollback strategy defines procedures to revert deployments safely in case of
failures.
Rollback testing?
+
Rollback testing validates the rollback process and ensures previous
versions work
correctly.
Rolling deployment?
+
Rolling deployment gradually replaces old versions with new ones across
servers or
pods.
Rolling deployment?
+
Deploying updates gradually to reduce downtime and risk.
Secrets management in ci/cd?
+
Secrets management securely stores sensitive information like passwords API
keys or
certificates.
Shift-left testing in ci/cd?
+
Shift-left testing moves testing earlier in the development lifecycle to
catch
defects sooner.
Smoke test?
+
Smoke test is a preliminary test to check basic functionality before
detailed
testing.
Sonarqube in ci/cd?
+
SonarQube analyzes code quality technical debt and vulnerabilities
integrating into
CI/CD pipelines.
Staging environment?
+
Staging environment mimics production to test releases before deployment.
Static code analysis in ci/cd?
+
Static code analysis inspects code without execution to find errors security
issues
or style violations.
System test?
+
System test validates the complete and integrated software system against
requirements.
Terraform in ci/cd?
+
Terraform is an IaC tool used to define provision and manage infrastructure
declaratively.
Test environment?
+
Test environment is a setup where testing is performed to validate software
functionality and quality.
To handle secrets in ci/cd?
+
Use encrypted variables, secret management tools, or vault integration to
store
credentials securely.
To protect branches in github?
+
Use branch protection rules: require PR reviews, status checks, and restrict
who can
push.
To roll back commits in git?
+
Use git revert (creates a new commit) or git reset (rewinds history)
depending on
requirement.
Travis ci?
+
Travis CI is a hosted CI/CD service for building and testing software
projects
hosted on GitHub.
Trunk-based development?
+
Trunk-based development involves frequent commits to the main branch with
short-lived feature branches.
Unit test?
+
Unit test verifies the functionality of individual components or functions
in
isolation.
Vault in ci/cd?
+
Vault is a tool for securely storing and managing secrets and sensitive
data.
Version control in ci/cd?
+
Version control is the management of code changes using tools like Git or
SVN for
tracking and collaboration.
Version control integration?
+
CI/CD tools integrate with Git, SVN, or Mercurial to detect code changes and
trigger
pipelines.
Webhooks in github/bitbucket/gitlab?
+
Webhooks trigger external services when events occur, like push, PR, or
merge
events, enabling CI/CD and integrations.
Yaml in ci/cd?
+
YAML is a human-readable format used to define CI/CD pipeline
configurations.
You monitor ci/cd pipelines?
+
Using dashboards, logs, notifications, or metrics for build health and
performance.
What is CI/CD?
+
CI/CD stands for Continuous Integration and Continuous Delivery/Deployment
to
automate build, test, and release.
What is Continuous Integration (CI)?
+
CI automatically builds and tests code whenever changes are committed.
What is Continuous Delivery (CD)?
+
Continuous Delivery prepares tested code for release with manual approval.
What is Continuous Deployment?
+
Continuous Deployment automatically deploys code to production without
manual
approval.
What is the main goal of CI/CD?
+
To deliver software faster with higher quality and lower risk.
What is a CI/CD pipeline?
+
A pipeline is an automated sequence of stages from code commit to
deployment.
What are common CI/CD pipeline stages?
+
Source, Build, Test, Quality Scan, Package, Deploy, Monitor.
What is automation in CI/CD?
+
Automation eliminates manual steps in build, test, and deployment processes.
What is fast feedback in CI/CD?
+
Fast feedback quickly informs developers about build or test failures.
What is version control in CI/CD?
+
Version control manages source code changes using tools like Git.
What is a build server?
+
A build server compiles, tests, and packages code automatically.
What is a build artifact?
+
A build artifact is the output of a build such as binaries, packages, or
images.
What is artifact promotion?
+
Artifact promotion moves verified artifacts between environments.
What is an artifact repository?
+
A centralized storage for build outputs like Nexus or Artifactory.
What are benefits of CI/CD?
+
Faster delivery, early bug detection, reduced risk, and automation.
What are CI/CD pipeline components?
+
CI/CD pipeline components are automated steps that move code from commit to
production.
What is the source stage in CI/CD?
+
The source stage retrieves code from version control systems.
What happens in the build stage?
+
Source code is compiled and packaged into deployable artifacts.
What is the test stage in CI/CD?
+
Automated tests validate code functionality and quality.
What types of tests are run in CI/CD?
+
Unit, integration, functional, security, and performance tests.
What is static code analysis?
+
Analyzing code without execution to detect defects and vulnerabilities.
What is quality gate in CI/CD?
+
A checkpoint that enforces quality standards before promotion.
What is artifact storage stage?
+
Storing build outputs in an artifact repository.
What is deployment stage?
+
Releasing artifacts to target environments.
What is post-deployment validation?
+
Verifying application health after deployment.
What is monitoring stage?
+
Tracking application performance and system health.
What is rollback stage?
+
Reverting to a previous stable version when deployment fails.
What is pipeline orchestration?
+
Managing execution order and dependencies of pipeline stages.
What is pipeline as code?
+
Defining CI/CD pipelines using configuration files.
Why is pipeline as code important?
+
It enables versioning, reuse, and consistency.
What are CI/CD tools?
+
CI/CD tools automate building, testing, and deploying software.
What is Jenkins?
+
Jenkins is an open-source automation server for CI/CD pipelines.
What is GitHub Actions?
+
GitHub Actions is a CI/CD service integrated with GitHub repositories.
What is GitLab CI/CD?
+
GitLab CI/CD provides built-in CI/CD pipelines within GitLab.
What is Azure DevOps?
+
Azure DevOps offers CI/CD pipelines, repos, and project management tools.
What is Bitbucket Pipelines?
+
Bitbucket Pipelines is a CI/CD service integrated with Bitbucket.
What is CircleCI?
+
CircleCI is a cloud-based CI/CD platform.
What is Travis CI?
+
Travis CI is a hosted CI/CD service.
What is Argo CD?
+
Argo CD is a GitOps-based continuous delivery tool.
What is Tekton?
+
Tekton is a Kubernetes-native CI/CD framework.
What is Spinnaker?
+
Spinnaker is a multi-cloud continuous delivery platform.
What is CI/CD tool integration?
+
Connecting CI/CD tools with SCM, testing, and deployment systems.
What is self-hosted vs cloud CI/CD?
+
Self-hosted runs on own servers; cloud CI/CD runs on provider
infrastructure.
What factors influence CI/CD tool selection?
+
Scalability, integration, cost, security, and team expertise.
Why are containers used in CI/CD?
+
Containers provide consistent, reproducible build and runtime environments.
What is Docker’s role in CI/CD?
+
Docker packages applications and dependencies into portable images.
What is a container image in CI/CD?
+
A container image is a versioned build artifact used for deployment.
What is container registry?
+
A container registry stores and distributes container images.
What is Kubernetes’ role in CI/CD?
+
Kubernetes orchestrates container deployment, scaling, and management.
What is CI/CD pipeline for Kubernetes?
+
A pipeline that builds images and deploys them to Kubernetes clusters.
What is rolling deployment in Kubernetes?
+
Updating pods gradually to avoid downtime.
What is blue-green deployment in Kubernetes?
+
Switching traffic between two identical environments.
What is canary deployment in Kubernetes?
+
Releasing changes to a small subset of users before full rollout.
What is Helm in CI/CD?
+
Helm is a package manager for Kubernetes deployments.
What is GitOps?
+
GitOps manages deployments using Git as the source of truth.
What is Argo CD used for?
+
Argo CD continuously deploys applications from Git to Kubernetes.
What is image scanning in CI/CD?
+
Scanning container images for vulnerabilities.
What is Kubernetes manifest?
+
A YAML file defining Kubernetes resources.
What are deployment strategies in CI/CD?
+
Deployment strategies define how new application versions are released
safely.
What is rolling deployment?
+
Rolling deployment updates instances gradually without downtime.
What is blue-green deployment?
+
Blue-green deployment switches traffic between old and new versions.
What is canary deployment?
+
Canary deployment releases changes to a small user group first.
What is feature toggle?
+
Feature toggle enables or disables features without redeployment.
What is rollback in CI/CD?
+
Rollback restores the system to a previous stable version.
When is rollback required?
+
When deployments fail or critical issues occur.
What is release management?
+
Release management plans, schedules, and controls software releases.
What is release approval gate?
+
A manual or automated checkpoint before production deployment.
What is zero-downtime deployment?
+
Deployments that avoid service interruption.
What is release artifact?
+
A verified build ready for deployment.
What is environment promotion?
+
Moving artifacts across dev, test, and production environments.
What is deployment automation?
+
Automating deployment steps to reduce errors.
What is deployment verification?
+
Validating application health after deployment.
What is CI/CD security?
+
CI/CD security protects pipelines, code, and artifacts from vulnerabilities
and
attacks.
What is DevSecOps?
+
DevSecOps integrates security practices into CI/CD pipelines.
What is shift-left security?
+
Shift-left security moves security checks earlier in the pipeline.
What is static application security testing (SAST)?
+
SAST analyzes source code for vulnerabilities without executing it.
What is dynamic application security testing (DAST)?
+
DAST tests running applications for security vulnerabilities.
What is dependency scanning?
+
Scanning third-party libraries for known vulnerabilities.
What is container image scanning?
+
Checking container images for security flaws before deployment.
What is secrets management in CI/CD?
+
Securely storing and accessing credentials and sensitive data.
What is compliance in CI/CD?
+
Ensuring pipelines follow regulatory and organizational standards.
What is audit logging in CI/CD?
+
Recording pipeline actions for traceability and compliance.
What is a quality gate?
+
A checkpoint that enforces quality, security, or compliance criteria.
What happens when a quality gate fails?
+
The pipeline stops and prevents promotion to the next stage.
What is policy-as-code?
+
Defining security and compliance rules using code.
Why are quality gates important?
+
They prevent insecure or low-quality code from reaching production.
What is monitoring in CI/CD?
+
Monitoring tracks pipeline health, application performance, and deployment
outcomes.
Why is monitoring important in CI/CD?
+
It provides visibility, detects failures early, and improves reliability.
What are CI/CD metrics?
+
Measurements used to evaluate pipeline performance and efficiency.
What is deployment frequency?
+
How often code is successfully deployed to production.
What is lead time for changes?
+
Time taken from code commit to production deployment.
What is mean time to recovery (MTTR)?
+
Average time required to restore service after failure.
What is change failure rate?
+
Percentage of deployments causing failures or rollbacks.
What are DORA metrics?
+
Deployment frequency, lead time, MTTR, and change failure rate.
What is feedback loop in CI/CD?
+
Continuous feedback from builds, tests, and monitoring to developers.
What is alerting in CI/CD?
+
Notifying teams when failures or anomalies occur.
What is pipeline observability?
+
Visibility into pipeline execution, logs, and metrics.
What is log aggregation?
+
Collecting logs from pipelines and deployed systems centrally.
What is post-deployment monitoring?
+
Tracking application health after release.
How do feedback loops improve CI/CD?
+
They enable rapid learning and continuous improvement.
A/b testing in ci/cd?
+
A/B testing compares two versions of an application to evaluate performance
or user
engagement.
Ansible in ci/cd?
+
Ansible automates configuration management provisioning and application
deployment.
Artifact promotion?
+
Artifact promotion moves build artifacts from development or staging to
production
environments.
Artifact repository?
+
Artifact repository stores build outputs libraries and packages for reuse
such as
Nexus or Artifactory.
Artifact repository?
+
Central storage for build outputs like binaries, Docker images, or NuGet
packages.
Automated deployment in ci/cd?
+
Automated deployment delivers application changes to environments without
manual
intervention.
Automated testing in ci/cd?
+
Automated testing runs tests automatically to validate code functionality
and
quality during CI/CD pipelines.
Azure devops pipelines?
+
Azure DevOps Pipelines automates builds tests and deployments in Azure
DevOps
environment.
Benefits of ci/cd?
+
Faster delivery improved code quality early bug detection reduced
integration issues
and automated workflows.
Bitbucket pipelines?
+
Bitbucket Pipelines is a CI/CD service integrated with Bitbucket
repositories for
automated builds tests and deployments.
Blue-green deployment?
+
Blue-green deployment switches traffic between two identical environments to
minimize downtime during release.
Blue-green deployment?
+
Deploy a new version in parallel with the old one and switch traffic once
validated.
Build artifact?
+
Build artifact is the output of a build process such as compiled binaries
Docker
images or packages.
Build in ci/cd?
+
A build compiles source code into executable artifacts often including
dependency
resolution and packaging.
Build matrix?
+
Build matrix runs pipeline jobs across multiple environments configurations
or
versions.
Build pipeline stage?
+
A stage in a pipeline represents a major step such as build test or deploy.
Build trigger?
+
Build trigger automatically starts a pipeline based on events like commit
merge
request or schedule.
Canary deployment?
+
Canary deployment releases new changes to a small subset of users to monitor
behavior before full rollout.
Canary deployment?
+
Deploy a new version to a small subset of users to monitor stability before
full
release.
Canary monitoring?
+
Canary monitoring observes new releases for errors or performance issues
before full
rollout.
Chef in ci/cd?
+
Chef is an automation tool for managing infrastructure and deployments.
Ci/cd best practice?
+
Best practices include version control automated tests code review fast
feedback
secure secrets and monitoring.
Ci/cd metrics?
+
CI/CD metrics track build duration success rate deployment frequency mean
time to
recovery and failure rate.
Ci/cd pipeline?
+
A CI/CD pipeline is an automated sequence of stages that code goes through
from
commit to deployment.
Ci/cd security?
+
CI/CD security ensures secure code pipeline configuration secrets management
and
deployment.
Ci/cd?
+
CI/CD stands for Continuous Integration and Continuous Deployment/Delivery a
practice to automate software development testing and deployment.
Ci/cd?
+
CI (Continuous Integration) automatically builds and tests code on commit.
CD
(Continuous Deployment/Delivery) deploys it to staging or production.
Circleci?
+
CircleCI is a cloud-based CI/CD platform that automates build test and
deployment
workflows.
Code quality analysis in ci/cd?
+
Code quality analysis checks code for bugs vulnerabilities style and
maintainability
using tools like SonarQube.
Configuration file in ci/cd?
+
Configuration file defines the pipeline steps environment variables triggers
and
deployment settings.
Containerization in ci/cd?
+
Containerization packages software and dependencies into a portable
container often
using Docker.
Continuous delivery (cd)?
+
CD is the practice of automatically preparing code changes for release to
production.
Continuous deployment?
+
Continuous Deployment automatically deploys code changes to production after
passing
tests without manual intervention.
Continuous integration (ci)?
+
CI is the practice of frequently integrating code changes into a shared
repository
with automated builds and tests.
Continuous monitoring in ci/cd?
+
Continuous monitoring tracks application performance errors and metrics
post-deployment.
Dependency management in ci/cd?
+
Dependency management ensures required libraries packages and modules are
available
during builds and deployments.
Deployment frequency?
+
Deployment frequency measures how often software changes are deployed to
production.
Deployment pipeline?
+
Deployment pipeline automates the process of delivering software to
different
environments like dev test and production.
Devops?
+
DevOps is a culture and set of practices combining development and
operations to
deliver software faster and reliably.
Diffbet a pipeline and a workflow?
+
Pipeline refers to a sequence of automated steps; workflow includes
branching
approvals and manual triggers in CI/CD.
Diffbet ci and cd?
+
CI (Continuous Integration) merges code frequently, builds, and tests
automatically., CD (Continuous Delivery/Deployment) deploys tested code to
environments automatically.
Diffbet ci and nightly builds?
+
CI triggers builds on each commit; nightly builds run at scheduled times
typically
once per day.
Diffbet ci/cd and devops?
+
CI/CD is a subset of DevOps practices focused on automation; DevOps includes
culture
collaboration and infrastructure practices.
Diffbet continuous delivery and continuous deployment?
+
Continuous Delivery requires manual approval for deployment; Continuous
Deployment
is fully automated to production.
Diffbet declarative and scripted jenkins pipelines?
+
Declarative pipelines use a structured readable syntax; scripted pipelines
use
Groovy scripts with more flexibility.
Docker in ci/cd?
+
Docker is a platform to build ship and run applications in containers.
Dynamic code analysis in ci/cd?
+
Dynamic code analysis inspects running code to detect runtime errors or
performance
issues.
Feature branching in ci/cd?
+
Feature branching involves developing new features in isolated branches to
prevent
conflicts in the main branch.
Fork vs clone?
+
Fork is a copy on the server; clone is a local copy of a repo. Fork enables
collaboration via PRs.
Gitlab ci file?
+
.gitlab-ci.yml defines GitLab CI/CD pipeline stages jobs and configurations.
Gitlab ci/cd pipeline?
+
Pipeline defines jobs, stages, and scripts to automate build, test, and
deploy.
Gitlab ci/cd?
+
GitLab CI/CD is a tool integrated with GitLab for automating builds tests
and
deployments.
Gitlab runner?
+
A GitLab runner executes CI/CD jobs defined in GitLab pipelines.
Immutable infrastructure in ci/cd?
+
Immutable infrastructure involves replacing servers or environments rather
than
modifying them.
Infrastructure as code (iac)?
+
IaC automates infrastructure provisioning using code such as Terraform or
Ansible.
Integration test?
+
Integration test checks the interaction between multiple components or
systems.
Is ci/cd implemented in azure repos?
+
Using Azure Pipelines linked to repos, automatically triggering builds and
deployments.
Is ci/cd implemented in bitbucket?
+
Using Bitbucket Pipelines defined in bitbucket-pipelines.yml.
Is ci/cd implemented in github?
+
Using GitHub Actions defined in .yml workflows, triggered on push, PR, or
schedule.
Is ci/cd implemented in gitlab?
+
Using .gitlab-ci.yml and GitLab Runners to automate builds, tests, and
deployments.
Jenkins job?
+
A Jenkins job defines tasks such as build test or deploy within a CI/CD
pipeline.
Jenkins pipeline?
+
Jenkins pipeline is a set of instructions defining the stages and steps for
automated build test and deployment.
Jenkins?
+
Jenkins is an open-source automation server used for building testing and
deploying
software in CI/CD pipelines.
Jenkinsfile?
+
Jenkinsfile defines a Jenkins pipeline using code specifying stages steps
and
agents.
Key components of ci/cd pipeline?
+
Source code management build automation automated testing artifact
management
deployment automation monitoring.
Kubernetes in ci/cd?
+
Kubernetes is a container orchestration platform used to deploy scale and
manage
containers in CI/CD pipelines.
Lead time for changes?
+
Lead time measures the duration from code commit to deployment in
production.
Manual trigger?
+
Manual trigger requires user action to start a pipeline or deploy a release.
Mean time to recovery (mttr)?
+
MTTR measures the average time to recover from failures in deployment or
production.
Pipeline approval?
+
Pipeline approval requires manual authorization before proceeding to
deployment
stages.
Pipeline artifact vs build artifact?
+
Pipeline artifacts are shared between jobs/stages; build artifacts are
outputs of a
single build.
Pipeline artifact?
+
Pipeline artifact is an output from a job or stage such as binaries or
reports used
in later stages.
Pipeline as code?
+
Pipeline as code defines CI/CD pipelines using code or configuration files
enabling
version control and automation.
Pipeline as code?
+
Defining CI/CD pipelines in versioned files (YAML, Jenkinsfile) to track
changes and
standardize workflows.
Pipeline caching?
+
Pipeline caching stores dependencies or artifacts to speed up build times.
Pipeline concurrency?
+
Pipeline concurrency allows multiple pipelines or jobs to run
simultaneously.
Pipeline drift?
+
Pipeline drift occurs when pipelines are inconsistent across environments or
teams.
Pipeline environment variable?
+
Environment variable stores configuration values used by pipeline jobs.
Pipeline failure?
+
Pipeline failure occurs when a job or stage fails due to code errors test
failures
or configuration issues.
Pipeline job?
+
A job is a specific task executed in a pipeline stage like running tests or
building
artifacts.
Pipeline notifications?
+
Pipeline notifications alert teams about build or deployment status via
email Slack
or other channels.
Pipeline observability?
+
Pipeline observability monitors pipeline performance failures and
bottlenecks.
Pipeline optimization?
+
Pipeline optimization improves speed reliability and efficiency of CI/CD
processes.
Pipeline retry?
+
Pipeline retry reruns failed jobs automatically or manually.
Pipeline scheduling?
+
Pipeline scheduling triggers builds or deployments at specified times.
Pipeline visualization?
+
Pipeline visualization shows the flow of stages jobs and results
graphically.
Post-deployment testing?
+
Post-deployment testing validates functionality performance and monitoring
after
deployment.
Pre-deployment testing?
+
Pre-deployment testing validates changes in staging or test environments
before
production deployment.
Production environment?
+
Production environment is where the live application runs and is accessible
to end
users.
Puppet in ci/cd?
+
Puppet automates infrastructure configuration management and compliance.
Regression test?
+
Regression test ensures that new changes do not break existing
functionality.
Release in ci/cd?
+
Release is a version of the software ready to be deployed to production or
other
environments.
Role of a build server in ci/cd?
+
Build server automates compiling testing and packaging code changes for
integration
and deployment.
Role of automation in ci/cd?
+
Automation reduces manual intervention improves consistency speeds up
delivery and
ensures quality.
Rollback automation?
+
Rollback automation automatically reverts deployments when failures are
detected.
Rollback in ci/cd?
+
Rollback is reverting a deployment to a previous stable version in case of
issues.
Rollback strategy in ci/cd?
+
Rollback strategy defines procedures to revert deployments safely in case of
failures.
Rollback testing?
+
Rollback testing validates the rollback process and ensures previous
versions work
correctly.
Rolling deployment?
+
Rolling deployment gradually replaces old versions with new ones across
servers or
pods.
Rolling deployment?
+
Deploying updates gradually to reduce downtime and risk.
Secrets management in ci/cd?
+
Secrets management securely stores sensitive information like passwords API
keys or
certificates.
Shift-left testing in ci/cd?
+
Shift-left testing moves testing earlier in the development lifecycle to
catch
defects sooner.
Smoke test?
+
Smoke test is a preliminary test to check basic functionality before
detailed
testing.
Sonarqube in ci/cd?
+
SonarQube analyzes code quality technical debt and vulnerabilities
integrating into
CI/CD pipelines.
Staging environment?
+
Staging environment mimics production to test releases before deployment.
Static code analysis in ci/cd?
+
Static code analysis inspects code without execution to find errors security
issues
or style violations.
System test?
+
System test validates the complete and integrated software system against
requirements.
Terraform in ci/cd?
+
Terraform is an IaC tool used to define provision and manage infrastructure
declaratively.
Test environment?
+
Test environment is a setup where testing is performed to validate software
functionality and quality.
To handle secrets in ci/cd?
+
Use encrypted variables, secret management tools, or vault integration to
store
credentials securely.
To protect branches in github?
+
Use branch protection rules: require PR reviews, status checks, and restrict
who can
push.
To roll back commits in git?
+
Use git revert (creates a new commit) or git reset (rewinds history)
depending on
requirement.
Travis ci?
+
Travis CI is a hosted CI/CD service for building and testing software
projects
hosted on GitHub.
Trunk-based development?
+
Trunk-based development involves frequent commits to the main branch with
short-lived feature branches.
Unit test?
+
Unit test verifies the functionality of individual components or functions
in
isolation.
Vault in ci/cd?
+
Vault is a tool for securely storing and managing secrets and sensitive
data.
Version control in ci/cd?
+
Version control is the management of code changes using tools like Git or
SVN for
tracking and collaboration.
Version control integration?
+
CI/CD tools integrate with Git, SVN, or Mercurial to detect code changes and
trigger
pipelines.
Webhooks in github/bitbucket/gitlab?
+
Webhooks trigger external services when events occur, like push, PR, or
merge
events, enabling CI/CD and integrations.
Yaml in ci/cd?
+
YAML is a human-readable format used to define CI/CD pipeline
configurations.
You monitor ci/cd pipelines?
+
Using dashboards, logs, notifications, or metrics for build health and
performance.
JKM Clean Architecture
Clean architecture?
+
A design pattern where dependencies flow inward, separating core business
logic from
frameworks, UI, and infrastructure.
Dependency rule?
+
Dependencies should always point inward toward high-level policies, not
toward
external frameworks or infrastructure.
Diffbet entity and dto?
+
Entity represents domain data with behavior; DTO is a simple data carrier
between
layers or services.
Diffbet layered and clean architecture?
+
Layered architecture is strictly horizontal; Clean Architecture emphasizes
dependency inversion and decouples business logic from external concerns.
Does clean architecture support testing?
+
Business rules are isolated from UI and DB, allowing unit tests without
mocking
infrastructure.
Does it handle frameworks?
+
Frameworks are plug-ins; the core domain does not depend on frameworks,
enabling
easy replacement.
Example: using clean architecture in c#
+
Domain → core entities, Application → services/use cases, Infrastructure →
DB, API →
controllers.
Key layers?
+
Entities (core business), Use Cases (application logic), Interface Adapters
(controllers/gateways), and Frameworks/Drivers (DB, UI).
Use case interactor?
+
An application service that orchestrates business rules for a specific use
case.
Use clean architecture?
+
It improves testability, maintainability, decoupling, and allows technology
changes
without impacting core logic.
Clean architecture?
+
A design pattern where dependencies flow inward, separating core business
logic from
frameworks, UI, and infrastructure.
Dependency rule?
+
Dependencies should always point inward toward high-level policies, not
toward
external frameworks or infrastructure.
Diffbet entity and dto?
+
Entity represents domain data with behavior; DTO is a simple data carrier
between
layers or services.
Diffbet layered and clean architecture?
+
Layered architecture is strictly horizontal; Clean Architecture emphasizes
dependency inversion and decouples business logic from external concerns.
Does clean architecture support testing?
+
Business rules are isolated from UI and DB, allowing unit tests without
mocking
infrastructure.
Does it handle frameworks?
+
Frameworks are plug-ins; the core domain does not depend on frameworks,
enabling
easy replacement.
Example: using clean architecture in c#
+
Domain → core entities, Application → services/use cases, Infrastructure →
DB, API →
controllers.
Key layers?
+
Entities (core business), Use Cases (application logic), Interface Adapters
(controllers/gateways), and Frameworks/Drivers (DB, UI).
Use case interactor?
+
An application service that orchestrates business rules for a specific use
case.
Use clean architecture?
+
It improves testability, maintainability, decoupling, and allows technology
changes
without impacting core logic.
Clean architecture?
+
A design pattern where dependencies flow inward, separating core business
logic from
frameworks, UI, and infrastructure.
Dependency rule?
+
Dependencies should always point inward toward high-level policies, not
toward
external frameworks or infrastructure.
Diffbet entity and dto?
+
Entity represents domain data with behavior; DTO is a simple data carrier
between
layers or services.
Diffbet layered and clean architecture?
+
Layered architecture is strictly horizontal; Clean Architecture emphasizes
dependency inversion and decouples business logic from external concerns.
Does clean architecture support testing?
+
Business rules are isolated from UI and DB, allowing unit tests without
mocking
infrastructure.
Does it handle frameworks?
+
Frameworks are plug-ins; the core domain does not depend on frameworks,
enabling
easy replacement.
Example: using clean architecture in c#
+
Domain → core entities, Application → services/use cases, Infrastructure →
DB, API →
controllers.
Key layers?
+
Entities (core business), Use Cases (application logic), Interface Adapters
(controllers/gateways), and Frameworks/Drivers (DB, UI).
Use case interactor?
+
An application service that orchestrates business rules for a specific use
case.
Use clean architecture?
+
It improves testability, maintainability, decoupling, and allows technology
changes
without impacting core logic.
Clean architecture?
+
A design pattern where dependencies flow inward, separating core business
logic from
frameworks, UI, and infrastructure.
Dependency rule?
+
Dependencies should always point inward toward high-level policies, not
toward
external frameworks or infrastructure.
Diffbet entity and dto?
+
Entity represents domain data with behavior; DTO is a simple data carrier
between
layers or services.
Diffbet layered and clean architecture?
+
Layered architecture is strictly horizontal; Clean Architecture emphasizes
dependency inversion and decouples business logic from external concerns.
Does clean architecture support testing?
+
Business rules are isolated from UI and DB, allowing unit tests without
mocking
infrastructure.
Does it handle frameworks?
+
Frameworks are plug-ins; the core domain does not depend on frameworks,
enabling
easy replacement.
Example: using clean architecture in c#
+
Domain → core entities, Application → services/use cases, Infrastructure →
DB, API →
controllers.
Key layers?
+
Entities (core business), Use Cases (application logic), Interface Adapters
(controllers/gateways), and Frameworks/Drivers (DB, UI).
Use case interactor?
+
An application service that orchestrates business rules for a specific use
case.
Use clean architecture?
+
It improves testability, maintainability, decoupling, and allows technology
changes
without impacting core logic.
Clean architecture?
+
A design pattern where dependencies flow inward, separating core business
logic from
frameworks, UI, and infrastructure.
Dependency rule?
+
Dependencies should always point inward toward high-level policies, not
toward
external frameworks or infrastructure.
Diffbet entity and dto?
+
Entity represents domain data with behavior; DTO is a simple data carrier
between
layers or services.
Diffbet layered and clean architecture?
+
Layered architecture is strictly horizontal; Clean Architecture emphasizes
dependency inversion and decouples business logic from external concerns.
Does clean architecture support testing?
+
Business rules are isolated from UI and DB, allowing unit tests without
mocking
infrastructure.
Does it handle frameworks?
+
Frameworks are plug-ins; the core domain does not depend on frameworks,
enabling
easy replacement.
Example: using clean architecture in c#
+
Domain → core entities, Application → services/use cases, Infrastructure →
DB, API →
controllers.
Key layers?
+
Entities (core business), Use Cases (application logic), Interface Adapters
(controllers/gateways), and Frameworks/Drivers (DB, UI).
Use case interactor?
+
An application service that orchestrates business rules for a specific use
case.
Use clean architecture?
+
It improves testability, maintainability, decoupling, and allows technology
changes
without impacting core logic.
JKM Code Reviews
Asynchronous code review?
+
Reviewing code at different times rather than in real-time meetings.
Asynchronous vs synchronous review?
+
Asynchronous: reviews done at different times; synchronous: live review
sessions.
Automated code review?
+
Using tools to automatically check code quality security and standards
compliance.
Automated code review?
+
Automated tools check for syntax, style, security, and performance issues.
Examples
include SonarQube, ESLint, and CodeClimate.
Benefits of code reviews?
+
Benefits include higher quality early defect detection knowledge sharing
team
alignment and maintainability.
Branching strategy review?
+
Ensuring code merges follow team branching strategy e.g. GitFlow or
trunk-based.
Code complexity review?
+
Reviewing cyclomatic complexity and identifying overly complex code that is
hard to
maintain.
Code duplication review?
+
Checking for repeated code that should be refactored into reusable functions
or
modules.
Code ownership?
+
Code ownership defines responsibility for maintaining and improving specific
modules
or components.
Code refactoring?
+
Refactoring improves code structure and readability without changing its
external
behavior.
Code review acceptance criteria?
+
Clear conditions that must be met for code to pass the review.
Code review bottleneck?
+
Delays in merging code due to slow or insufficient reviews.
Code review checklist benefit?
+
Checklists ensure consistency reduce missed issues and improve review
quality.
Code review etiquette for authors?
+
Be open to feedback respond professionally clarify questions and make
required
changes.
Code review etiquette for reviewers?
+
Be constructive specific respectful and focus on code not the author.
Code review for open-source projects?
+
Community-driven reviews to ensure quality maintainability and contribution
guidelines.
Code review frequency?
+
Frequency at which code changes are submitted and reviewed ideally
continuous or per
feature.
Code review governance?
+
Policies and guidelines governing how code reviews are performed in an
organization.
Code review kpi?
+
Metrics to measure effectiveness of code reviews e.g. defects found review
time or
team participation.
Code review workflow?
+
Workflow defines how code is submitted reviewed approved and merged.
Code review?
+
Code review is the systematic examination of source code by developers to
identify
mistakes improve quality and ensure adherence to standards.
Code review?
+
Code review is the systematic examination of code by peers to identify
defects,
improve quality, and ensure adherence to standards.
Code reviews help junior developers?
+
They learn best practices, design patterns, debugging techniques, and
company coding
standards from experienced developers.
Code reviews important?
+
They improve code quality reduce bugs enhance maintainability and facilitate
knowledge sharing.
Code reviews important?
+
They improve code quality, knowledge sharing, maintainability, reduce bugs,
and
encourage consistency across the codebase.
Code smell?
+
A code smell is a symptom of poor code quality like duplicated code long
methods or
complex logic.
Code style review?
+
Checking adherence to naming conventions indentation spacing and formatting
standards.
Coding standard?
+
Coding standards are agreed-upon rules for code style formatting and best
practices.
Commit message review?
+
Reviewing that commit messages are descriptive meaningful and follow
guidelines.
Common code review best practices?
+
Check for readability, maintainability, performance, security, adherence to
coding
standards, and proper documentation.
Common code review checklist?
+
Checklist includes readability naming conventions design patterns security
performance and error handling.
Constructive feedback in code reviews?
+
Feedback that is specific actionable and focused on improving the code
rather than
criticizing the author.
Continuous code review?
+
Continuous review integrates code review into the CI/CD pipeline to catch
issues as
code is committed.
Continuous improvement in code reviews?
+
Iteratively improving review processes checklists and team practices.
Continuous learning from code reviews?
+
Team learns from defects patterns and best practices highlighted in reviews.
Cross-team code review?
+
Review conducted by members from other teams for knowledge sharing and
better
quality.
Cultural aspect of code reviews?
+
Fostering a culture of collaboration learning and constructive feedback.
Defensive coding review?
+
Review focusing on preventing errors handling edge cases and improving
robustness.
Dependency review?
+
Checking external libraries or modules for compatibility security and
versioning.
Design review vs code review?
+
Design review checks architecture and design decisions; code review focuses
on
implementation details.
Diffbet code review and code inspection?
+
Inspection is formal with documented findings; review can be informal or
tool-assisted.
Diffbet code review and testing?
+
Code review finds defects in logic style and design; testing validates code
behavior
at runtime.
Diffbet code walkthrough and code review?
+
Walkthrough is informal guided explanation of code; review is systematic
evaluation
for defects.
Diffbet cr and qa?
+
Code review is done by developers for quality and maintainability; QA tests
for
functional correctness.
Diffbet formal and informal code reviews?
+
Formal reviews are structured with checklists and documentation. Informal
reviews
are lightweight, often over pull requests or pair programming.
Diffbet major and minor code review comments?
+
Major comments indicate critical issues affecting functionality or
maintainability;
minor comments are suggestions or style improvements.
Documentation review?
+
Ensuring code is well-commented and documentation accurately reflects
functionality.
Dynamic code analysis?
+
Dynamic analysis evaluates code behavior during execution to identify
runtime
issues.
Error handling review?
+
Ensuring proper exception handling logging and graceful failure in code.
Formal code review?
+
Formal code review follows a structured process with defined roles meetings
and
checklists.
Incremental code review?
+
Reviewing small code changes frequently instead of large chunks at once.
Informal code review?
+
Informal review is a casual inspection of code without formal meetings or
documentation.
Integration test review?
+
Ensuring integration tests verify interactions between modules and external
systems.
Knowledge sharing in code reviews?
+
Code reviews help spread understanding of codebase best practices and design
patterns among team members.
Linting?
+
Linting is automated checking of code for stylistic errors bugs or
anti-patterns.
Logging review?
+
Reviewing that logs are meaningful not excessive and do not leak sensitive
data.
Main types of code reviews?
+
Types include formal reviews informal reviews pair programming and
tool-assisted
reviews.
Maintainability in code review?
+
Ensuring code is easy to read understand extend and debug by other
developers.
Mentor-driven review?
+
Experienced developers provide guidance and suggestions to less experienced
team
members.
Metrics can you track in code reviews?
+
Number of issues found, time spent per review, code coverage, and review
participation rates.
Metrics for reviewer performance?
+
Metrics include number of reviews done quality of feedback and response
time.
Modularity in code review?
+
Code should be organized into reusable independent modules for easier
maintenance.
Often should code reviews be conducted?
+
Ideally for every feature branch or pull request before merging into the
main branch
to catch issues early.
Onboarding through code reviews?
+
New developers learn coding standards practices and codebase structure via
reviews.
Over-reviewing?
+
Spending excessive time on minor issues reducing efficiency or demotivating
the
author.
Pair programming?
+
Two developers work together on the same code; one writes code while the
other
reviews in real-time.
Peer accountability in code reviews?
+
Ensuring all team members participate and contribute responsibly to reviews.
Peer code review?
+
A peer code review is when developers review each other’s code to ensure it
meets
quality and design standards.
Peer feedback in code review?
+
Feedback provided by peers to improve code quality and knowledge sharing.
Peer programming vs code review?
+
Pair programming involves simultaneous coding and reviewing; code review
happens
after code is written.
Peer review?
+
Peer review is a process where colleagues examine each other’s code for
quality and
correctness.
Performance code review?
+
Review emphasizing efficient algorithms memory usage and scalability.
Post-mortem code review?
+
Review conducted after a production issue to understand root cause and
prevent
recurrence.
Pull request (pr)?
+
A PR is a request to merge code changes into a repository often reviewed by
peers
before approval.
Pull request size best practice?
+
Keep PRs small and focused to facilitate faster and more effective reviews.
Readability in code review?
+
Readable code is clear consistent well-named and easily understandable.
Re-review?
+
Reviewing updated code after initial review comments have been addressed.
Resolved comment?
+
A resolved comment is a review comment that has been addressed by the
author.
Review approval?
+
Formal acceptance that code meets standards and is ready to merge.
Review automation benefit?
+
Automation speeds up checks enforces standards and reduces human errors.
Review backlog?
+
A queue of pending code reviews awaiting reviewer attention.
Review comment categorization?
+
Classifying comments as major minor suggestion or question for
prioritization.
Review comment?
+
A review comment is feedback provided by a reviewer to improve code quality.
Review coverage?
+
Percentage of code changes that undergo review before merging.
Review etiquette for large teams?
+
Clear responsibilities communication and avoiding conflicting feedback.
Review etiquette?
+
Etiquette includes being respectful constructive specific and avoiding
personal
criticism.
Review feedback loop?
+
Process of submitting reviewing addressing comments and re-reviewing until
approval.
Review for legacy code?
+
Reviewing existing code to identify improvements refactoring needs and
risks.
Review for refactoring?
+
Review ensuring that refactored code improves structure and readability
without
introducing bugs.
Review in ci/cd pipeline?
+
Code review integrated into CI/CD to prevent defective code from being
merged.
Review metrics analysis?
+
Analyzing review metrics to improve quality efficiency and team
collaboration.
Review turnaround time?
+
The time taken for a reviewer to provide feedback on submitted code.
Reviewer rotation?
+
Rotating reviewers to spread knowledge and avoid bias in reviews.
Risks of poor code reviews?
+
Risks include bugs security vulnerabilities inconsistent style technical
debt and
slower development.
Role of a reviewer?
+
The reviewer evaluates code quality suggests improvements ensures standards
are
followed and identifies defects.
Role of an author?
+
The author writes the code addresses review comments and ensures changes
meet
quality standards.
Root cause analysis in code review?
+
Understanding why defects occur to prevent similar issues in the future.
Scalability review?
+
Reviewing code to ensure it can handle increasing workload or number of
users
effectively.
Security code review?
+
Review focusing on identifying security vulnerabilities such as SQL
injection XSS or
authentication flaws.
Security review?
+
Review specifically for vulnerabilities sensitive data exposure and
compliance
issues.
Self-review?
+
Author reviews their own code before submitting it for peer review.
Should you check in a code review?
+
Check correctness readability maintainability security performance and
adherence to
coding standards.
Some popular code review tools?
+
Tools include GitHub Pull Requests GitLab Merge Requests Bitbucket Crucible
Review
Board and Phabricator.
Static code analysis?
+
Static analysis uses automated tools to analyze code without executing it
detecting
errors and enforcing standards.
Technical debt identification in code review?
+
Identifying suboptimal code or shortcuts that may require future
refactoring.
Test coverage review?
+
Ensuring code has adequate automated test coverage for all critical paths.
Testability review?
+
Ensuring code is easy to test with unit integration or automated tests.
To give constructive feedback in code reviews?
+
Focus on code, not the developer, explain why changes are needed, suggest
improvements, and be respectful and encouraging.
To handle conflicts during code review?
+
Discuss objectively with examples, refer to coding standards, involve a
neutral
reviewer if necessary, and focus on project goals.
Tool-assisted code review?
+
Using software tools (like GitHub GitLab Crucible) to comment track and
approve code
changes.
Tools are used for code reviews?
+
Popular tools include GitHub Pull Requests, GitLab Merge Requests, Azure
DevOps,
Crucible, and Bitbucket.
Under-reviewing?
+
Skipping important checks or approving low-quality code without proper
examination.
Unit test review?
+
Ensuring that automated unit tests exist are comprehensive and correctly
test
functionality.
You balance speed and quality in code reviews?
+
Focus on critical issues first, use automated tools for repetitive checks,
and avoid
overloading reviewers to maintain efficiency.
You ensure code review consistency across a team?
+
Establish coding standards, use review checklists, and train team members on
the
review process.
You handle a large code change in a review?
+
Break it into smaller logical chunks, review incrementally, and prioritize
high-risk
areas first.
Asynchronous code review?
+
Reviewing code at different times rather than in real-time meetings.
Asynchronous vs synchronous review?
+
Asynchronous: reviews done at different times; synchronous: live review
sessions.
Automated code review?
+
Using tools to automatically check code quality security and standards
compliance.
Automated code review?
+
Automated tools check for syntax, style, security, and performance issues.
Examples
include SonarQube, ESLint, and CodeClimate.
Benefits of code reviews?
+
Benefits include higher quality early defect detection knowledge sharing
team
alignment and maintainability.
Branching strategy review?
+
Ensuring code merges follow team branching strategy e.g. GitFlow or
trunk-based.
Code complexity review?
+
Reviewing cyclomatic complexity and identifying overly complex code that is
hard to
maintain.
Code duplication review?
+
Checking for repeated code that should be refactored into reusable functions
or
modules.
Code ownership?
+
Code ownership defines responsibility for maintaining and improving specific
modules
or components.
Code refactoring?
+
Refactoring improves code structure and readability without changing its
external
behavior.
Code review acceptance criteria?
+
Clear conditions that must be met for code to pass the review.
Code review bottleneck?
+
Delays in merging code due to slow or insufficient reviews.
Code review checklist benefit?
+
Checklists ensure consistency reduce missed issues and improve review
quality.
Code review etiquette for authors?
+
Be open to feedback respond professionally clarify questions and make
required
changes.
Code review etiquette for reviewers?
+
Be constructive specific respectful and focus on code not the author.
Code review for open-source projects?
+
Community-driven reviews to ensure quality maintainability and contribution
guidelines.
Code review frequency?
+
Frequency at which code changes are submitted and reviewed ideally
continuous or per
feature.
Code review governance?
+
Policies and guidelines governing how code reviews are performed in an
organization.
Code review kpi?
+
Metrics to measure effectiveness of code reviews e.g. defects found review
time or
team participation.
Code review workflow?
+
Workflow defines how code is submitted reviewed approved and merged.
Code review?
+
Code review is the systematic examination of source code by developers to
identify
mistakes improve quality and ensure adherence to standards.
Code review?
+
Code review is the systematic examination of code by peers to identify
defects,
improve quality, and ensure adherence to standards.
Code reviews help junior developers?
+
They learn best practices, design patterns, debugging techniques, and
company coding
standards from experienced developers.
Code reviews important?
+
They improve code quality reduce bugs enhance maintainability and facilitate
knowledge sharing.
Code reviews important?
+
They improve code quality, knowledge sharing, maintainability, reduce bugs,
and
encourage consistency across the codebase.
Code smell?
+
A code smell is a symptom of poor code quality like duplicated code long
methods or
complex logic.
Code style review?
+
Checking adherence to naming conventions indentation spacing and formatting
standards.
Coding standard?
+
Coding standards are agreed-upon rules for code style formatting and best
practices.
Commit message review?
+
Reviewing that commit messages are descriptive meaningful and follow
guidelines.
Common code review best practices?
+
Check for readability, maintainability, performance, security, adherence to
coding
standards, and proper documentation.
Common code review checklist?
+
Checklist includes readability naming conventions design patterns security
performance and error handling.
Constructive feedback in code reviews?
+
Feedback that is specific actionable and focused on improving the code
rather than
criticizing the author.
Continuous code review?
+
Continuous review integrates code review into the CI/CD pipeline to catch
issues as
code is committed.
Continuous improvement in code reviews?
+
Iteratively improving review processes checklists and team practices.
Continuous learning from code reviews?
+
Team learns from defects patterns and best practices highlighted in reviews.
Cross-team code review?
+
Review conducted by members from other teams for knowledge sharing and
better
quality.
Cultural aspect of code reviews?
+
Fostering a culture of collaboration learning and constructive feedback.
Defensive coding review?
+
Review focusing on preventing errors handling edge cases and improving
robustness.
Dependency review?
+
Checking external libraries or modules for compatibility security and
versioning.
Design review vs code review?
+
Design review checks architecture and design decisions; code review focuses
on
implementation details.
Diffbet code review and code inspection?
+
Inspection is formal with documented findings; review can be informal or
tool-assisted.
Diffbet code review and testing?
+
Code review finds defects in logic style and design; testing validates code
behavior
at runtime.
Diffbet code walkthrough and code review?
+
Walkthrough is informal guided explanation of code; review is systematic
evaluation
for defects.
Diffbet cr and qa?
+
Code review is done by developers for quality and maintainability; QA tests
for
functional correctness.
Diffbet formal and informal code reviews?
+
Formal reviews are structured with checklists and documentation. Informal
reviews
are lightweight, often over pull requests or pair programming.
Diffbet major and minor code review comments?
+
Major comments indicate critical issues affecting functionality or
maintainability;
minor comments are suggestions or style improvements.
Documentation review?
+
Ensuring code is well-commented and documentation accurately reflects
functionality.
Dynamic code analysis?
+
Dynamic analysis evaluates code behavior during execution to identify
runtime
issues.
Error handling review?
+
Ensuring proper exception handling logging and graceful failure in code.
Formal code review?
+
Formal code review follows a structured process with defined roles meetings
and
checklists.
Incremental code review?
+
Reviewing small code changes frequently instead of large chunks at once.
Informal code review?
+
Informal review is a casual inspection of code without formal meetings or
documentation.
Integration test review?
+
Ensuring integration tests verify interactions between modules and external
systems.
Knowledge sharing in code reviews?
+
Code reviews help spread understanding of codebase best practices and design
patterns among team members.
Linting?
+
Linting is automated checking of code for stylistic errors bugs or
anti-patterns.
Logging review?
+
Reviewing that logs are meaningful not excessive and do not leak sensitive
data.
Main types of code reviews?
+
Types include formal reviews informal reviews pair programming and
tool-assisted
reviews.
Maintainability in code review?
+
Ensuring code is easy to read understand extend and debug by other
developers.
Mentor-driven review?
+
Experienced developers provide guidance and suggestions to less experienced
team
members.
Metrics can you track in code reviews?
+
Number of issues found, time spent per review, code coverage, and review
participation rates.
Metrics for reviewer performance?
+
Metrics include number of reviews done quality of feedback and response
time.
Modularity in code review?
+
Code should be organized into reusable independent modules for easier
maintenance.
Often should code reviews be conducted?
+
Ideally for every feature branch or pull request before merging into the
main branch
to catch issues early.
Onboarding through code reviews?
+
New developers learn coding standards practices and codebase structure via
reviews.
Over-reviewing?
+
Spending excessive time on minor issues reducing efficiency or demotivating
the
author.
Pair programming?
+
Two developers work together on the same code; one writes code while the
other
reviews in real-time.
Peer accountability in code reviews?
+
Ensuring all team members participate and contribute responsibly to reviews.
Peer code review?
+
A peer code review is when developers review each other’s code to ensure it
meets
quality and design standards.
Peer feedback in code review?
+
Feedback provided by peers to improve code quality and knowledge sharing.
Peer programming vs code review?
+
Pair programming involves simultaneous coding and reviewing; code review
happens
after code is written.
Peer review?
+
Peer review is a process where colleagues examine each other’s code for
quality and
correctness.
Performance code review?
+
Review emphasizing efficient algorithms memory usage and scalability.
Post-mortem code review?
+
Review conducted after a production issue to understand root cause and
prevent
recurrence.
Pull request (pr)?
+
A PR is a request to merge code changes into a repository often reviewed by
peers
before approval.
Pull request size best practice?
+
Keep PRs small and focused to facilitate faster and more effective reviews.
Readability in code review?
+
Readable code is clear consistent well-named and easily understandable.
Re-review?
+
Reviewing updated code after initial review comments have been addressed.
Resolved comment?
+
A resolved comment is a review comment that has been addressed by the
author.
Review approval?
+
Formal acceptance that code meets standards and is ready to merge.
Review automation benefit?
+
Automation speeds up checks enforces standards and reduces human errors.
Review backlog?
+
A queue of pending code reviews awaiting reviewer attention.
Review comment categorization?
+
Classifying comments as major minor suggestion or question for
prioritization.
Review comment?
+
A review comment is feedback provided by a reviewer to improve code quality.
Review coverage?
+
Percentage of code changes that undergo review before merging.
Review etiquette for large teams?
+
Clear responsibilities communication and avoiding conflicting feedback.
Review etiquette?
+
Etiquette includes being respectful constructive specific and avoiding
personal
criticism.
Review feedback loop?
+
Process of submitting reviewing addressing comments and re-reviewing until
approval.
Review for legacy code?
+
Reviewing existing code to identify improvements refactoring needs and
risks.
Review for refactoring?
+
Review ensuring that refactored code improves structure and readability
without
introducing bugs.
Review in ci/cd pipeline?
+
Code review integrated into CI/CD to prevent defective code from being
merged.
Review metrics analysis?
+
Analyzing review metrics to improve quality efficiency and team
collaboration.
Review turnaround time?
+
The time taken for a reviewer to provide feedback on submitted code.
Reviewer rotation?
+
Rotating reviewers to spread knowledge and avoid bias in reviews.
Risks of poor code reviews?
+
Risks include bugs security vulnerabilities inconsistent style technical
debt and
slower development.
Role of a reviewer?
+
The reviewer evaluates code quality suggests improvements ensures standards
are
followed and identifies defects.
Role of an author?
+
The author writes the code addresses review comments and ensures changes
meet
quality standards.
Root cause analysis in code review?
+
Understanding why defects occur to prevent similar issues in the future.
Scalability review?
+
Reviewing code to ensure it can handle increasing workload or number of
users
effectively.
Security code review?
+
Review focusing on identifying security vulnerabilities such as SQL
injection XSS or
authentication flaws.
Security review?
+
Review specifically for vulnerabilities sensitive data exposure and
compliance
issues.
Self-review?
+
Author reviews their own code before submitting it for peer review.
Should you check in a code review?
+
Check correctness readability maintainability security performance and
adherence to
coding standards.
Some popular code review tools?
+
Tools include GitHub Pull Requests GitLab Merge Requests Bitbucket Crucible
Review
Board and Phabricator.
Static code analysis?
+
Static analysis uses automated tools to analyze code without executing it
detecting
errors and enforcing standards.
Technical debt identification in code review?
+
Identifying suboptimal code or shortcuts that may require future
refactoring.
Test coverage review?
+
Ensuring code has adequate automated test coverage for all critical paths.
Testability review?
+
Ensuring code is easy to test with unit integration or automated tests.
To give constructive feedback in code reviews?
+
Focus on code, not the developer, explain why changes are needed, suggest
improvements, and be respectful and encouraging.
To handle conflicts during code review?
+
Discuss objectively with examples, refer to coding standards, involve a
neutral
reviewer if necessary, and focus on project goals.
Tool-assisted code review?
+
Using software tools (like GitHub GitLab Crucible) to comment track and
approve code
changes.
Tools are used for code reviews?
+
Popular tools include GitHub Pull Requests, GitLab Merge Requests, Azure
DevOps,
Crucible, and Bitbucket.
Under-reviewing?
+
Skipping important checks or approving low-quality code without proper
examination.
Unit test review?
+
Ensuring that automated unit tests exist are comprehensive and correctly
test
functionality.
You balance speed and quality in code reviews?
+
Focus on critical issues first, use automated tools for repetitive checks,
and avoid
overloading reviewers to maintain efficiency.
You ensure code review consistency across a team?
+
Establish coding standards, use review checklists, and train team members on
the
review process.
You handle a large code change in a review?
+
Break it into smaller logical chunks, review incrementally, and prioritize
high-risk
areas first.
Asynchronous code review?
+
Reviewing code at different times rather than in real-time meetings.
Asynchronous vs synchronous review?
+
Asynchronous: reviews done at different times; synchronous: live review
sessions.
Automated code review?
+
Using tools to automatically check code quality security and standards
compliance.
Automated code review?
+
Automated tools check for syntax, style, security, and performance issues.
Examples
include SonarQube, ESLint, and CodeClimate.
Benefits of code reviews?
+
Benefits include higher quality early defect detection knowledge sharing
team
alignment and maintainability.
Branching strategy review?
+
Ensuring code merges follow team branching strategy e.g. GitFlow or
trunk-based.
Code complexity review?
+
Reviewing cyclomatic complexity and identifying overly complex code that is
hard to
maintain.
Code duplication review?
+
Checking for repeated code that should be refactored into reusable functions
or
modules.
Code ownership?
+
Code ownership defines responsibility for maintaining and improving specific
modules
or components.
Code refactoring?
+
Refactoring improves code structure and readability without changing its
external
behavior.
Code review acceptance criteria?
+
Clear conditions that must be met for code to pass the review.
Code review bottleneck?
+
Delays in merging code due to slow or insufficient reviews.
Code review checklist benefit?
+
Checklists ensure consistency reduce missed issues and improve review
quality.
Code review etiquette for authors?
+
Be open to feedback respond professionally clarify questions and make
required
changes.
Code review etiquette for reviewers?
+
Be constructive specific respectful and focus on code not the author.
Code review for open-source projects?
+
Community-driven reviews to ensure quality maintainability and contribution
guidelines.
Code review frequency?
+
Frequency at which code changes are submitted and reviewed ideally
continuous or per
feature.
Code review governance?
+
Policies and guidelines governing how code reviews are performed in an
organization.
Code review kpi?
+
Metrics to measure effectiveness of code reviews e.g. defects found review
time or
team participation.
Code review workflow?
+
Workflow defines how code is submitted reviewed approved and merged.
Code review?
+
Code review is the systematic examination of source code by developers to
identify
mistakes improve quality and ensure adherence to standards.
Code review?
+
Code review is the systematic examination of code by peers to identify
defects,
improve quality, and ensure adherence to standards.
Code reviews help junior developers?
+
They learn best practices, design patterns, debugging techniques, and
company coding
standards from experienced developers.
Code reviews important?
+
They improve code quality reduce bugs enhance maintainability and facilitate
knowledge sharing.
Code reviews important?
+
They improve code quality, knowledge sharing, maintainability, reduce bugs,
and
encourage consistency across the codebase.
Code smell?
+
A code smell is a symptom of poor code quality like duplicated code long
methods or
complex logic.
Code style review?
+
Checking adherence to naming conventions indentation spacing and formatting
standards.
Coding standard?
+
Coding standards are agreed-upon rules for code style formatting and best
practices.
Commit message review?
+
Reviewing that commit messages are descriptive meaningful and follow
guidelines.
Common code review best practices?
+
Check for readability, maintainability, performance, security, adherence to
coding
standards, and proper documentation.
Common code review checklist?
+
Checklist includes readability naming conventions design patterns security
performance and error handling.
Constructive feedback in code reviews?
+
Feedback that is specific actionable and focused on improving the code
rather than
criticizing the author.
Continuous code review?
+
Continuous review integrates code review into the CI/CD pipeline to catch
issues as
code is committed.
Continuous improvement in code reviews?
+
Iteratively improving review processes checklists and team practices.
Continuous learning from code reviews?
+
Team learns from defects patterns and best practices highlighted in reviews.
Cross-team code review?
+
Review conducted by members from other teams for knowledge sharing and
better
quality.
Cultural aspect of code reviews?
+
Fostering a culture of collaboration learning and constructive feedback.
Defensive coding review?
+
Review focusing on preventing errors handling edge cases and improving
robustness.
Dependency review?
+
Checking external libraries or modules for compatibility security and
versioning.
Design review vs code review?
+
Design review checks architecture and design decisions; code review focuses
on
implementation details.
Diffbet code review and code inspection?
+
Inspection is formal with documented findings; review can be informal or
tool-assisted.
Diffbet code review and testing?
+
Code review finds defects in logic style and design; testing validates code
behavior
at runtime.
Diffbet code walkthrough and code review?
+
Walkthrough is informal guided explanation of code; review is systematic
evaluation
for defects.
Diffbet cr and qa?
+
Code review is done by developers for quality and maintainability; QA tests
for
functional correctness.
Diffbet formal and informal code reviews?
+
Formal reviews are structured with checklists and documentation. Informal
reviews
are lightweight, often over pull requests or pair programming.
Diffbet major and minor code review comments?
+
Major comments indicate critical issues affecting functionality or
maintainability;
minor comments are suggestions or style improvements.
Documentation review?
+
Ensuring code is well-commented and documentation accurately reflects
functionality.
Dynamic code analysis?
+
Dynamic analysis evaluates code behavior during execution to identify
runtime
issues.
Error handling review?
+
Ensuring proper exception handling logging and graceful failure in code.
Formal code review?
+
Formal code review follows a structured process with defined roles meetings
and
checklists.
Incremental code review?
+
Reviewing small code changes frequently instead of large chunks at once.
Informal code review?
+
Informal review is a casual inspection of code without formal meetings or
documentation.
Integration test review?
+
Ensuring integration tests verify interactions between modules and external
systems.
Knowledge sharing in code reviews?
+
Code reviews help spread understanding of codebase best practices and design
patterns among team members.
Linting?
+
Linting is automated checking of code for stylistic errors bugs or
anti-patterns.
Logging review?
+
Reviewing that logs are meaningful not excessive and do not leak sensitive
data.
Main types of code reviews?
+
Types include formal reviews informal reviews pair programming and
tool-assisted
reviews.
Maintainability in code review?
+
Ensuring code is easy to read understand extend and debug by other
developers.
Mentor-driven review?
+
Experienced developers provide guidance and suggestions to less experienced
team
members.
Metrics can you track in code reviews?
+
Number of issues found, time spent per review, code coverage, and review
participation rates.
Metrics for reviewer performance?
+
Metrics include number of reviews done quality of feedback and response
time.
Modularity in code review?
+
Code should be organized into reusable independent modules for easier
maintenance.
Often should code reviews be conducted?
+
Ideally for every feature branch or pull request before merging into the
main branch
to catch issues early.
Onboarding through code reviews?
+
New developers learn coding standards practices and codebase structure via
reviews.
Over-reviewing?
+
Spending excessive time on minor issues reducing efficiency or demotivating
the
author.
Pair programming?
+
Two developers work together on the same code; one writes code while the
other
reviews in real-time.
Peer accountability in code reviews?
+
Ensuring all team members participate and contribute responsibly to reviews.
Peer code review?
+
A peer code review is when developers review each other’s code to ensure it
meets
quality and design standards.
Peer feedback in code review?
+
Feedback provided by peers to improve code quality and knowledge sharing.
Peer programming vs code review?
+
Pair programming involves simultaneous coding and reviewing; code review
happens
after code is written.
Peer review?
+
Peer review is a process where colleagues examine each other’s code for
quality and
correctness.
Performance code review?
+
Review emphasizing efficient algorithms memory usage and scalability.
Post-mortem code review?
+
Review conducted after a production issue to understand root cause and
prevent
recurrence.
Pull request (pr)?
+
A PR is a request to merge code changes into a repository often reviewed by
peers
before approval.
Pull request size best practice?
+
Keep PRs small and focused to facilitate faster and more effective reviews.
Readability in code review?
+
Readable code is clear consistent well-named and easily understandable.
Re-review?
+
Reviewing updated code after initial review comments have been addressed.
Resolved comment?
+
A resolved comment is a review comment that has been addressed by the
author.
Review approval?
+
Formal acceptance that code meets standards and is ready to merge.
Review automation benefit?
+
Automation speeds up checks enforces standards and reduces human errors.
Review backlog?
+
A queue of pending code reviews awaiting reviewer attention.
Review comment categorization?
+
Classifying comments as major minor suggestion or question for
prioritization.
Review comment?
+
A review comment is feedback provided by a reviewer to improve code quality.
Review coverage?
+
Percentage of code changes that undergo review before merging.
Review etiquette for large teams?
+
Clear responsibilities communication and avoiding conflicting feedback.
Review etiquette?
+
Etiquette includes being respectful constructive specific and avoiding
personal
criticism.
Review feedback loop?
+
Process of submitting reviewing addressing comments and re-reviewing until
approval.
Review for legacy code?
+
Reviewing existing code to identify improvements refactoring needs and
risks.
Review for refactoring?
+
Review ensuring that refactored code improves structure and readability
without
introducing bugs.
Review in ci/cd pipeline?
+
Code review integrated into CI/CD to prevent defective code from being
merged.
Review metrics analysis?
+
Analyzing review metrics to improve quality efficiency and team
collaboration.
Review turnaround time?
+
The time taken for a reviewer to provide feedback on submitted code.
Reviewer rotation?
+
Rotating reviewers to spread knowledge and avoid bias in reviews.
Risks of poor code reviews?
+
Risks include bugs security vulnerabilities inconsistent style technical
debt and
slower development.
Role of a reviewer?
+
The reviewer evaluates code quality suggests improvements ensures standards
are
followed and identifies defects.
Role of an author?
+
The author writes the code addresses review comments and ensures changes
meet
quality standards.
Root cause analysis in code review?
+
Understanding why defects occur to prevent similar issues in the future.
Scalability review?
+
Reviewing code to ensure it can handle increasing workload or number of
users
effectively.
Security code review?
+
Review focusing on identifying security vulnerabilities such as SQL
injection XSS or
authentication flaws.
Security review?
+
Review specifically for vulnerabilities sensitive data exposure and
compliance
issues.
Self-review?
+
Author reviews their own code before submitting it for peer review.
Should you check in a code review?
+
Check correctness readability maintainability security performance and
adherence to
coding standards.
Some popular code review tools?
+
Tools include GitHub Pull Requests GitLab Merge Requests Bitbucket Crucible
Review
Board and Phabricator.
Static code analysis?
+
Static analysis uses automated tools to analyze code without executing it
detecting
errors and enforcing standards.
Technical debt identification in code review?
+
Identifying suboptimal code or shortcuts that may require future
refactoring.
Test coverage review?
+
Ensuring code has adequate automated test coverage for all critical paths.
Testability review?
+
Ensuring code is easy to test with unit integration or automated tests.
To give constructive feedback in code reviews?
+
Focus on code, not the developer, explain why changes are needed, suggest
improvements, and be respectful and encouraging.
To handle conflicts during code review?
+
Discuss objectively with examples, refer to coding standards, involve a
neutral
reviewer if necessary, and focus on project goals.
Tool-assisted code review?
+
Using software tools (like GitHub GitLab Crucible) to comment track and
approve code
changes.
Tools are used for code reviews?
+
Popular tools include GitHub Pull Requests, GitLab Merge Requests, Azure
DevOps,
Crucible, and Bitbucket.
Under-reviewing?
+
Skipping important checks or approving low-quality code without proper
examination.
Unit test review?
+
Ensuring that automated unit tests exist are comprehensive and correctly
test
functionality.
You balance speed and quality in code reviews?
+
Focus on critical issues first, use automated tools for repetitive checks,
and avoid
overloading reviewers to maintain efficiency.
You ensure code review consistency across a team?
+
Establish coding standards, use review checklists, and train team members on
the
review process.
You handle a large code change in a review?
+
Break it into smaller logical chunks, review incrementally, and prioritize
high-risk
areas first.
Asynchronous code review?
+
Reviewing code at different times rather than in real-time meetings.
Asynchronous vs synchronous review?
+
Asynchronous: reviews done at different times; synchronous: live review
sessions.
Automated code review?
+
Using tools to automatically check code quality security and standards
compliance.
Automated code review?
+
Automated tools check for syntax, style, security, and performance issues.
Examples
include SonarQube, ESLint, and CodeClimate.
Benefits of code reviews?
+
Benefits include higher quality early defect detection knowledge sharing
team
alignment and maintainability.
Branching strategy review?
+
Ensuring code merges follow team branching strategy e.g. GitFlow or
trunk-based.
Code complexity review?
+
Reviewing cyclomatic complexity and identifying overly complex code that is
hard to
maintain.
Code duplication review?
+
Checking for repeated code that should be refactored into reusable functions
or
modules.
Code ownership?
+
Code ownership defines responsibility for maintaining and improving specific
modules
or components.
Code refactoring?
+
Refactoring improves code structure and readability without changing its
external
behavior.
Code review acceptance criteria?
+
Clear conditions that must be met for code to pass the review.
Code review bottleneck?
+
Delays in merging code due to slow or insufficient reviews.
Code review checklist benefit?
+
Checklists ensure consistency reduce missed issues and improve review
quality.
Code review etiquette for authors?
+
Be open to feedback respond professionally clarify questions and make
required
changes.
Code review etiquette for reviewers?
+
Be constructive specific respectful and focus on code not the author.
Code review for open-source projects?
+
Community-driven reviews to ensure quality maintainability and contribution
guidelines.
Code review frequency?
+
Frequency at which code changes are submitted and reviewed ideally
continuous or per
feature.
Code review governance?
+
Policies and guidelines governing how code reviews are performed in an
organization.
Code review kpi?
+
Metrics to measure effectiveness of code reviews e.g. defects found review
time or
team participation.
Code review workflow?
+
Workflow defines how code is submitted reviewed approved and merged.
Code review?
+
Code review is the systematic examination of source code by developers to
identify
mistakes improve quality and ensure adherence to standards.
Code review?
+
Code review is the systematic examination of code by peers to identify
defects,
improve quality, and ensure adherence to standards.
Code reviews help junior developers?
+
They learn best practices, design patterns, debugging techniques, and
company coding
standards from experienced developers.
Code reviews important?
+
They improve code quality reduce bugs enhance maintainability and facilitate
knowledge sharing.
Code reviews important?
+
They improve code quality, knowledge sharing, maintainability, reduce bugs,
and
encourage consistency across the codebase.
Code smell?
+
A code smell is a symptom of poor code quality like duplicated code long
methods or
complex logic.
Code style review?
+
Checking adherence to naming conventions indentation spacing and formatting
standards.
Coding standard?
+
Coding standards are agreed-upon rules for code style formatting and best
practices.
Commit message review?
+
Reviewing that commit messages are descriptive meaningful and follow
guidelines.
Common code review best practices?
+
Check for readability, maintainability, performance, security, adherence to
coding
standards, and proper documentation.
Common code review checklist?
+
Checklist includes readability naming conventions design patterns security
performance and error handling.
Constructive feedback in code reviews?
+
Feedback that is specific actionable and focused on improving the code
rather than
criticizing the author.
Continuous code review?
+
Continuous review integrates code review into the CI/CD pipeline to catch
issues as
code is committed.
Continuous improvement in code reviews?
+
Iteratively improving review processes checklists and team practices.
Continuous learning from code reviews?
+
Team learns from defects patterns and best practices highlighted in reviews.
Cross-team code review?
+
Review conducted by members from other teams for knowledge sharing and
better
quality.
Cultural aspect of code reviews?
+
Fostering a culture of collaboration learning and constructive feedback.
Defensive coding review?
+
Review focusing on preventing errors handling edge cases and improving
robustness.
Dependency review?
+
Checking external libraries or modules for compatibility security and
versioning.
Design review vs code review?
+
Design review checks architecture and design decisions; code review focuses
on
implementation details.
Diffbet code review and code inspection?
+
Inspection is formal with documented findings; review can be informal or
tool-assisted.
Diffbet code review and testing?
+
Code review finds defects in logic style and design; testing validates code
behavior
at runtime.
Diffbet code walkthrough and code review?
+
Walkthrough is informal guided explanation of code; review is systematic
evaluation
for defects.
Diffbet cr and qa?
+
Code review is done by developers for quality and maintainability; QA tests
for
functional correctness.
Diffbet formal and informal code reviews?
+
Formal reviews are structured with checklists and documentation. Informal
reviews
are lightweight, often over pull requests or pair programming.
Diffbet major and minor code review comments?
+
Major comments indicate critical issues affecting functionality or
maintainability;
minor comments are suggestions or style improvements.
Documentation review?
+
Ensuring code is well-commented and documentation accurately reflects
functionality.
Dynamic code analysis?
+
Dynamic analysis evaluates code behavior during execution to identify
runtime
issues.
Error handling review?
+
Ensuring proper exception handling logging and graceful failure in code.
Formal code review?
+
Formal code review follows a structured process with defined roles meetings
and
checklists.
Incremental code review?
+
Reviewing small code changes frequently instead of large chunks at once.
Informal code review?
+
Informal review is a casual inspection of code without formal meetings or
documentation.
Integration test review?
+
Ensuring integration tests verify interactions between modules and external
systems.
Knowledge sharing in code reviews?
+
Code reviews help spread understanding of codebase best practices and design
patterns among team members.
Linting?
+
Linting is automated checking of code for stylistic errors bugs or
anti-patterns.
Logging review?
+
Reviewing that logs are meaningful not excessive and do not leak sensitive
data.
Main types of code reviews?
+
Types include formal reviews informal reviews pair programming and
tool-assisted
reviews.
Maintainability in code review?
+
Ensuring code is easy to read understand extend and debug by other
developers.
Mentor-driven review?
+
Experienced developers provide guidance and suggestions to less experienced
team
members.
Metrics can you track in code reviews?
+
Number of issues found, time spent per review, code coverage, and review
participation rates.
Metrics for reviewer performance?
+
Metrics include number of reviews done quality of feedback and response
time.
Modularity in code review?
+
Code should be organized into reusable independent modules for easier
maintenance.
Often should code reviews be conducted?
+
Ideally for every feature branch or pull request before merging into the
main branch
to catch issues early.
Onboarding through code reviews?
+
New developers learn coding standards practices and codebase structure via
reviews.
Over-reviewing?
+
Spending excessive time on minor issues reducing efficiency or demotivating
the
author.
Pair programming?
+
Two developers work together on the same code; one writes code while the
other
reviews in real-time.
Peer accountability in code reviews?
+
Ensuring all team members participate and contribute responsibly to reviews.
Peer code review?
+
A peer code review is when developers review each other’s code to ensure it
meets
quality and design standards.
Peer feedback in code review?
+
Feedback provided by peers to improve code quality and knowledge sharing.
Peer programming vs code review?
+
Pair programming involves simultaneous coding and reviewing; code review
happens
after code is written.
Peer review?
+
Peer review is a process where colleagues examine each other’s code for
quality and
correctness.
Performance code review?
+
Review emphasizing efficient algorithms memory usage and scalability.
Post-mortem code review?
+
Review conducted after a production issue to understand root cause and
prevent
recurrence.
Pull request (pr)?
+
A PR is a request to merge code changes into a repository often reviewed by
peers
before approval.
Pull request size best practice?
+
Keep PRs small and focused to facilitate faster and more effective reviews.
Readability in code review?
+
Readable code is clear consistent well-named and easily understandable.
Re-review?
+
Reviewing updated code after initial review comments have been addressed.
Resolved comment?
+
A resolved comment is a review comment that has been addressed by the
author.
Review approval?
+
Formal acceptance that code meets standards and is ready to merge.
Review automation benefit?
+
Automation speeds up checks enforces standards and reduces human errors.
Review backlog?
+
A queue of pending code reviews awaiting reviewer attention.
Review comment categorization?
+
Classifying comments as major minor suggestion or question for
prioritization.
Review comment?
+
A review comment is feedback provided by a reviewer to improve code quality.
Review coverage?
+
Percentage of code changes that undergo review before merging.
Review etiquette for large teams?
+
Clear responsibilities communication and avoiding conflicting feedback.
Review etiquette?
+
Etiquette includes being respectful constructive specific and avoiding
personal
criticism.
Review feedback loop?
+
Process of submitting reviewing addressing comments and re-reviewing until
approval.
Review for legacy code?
+
Reviewing existing code to identify improvements refactoring needs and
risks.
Review for refactoring?
+
Review ensuring that refactored code improves structure and readability
without
introducing bugs.
Review in ci/cd pipeline?
+
Code review integrated into CI/CD to prevent defective code from being
merged.
Review metrics analysis?
+
Analyzing review metrics to improve quality efficiency and team
collaboration.
Review turnaround time?
+
The time taken for a reviewer to provide feedback on submitted code.
Reviewer rotation?
+
Rotating reviewers to spread knowledge and avoid bias in reviews.
Risks of poor code reviews?
+
Risks include bugs security vulnerabilities inconsistent style technical
debt and
slower development.
Role of a reviewer?
+
The reviewer evaluates code quality suggests improvements ensures standards
are
followed and identifies defects.
Role of an author?
+
The author writes the code addresses review comments and ensures changes
meet
quality standards.
Root cause analysis in code review?
+
Understanding why defects occur to prevent similar issues in the future.
Scalability review?
+
Reviewing code to ensure it can handle increasing workload or number of
users
effectively.
Security code review?
+
Review focusing on identifying security vulnerabilities such as SQL
injection XSS or
authentication flaws.
Security review?
+
Review specifically for vulnerabilities sensitive data exposure and
compliance
issues.
Self-review?
+
Author reviews their own code before submitting it for peer review.
Should you check in a code review?
+
Check correctness readability maintainability security performance and
adherence to
coding standards.
Some popular code review tools?
+
Tools include GitHub Pull Requests GitLab Merge Requests Bitbucket Crucible
Review
Board and Phabricator.
Static code analysis?
+
Static analysis uses automated tools to analyze code without executing it
detecting
errors and enforcing standards.
Technical debt identification in code review?
+
Identifying suboptimal code or shortcuts that may require future
refactoring.
Test coverage review?
+
Ensuring code has adequate automated test coverage for all critical paths.
Testability review?
+
Ensuring code is easy to test with unit integration or automated tests.
To give constructive feedback in code reviews?
+
Focus on code, not the developer, explain why changes are needed, suggest
improvements, and be respectful and encouraging.
To handle conflicts during code review?
+
Discuss objectively with examples, refer to coding standards, involve a
neutral
reviewer if necessary, and focus on project goals.
Tool-assisted code review?
+
Using software tools (like GitHub GitLab Crucible) to comment track and
approve code
changes.
Tools are used for code reviews?
+
Popular tools include GitHub Pull Requests, GitLab Merge Requests, Azure
DevOps,
Crucible, and Bitbucket.
Under-reviewing?
+
Skipping important checks or approving low-quality code without proper
examination.
Unit test review?
+
Ensuring that automated unit tests exist are comprehensive and correctly
test
functionality.
You balance speed and quality in code reviews?
+
Focus on critical issues first, use automated tools for repetitive checks,
and avoid
overloading reviewers to maintain efficiency.
You ensure code review consistency across a team?
+
Establish coding standards, use review checklists, and train team members on
the
review process.
You handle a large code change in a review?
+
Break it into smaller logical chunks, review incrementally, and prioritize
high-risk
areas first.
Asynchronous code review?
+
Reviewing code at different times rather than in real-time meetings.
Asynchronous vs synchronous review?
+
Asynchronous: reviews done at different times; synchronous: live review
sessions.
Automated code review?
+
Using tools to automatically check code quality security and standards
compliance.
Automated code review?
+
Automated tools check for syntax, style, security, and performance issues.
Examples
include SonarQube, ESLint, and CodeClimate.
Benefits of code reviews?
+
Benefits include higher quality early defect detection knowledge sharing
team
alignment and maintainability.
Branching strategy review?
+
Ensuring code merges follow team branching strategy e.g. GitFlow or
trunk-based.
Code complexity review?
+
Reviewing cyclomatic complexity and identifying overly complex code that is
hard to
maintain.
Code duplication review?
+
Checking for repeated code that should be refactored into reusable functions
or
modules.
Code ownership?
+
Code ownership defines responsibility for maintaining and improving specific
modules
or components.
Code refactoring?
+
Refactoring improves code structure and readability without changing its
external
behavior.
Code review acceptance criteria?
+
Clear conditions that must be met for code to pass the review.
Code review bottleneck?
+
Delays in merging code due to slow or insufficient reviews.
Code review checklist benefit?
+
Checklists ensure consistency reduce missed issues and improve review
quality.
Code review etiquette for authors?
+
Be open to feedback respond professionally clarify questions and make
required
changes.
Code review etiquette for reviewers?
+
Be constructive specific respectful and focus on code not the author.
Code review for open-source projects?
+
Community-driven reviews to ensure quality maintainability and contribution
guidelines.
Code review frequency?
+
Frequency at which code changes are submitted and reviewed ideally
continuous or per
feature.
Code review governance?
+
Policies and guidelines governing how code reviews are performed in an
organization.
Code review kpi?
+
Metrics to measure effectiveness of code reviews e.g. defects found review
time or
team participation.
Code review workflow?
+
Workflow defines how code is submitted reviewed approved and merged.
Code review?
+
Code review is the systematic examination of source code by developers to
identify
mistakes improve quality and ensure adherence to standards.
Code review?
+
Code review is the systematic examination of code by peers to identify
defects,
improve quality, and ensure adherence to standards.
Code reviews help junior developers?
+
They learn best practices, design patterns, debugging techniques, and
company coding
standards from experienced developers.
Code reviews important?
+
They improve code quality reduce bugs enhance maintainability and facilitate
knowledge sharing.
Code reviews important?
+
They improve code quality, knowledge sharing, maintainability, reduce bugs,
and
encourage consistency across the codebase.
Code smell?
+
A code smell is a symptom of poor code quality like duplicated code long
methods or
complex logic.
Code style review?
+
Checking adherence to naming conventions indentation spacing and formatting
standards.
Coding standard?
+
Coding standards are agreed-upon rules for code style formatting and best
practices.
Commit message review?
+
Reviewing that commit messages are descriptive meaningful and follow
guidelines.
Common code review best practices?
+
Check for readability, maintainability, performance, security, adherence to
coding
standards, and proper documentation.
Common code review checklist?
+
Checklist includes readability naming conventions design patterns security
performance and error handling.
Constructive feedback in code reviews?
+
Feedback that is specific actionable and focused on improving the code
rather than
criticizing the author.
Continuous code review?
+
Continuous review integrates code review into the CI/CD pipeline to catch
issues as
code is committed.
Continuous improvement in code reviews?
+
Iteratively improving review processes checklists and team practices.
Continuous learning from code reviews?
+
Team learns from defects patterns and best practices highlighted in reviews.
Cross-team code review?
+
Review conducted by members from other teams for knowledge sharing and
better
quality.
Cultural aspect of code reviews?
+
Fostering a culture of collaboration learning and constructive feedback.
Defensive coding review?
+
Review focusing on preventing errors handling edge cases and improving
robustness.
Dependency review?
+
Checking external libraries or modules for compatibility security and
versioning.
Design review vs code review?
+
Design review checks architecture and design decisions; code review focuses
on
implementation details.
Diffbet code review and code inspection?
+
Inspection is formal with documented findings; review can be informal or
tool-assisted.
Diffbet code review and testing?
+
Code review finds defects in logic style and design; testing validates code
behavior
at runtime.
Diffbet code walkthrough and code review?
+
Walkthrough is informal guided explanation of code; review is systematic
evaluation
for defects.
Diffbet cr and qa?
+
Code review is done by developers for quality and maintainability; QA tests
for
functional correctness.
Diffbet formal and informal code reviews?
+
Formal reviews are structured with checklists and documentation. Informal
reviews
are lightweight, often over pull requests or pair programming.
Diffbet major and minor code review comments?
+
Major comments indicate critical issues affecting functionality or
maintainability;
minor comments are suggestions or style improvements.
Documentation review?
+
Ensuring code is well-commented and documentation accurately reflects
functionality.
Dynamic code analysis?
+
Dynamic analysis evaluates code behavior during execution to identify
runtime
issues.
Error handling review?
+
Ensuring proper exception handling logging and graceful failure in code.
Formal code review?
+
Formal code review follows a structured process with defined roles meetings
and
checklists.
Incremental code review?
+
Reviewing small code changes frequently instead of large chunks at once.
Informal code review?
+
Informal review is a casual inspection of code without formal meetings or
documentation.
Integration test review?
+
Ensuring integration tests verify interactions between modules and external
systems.
Knowledge sharing in code reviews?
+
Code reviews help spread understanding of codebase best practices and design
patterns among team members.
Linting?
+
Linting is automated checking of code for stylistic errors bugs or
anti-patterns.
Logging review?
+
Reviewing that logs are meaningful not excessive and do not leak sensitive
data.
Main types of code reviews?
+
Types include formal reviews informal reviews pair programming and
tool-assisted
reviews.
Maintainability in code review?
+
Ensuring code is easy to read understand extend and debug by other
developers.
Mentor-driven review?
+
Experienced developers provide guidance and suggestions to less experienced
team
members.
Metrics can you track in code reviews?
+
Number of issues found, time spent per review, code coverage, and review
participation rates.
Metrics for reviewer performance?
+
Metrics include number of reviews done quality of feedback and response
time.
Modularity in code review?
+
Code should be organized into reusable independent modules for easier
maintenance.
Often should code reviews be conducted?
+
Ideally for every feature branch or pull request before merging into the
main branch
to catch issues early.
Onboarding through code reviews?
+
New developers learn coding standards practices and codebase structure via
reviews.
Over-reviewing?
+
Spending excessive time on minor issues reducing efficiency or demotivating
the
author.
Pair programming?
+
Two developers work together on the same code; one writes code while the
other
reviews in real-time.
Peer accountability in code reviews?
+
Ensuring all team members participate and contribute responsibly to reviews.
Peer code review?
+
A peer code review is when developers review each other’s code to ensure it
meets
quality and design standards.
Peer feedback in code review?
+
Feedback provided by peers to improve code quality and knowledge sharing.
Peer programming vs code review?
+
Pair programming involves simultaneous coding and reviewing; code review
happens
after code is written.
Peer review?
+
Peer review is a process where colleagues examine each other’s code for
quality and
correctness.
Performance code review?
+
Review emphasizing efficient algorithms memory usage and scalability.
Post-mortem code review?
+
Review conducted after a production issue to understand root cause and
prevent
recurrence.
Pull request (pr)?
+
A PR is a request to merge code changes into a repository often reviewed by
peers
before approval.
Pull request size best practice?
+
Keep PRs small and focused to facilitate faster and more effective reviews.
Readability in code review?
+
Readable code is clear consistent well-named and easily understandable.
Re-review?
+
Reviewing updated code after initial review comments have been addressed.
Resolved comment?
+
A resolved comment is a review comment that has been addressed by the
author.
Review approval?
+
Formal acceptance that code meets standards and is ready to merge.
Review automation benefit?
+
Automation speeds up checks enforces standards and reduces human errors.
Review backlog?
+
A queue of pending code reviews awaiting reviewer attention.
Review comment categorization?
+
Classifying comments as major minor suggestion or question for
prioritization.
Review comment?
+
A review comment is feedback provided by a reviewer to improve code quality.
Review coverage?
+
Percentage of code changes that undergo review before merging.
Review etiquette for large teams?
+
Clear responsibilities communication and avoiding conflicting feedback.
Review etiquette?
+
Etiquette includes being respectful constructive specific and avoiding
personal
criticism.
Review feedback loop?
+
Process of submitting reviewing addressing comments and re-reviewing until
approval.
Review for legacy code?
+
Reviewing existing code to identify improvements refactoring needs and
risks.
Review for refactoring?
+
Review ensuring that refactored code improves structure and readability
without
introducing bugs.
Review in ci/cd pipeline?
+
Code review integrated into CI/CD to prevent defective code from being
merged.
Review metrics analysis?
+
Analyzing review metrics to improve quality efficiency and team
collaboration.
Review turnaround time?
+
The time taken for a reviewer to provide feedback on submitted code.
Reviewer rotation?
+
Rotating reviewers to spread knowledge and avoid bias in reviews.
Risks of poor code reviews?
+
Risks include bugs security vulnerabilities inconsistent style technical
debt and
slower development.
Role of a reviewer?
+
The reviewer evaluates code quality suggests improvements ensures standards
are
followed and identifies defects.
Role of an author?
+
The author writes the code addresses review comments and ensures changes
meet
quality standards.
Root cause analysis in code review?
+
Understanding why defects occur to prevent similar issues in the future.
Scalability review?
+
Reviewing code to ensure it can handle increasing workload or number of
users
effectively.
Security code review?
+
Review focusing on identifying security vulnerabilities such as SQL
injection XSS or
authentication flaws.
Security review?
+
Review specifically for vulnerabilities sensitive data exposure and
compliance
issues.
Self-review?
+
Author reviews their own code before submitting it for peer review.
Should you check in a code review?
+
Check correctness readability maintainability security performance and
adherence to
coding standards.
Some popular code review tools?
+
Tools include GitHub Pull Requests GitLab Merge Requests Bitbucket Crucible
Review
Board and Phabricator.
Static code analysis?
+
Static analysis uses automated tools to analyze code without executing it
detecting
errors and enforcing standards.
Technical debt identification in code review?
+
Identifying suboptimal code or shortcuts that may require future
refactoring.
Test coverage review?
+
Ensuring code has adequate automated test coverage for all critical paths.
Testability review?
+
Ensuring code is easy to test with unit integration or automated tests.
To give constructive feedback in code reviews?
+
Focus on code, not the developer, explain why changes are needed, suggest
improvements, and be respectful and encouraging.
To handle conflicts during code review?
+
Discuss objectively with examples, refer to coding standards, involve a
neutral
reviewer if necessary, and focus on project goals.
Tool-assisted code review?
+
Using software tools (like GitHub GitLab Crucible) to comment track and
approve code
changes.
Tools are used for code reviews?
+
Popular tools include GitHub Pull Requests, GitLab Merge Requests, Azure
DevOps,
Crucible, and Bitbucket.
Under-reviewing?
+
Skipping important checks or approving low-quality code without proper
examination.
Unit test review?
+
Ensuring that automated unit tests exist are comprehensive and correctly
test
functionality.
You balance speed and quality in code reviews?
+
Focus on critical issues first, use automated tools for repetitive checks,
and avoid
overloading reviewers to maintain efficiency.
You ensure code review consistency across a team?
+
Establish coding standards, use review checklists, and train team members on
the
review process.
You handle a large code change in a review?
+
Break it into smaller logical chunks, review incrementally, and prioritize
high-risk
areas first.
JKM Creatio CRM
‘actions’ in a creatio workflow?
+
Tasks executed automatically: sending email, assigning owner, updating
records,
creating tasks, notifications, etc. :contentReference[oaicite:24]{index=24}
‘conditions and rules’ in a creatio workflow?
+
Logical criteria used inside workflows to branch paths: e.g. if amount > X
then
route to manager; else proceed to next step.
:contentReference[oaicite:23]{index=23}
360‑degree customer view in creatio?
+
A unified profile that stores contact info, interaction history,
orders/cases/contracts — giving full visibility across departments.
:contentReference[oaicite:4]{index=4}
Advantages of using workflow automation vs manual
processes?
+
Consistency, reduced errors, speed, auditability, scalability, and freeing
up human
resources for strategic work. :contentReference[oaicite:25]{index=25}
Ai‑native crm in creatio?
+
AI is embedded at the core: predictive, generative, and agentic AI features
(lead
scoring, automated actions, email generation, insights) to support CRM
tasks.
:contentReference[oaicite:12]{index=12}
Ai‑powered lead scoring in creatio?
+
AI analyzes lead data/history to assign scores to leads — helping
sales/marketing
prioritize high‑potential leads automatically.
Api integrations in creatio crm?
+
REST / API endpoints provided by Creatio to integrate with external systems
(ERP,
e‑commerce platform, telephony, webhooks, etc.).
:contentReference[oaicite:35]{index=35}
Api rate‑limiting and performance considerations for
integrations in creatio?
+
When using APIs for integrations, pay attention to request rates, data
volume, and
trigger load to avoid performance issues.
Approach for a business continuity plan involving
creatio crm (downtime, disaster)?
+
Have backups, redundancy, plan for failover, offline data access if
supported, data
export strategy, manual process fallback.
Approach for auditing user permissions and data access
regularly in creatio?
+
Run audit logs, review roles, validate access levels, revoke unused
permissions,
enforce least privilege principle.
Approach for customizing creatio ui for
brand/organization requirements?
+
Configure layouts, themes, labels, custom fields, modules, and optionally
custom
code/extensions if needed.
Approach for gdpr / data‑privacy compliance with
creatio
in eu or regulated regions?
+
Implement consent fields, data access controls, data retention / purge
policies,
audit logs, role‑based permissions.
Approach for handling data migration during major
schema
changes in creatio?
+
Export existing data, map to new schema, transform as needed, import to new
model,
validate data integrity, test workflows.
Approach for integrating creatio with e‑commerce or
web‑forms (lead capture)?
+
Use APIs/webhooks to push form data to Creatio, auto-create leads or
contacts,
trigger workflows for follow-up or assignment.
Approach for long‑term scalability and maintainability
of custom apps built on creatio?
+
Document schema and workflows, follow naming and versioning standards,
modular
design, regular review and cleanup.
Approach for migration from another crm to creatio
without losing history and data relationships?
+
Extract full data including history, map entities/relationships, import in
correct
order (e.g. accounts before opportunities), maintain IDs or references, test
thoroughly.
Approach for multi‑department collaboration using
creatio across sales, service, marketing?
+
Define shared workflows, permissions, data model; ensure proper assignment
and
notifications; use unified customer profile.
Approach for testing performance under load with many
concurrent workflows/users in creatio?
+
Simulate load, monitor response times, optimize workflows, scale resources,
archive
old data, avoid heavy triggers.
Approach for user feedback and continuous improvement
after rollout of creatio?
+
Collect user feedback, analyze issues, refine workflows/UI, conduct periodic
training, and update documentation.
Approach to ensure data integrity when multiple
integrations write to creatio?
+
Implement validation rules, transaction checks, error handling,
deduplication logic
and monitoring to prevent data corruption.
Approach to incremental rollout of creatio to large
organization?
+
Pilot with small user group, gather feedback, refine workflows, train next
group,
gradually expand — reduce risk and ensure adoption.
Approach to integrate creatio with external analytics
tool (bi)?
+
Use APIs to export CRM data or connect BI tool to database; schedule regular
exports; maintain data integrity and mapping.
Approach to retire or archive old/unused data or
workflows in creatio?
+
Identify deprecated records/processes, archive or delete, update workflows
to avoid
referencing removed data, backup before cleaning.
Audit & compliance readiness when using creatio for
regulated industries (finance, healthcare)?
+
Use access controls, audit logs, encryption, data retention/archival
policies,
strict permissions and workflow approvals.
Audit compliance (e.g. gdpr, iso) support in creatio?
+
Use audit logs, permissions, role‑based access, data retention policies,
secure
integrations to comply with regulatory requirements.
Audit log for user actions in creatio?
+
Records user activities — login, data modifications, workflow executions —
useful
for security, compliance, and tracking.
Audit logging frequency and storage management when
many
user activities logged in creatio?
+
Define retention policies, purge or archive older logs, store securely —
avoid
excessive storage while maintaining compliance.
Audit trail / history tracking in creatio?
+
Record changes to data — who changed what and when — useful for compliance,
tracking
updates, accountability.
Backup and disaster recovery planning with creatio
crm?
+
Regular backups, off‑site storage, redundancy, version control to ensure
data safety
in case of failures or data corruption.
Benefit of crm + bpm (business process management)
combined, as with creatio, compared to standard crm?
+
Allows not only managing customer data but automating operational, internal
and
industry‑specific business processes — increases efficiency and flexibility.
Benefit of modular licensing model for growing
businesses?
+
They can add modules/users as needed, scale gradually without paying for
unneeded
features upfront.
Benefits of low‑code crm for businesses, as offered by
creatio?
+
Faster deployment, lower dependence on developers, reduced costs, and
flexible
adaptation to changing business needs.
:contentReference[oaicite:10]{index=10}
Best practice for naming conventions (entities,
fields,
workflows) in creatio customisation?
+
Use meaningful names, consistent prefixes/suffixes, document definitions —
helps
maintain clarity and avoid conflicts.
Best practice for testing custom workflows in creatio
before production?
+
Use sandbox, test for all edge cases, verify permissions, simulate data
inputs, run
load tests, backup data.
Best way to manage schema changes (entities, fields)
in
creatio over time?
+
Define change log, version workflows, document changes, backup data,
communicate to
stakeholders, test in sandbox.
Bulk data import/export in creatio?
+
Supports bulk import/export operations (CSV/Excel) for contacts, leads, data
migration, backups, and mass updates.
Can creatio be used beyond crm — e.g. for hr, project
management, internal workflows?
+
Use its low‑code BPM / workflow engine and custom entities to model internal
processes (onboarding, approvals, project tracking).
Can creatio help a service/support team improve
customer
resolution time?
+
By automating ticket routing, SLA enforcement, case assignment, and using AI
agents
to suggest responses or prioritize cases.
:contentReference[oaicite:26]{index=26}
Can non‑technical users customise creatio crm?
+
Yes — business users (sales/marketing/service) can use visual designers to
build
workflows, layouts, dashboards, etc., without coding.
:contentReference[oaicite:11]{index=11}
Can you customize ui layouts and dashboards in creatio
without coding?
+
Using visual designers in Creatio’s studio — drag‑and‑drop fields, panels,
dashboards; rearrange layouts as per business needs.
:contentReference[oaicite:21]{index=21}
Can you extend creatio with custom code when no‑code
tools are not enough?
+
Use provided SDK/API, write custom scripts/integrations, use REST endpoints
or
external services — while keeping core no‑code logic separate.
Can you implement marketing roi tracking in creatio?
+
Use campaign and lead‑to‑sale tracking, assign leads to campaigns, track
conversions, revenue, attribution and generate reports/dashboards.
Change management best practice when implementing
creatio?
+
Define business processes clearly, plan roles/permissions, test workflows in
sandbox, migrate data carefully, train users, and roll out incrementally.
Change management when business processes evolve — to
update creatio workflows?
+
Use versioning, test updated workflows in sandbox, communicate changes,
train users
— avoid breaking active business flows.
Changelog or release management in creatio when you
update workflows?
+
Track and manage workflow changes; test in sandbox; deploy to production
safely;
rollback if needed.
Common challenges when implementing creatio crm?
+
Data migration complexity, initial learning curve for
customisation/workflows,
planning roles/permissions properly, defining business processes before
building.
Common use‑cases for workflow automation in creatio?
+
Lead → opportunity process, ticket/case management, loan/credit application,
onboarding workflows, approvals, order‑to‑invoice flows, etc.
:contentReference[oaicite:18]{index=18}
Configuration vs customization in creatio?
+
Configuration = using interface/tools to set up CRM without coding;
customization =
writing scripts or using advanced settings where needed.
Contact and lead management in creatio?
+
It enables capturing leads/contacts, managing their data, tracking
communications
and statuses until conversion. :contentReference[oaicite:6]{index=6}
Contract/invoice/order management inside creatio?
+
CREATIO allows creation/tracking of orders, generating invoices/contracts,
tracking
status — integrating financial/business transactions within CRM.
:contentReference[oaicite:33]{index=33}
Core modules available in creatio crm?
+
Sales, Marketing, Service (customer support), plus a studio/platform for
custom apps
& workflows. :contentReference[oaicite:3]{index=3}
Creatio crm?
+
Creatio CRM is a cloud‑based CRM and business‑process automation platform
that
unifies Sales, Marketing, Service, and workflow automation on a
low‑code/no‑code +
AI‑native platform. :contentReference[oaicite:1]{index=1}
Creatio marketplace?
+
A repository of 700+ applications/integrations/templates to extend
functionality and
adapt CRM to different industries or needs.
:contentReference[oaicite:13]{index=13}
Custom app in creatio?
+
An application built on Creatio’s platform (using low‑code tools) tailored
for
specific business processes beyond standard CRM (e.g. HR, project
management,
vertical‑specific flows).
Custom entity / object in creatio?
+
Users can define new entities (tables) beyond standard CRM ones to map to
business‑specific data (e.g. Projects, Vendors).
Custom field in creatio?
+
Extra field added to existing entity (contact, account, opportunity etc.) to
store
business‑specific data (like tax ID, region code, etc.).
Custom report building for cross‑module analytics in
creatio (e.g. sales + service + marketing)?
+
Define queries combining multiple entities, set filters/aggregations,
schedule
reports/dashboards — useful for overall business insights.
Custom reporting vs standard reporting in creatio?
+
Standard reports are pre‑built for common needs; custom reports are built by
users
to meet specific data/metric requirements (fields, filters, aggregations).
Customer life‑cycle management in creatio?
+
Tracking from first contact (lead) to long-term relationship — including
sales,
service, upsell, renewals, support — unified under CRM.
Customer portal capability in creatio for external
users?
+
Option for customers to access portal to submit tickets, check status, view
history
(where supported by configuration). :contentReference[oaicite:38]{index=38}
Customer service (support) automation in creatio?
+
Support teams can manage tickets/cases, SLAs, communication across channels
—
streamlining service workflows. :contentReference[oaicite:8]{index=8}
Customizable workflow for onboarding new employees
inside creatio (hr use‑case)?
+
Define process: create employee record → assign manager → set tasks →
approvals →
activation — all via CRM workflows.
Customization of workflows per geography or business
unit in creatio?
+
Define different workflows per region/business unit using the flexible
low‑code
platform configuration.
Customization vs out‑of‑box use in creatio?
+
Out‑of‑box means using standard modules with minimal config; customization
involves
building custom fields, workflows, layouts or apps to tailor to specific
needs.
Customizing creatio for project management instead of
pure crm?
+
Use custom entities (Projects, Tasks, Milestones), relationships, workflows
to
manage projects and collaboration inside Creatio.
Data backup and restore in creatio?
+
Ability (or need) to backup CRM data periodically and restore if needed —
ensuring
data safety (depending on deployment model).
Data deduplication and duplicate detection in creatio?
+
Mechanism to detect duplicate contacts/leads, merging duplicates, and
ensuring data
integrity.
Data export from creatio?
+
Export contacts, leads, reports, analytics or any list to CSV/Excel to allow
sharing
or offline analysis.
Data import in creatio?
+
Ability to import existing data (contacts, leads, accounts) from external
sources
(CSV, Excel, other CRMs) into Creatio CRM.
Data privacy and gdpr / region‑compliance support in
creatio?
+
Controls over personal data storage, permissions, access logs, ability to
anonymize
or delete personal data as per compliance needs.
Data transformation during import in creatio?
+
Mapping legacy fields to new schema, cleaning data, applying rules to
convert/validate data before import — helps ensure data quality.
Describe you’d implement lead-to-cash process in
creatio?
+
Explain mapping of entities (Lead → Opportunity → Order → Contract/Invoice),
workflows (lead scoring, assignment, approval), and integration with
billing/ERP.
Diffbet cloud deployment vs on‑premise deployment (if
offered) for creatio?
+
Cloud: easier scaling, maintenance; on-premise: more control over data,
possibly
required for compliance or data‑sensitive businesses.
Diffbet synchronous and asynchronous tasks in workflow
processing (in principle)?
+
Synchronous executes immediately; asynchronous can be scheduled/delayed or
run in
background — helps avoid blocking and allows scalable processing.
Diffbet using creatio for only crm vs full bpm + crm
use-case?
+
CRM-only: sales/marketing/service. Full BPM: includes internal operations,
HR,
procurement, approvals, custom workflows.
Does 'composable architecture' mean in creatio?
+
You can mix and match modules, workflows, custom apps as building blocks —
composing
CRM to business‑specific workflows without writing new code.
:contentReference[oaicite:14]{index=14}
Does creatio help in reducing total cost of ownership
compared to traditional crm systems?
+
Because of its low‑code nature and pre-built modules/integrations,
businesses can
avoid heavy development costs and still get customizable CRM.
:contentReference[oaicite:19]{index=19}
Does creatio help in regulatory compliance or audit
readiness?
+
Through audit trails, role‑based access, record‑history, SLA tracking, and
permissions/configuration to secure data and processes.
Does creatio support collaboration across teams?
+
Shared database, unified UI, communication and task‑assignment workflows,
role‑based
permissions, cross‑team visibility. :contentReference[oaicite:29]{index=29}
Does creatio support mobile access?
+
Yes — there is mobile access so users can manage CRM data and tasks on the
go.
:contentReference[oaicite:17]{index=17}
Does creatio support order / invoice / contract
management?
+
Yes — in addition to CRM, it supports orders, invoices and contract
workflows
(order/contract management via CRM modules).
:contentReference[oaicite:16]{index=16}
Does low-code / no-code mean in creatio?
+
It means you can design workflows, applications, UI layouts and business
logic via
visual designers (drag‑and‑drop, configuration) instead of writing code.
:contentReference[oaicite:2]{index=2}
Effort estimation when migrating legacy crm/data to
creatio?
+
Depends on data volume, number of modules, custom workflows; small CRM
migration may
take days, complex might take weeks with cleaning/mapping.
Error handling and retry logic in automated workflows
in
creatio?
+
Define fallback steps, alerts/notifications on failure, retrials or
escalations to
avoid data loss or stuck workflows.
Fallback/backup workflow when primary automation fails
in creatio?
+
Design error-handling steps: notifications, manual task creation, retries,
logging —
ensure no data/process loss.
Feature request and custom extension process for
creatio
when built-in features are insufficient?
+
Use Creatio’s platform to build custom fields/ entities; optionally develop
custom
code or use external services integrated via API.
Global query in creatio (search across crm)?
+
Search across contacts, leads, accounts, cases, opportunities etc — unified
search
to find any record quickly across modules.
Help‑desk / ticketing workflow in creatio service
module?
+
Automated case creation, assignment, SLA monitoring, escalation rules,
status
tracking, notifications, and case history management.
:contentReference[oaicite:31]{index=31}
Integration capabilities does creatio support?
+
APIs and pre-built connectors to integrate with external systems (ERP,
email,
telephony, third‑party tools) for seamless data flow.
:contentReference[oaicite:15]{index=15}
Integration testing when creatio interacts with
external
systems (erp, e‑commerce)?
+
Test data exchange, error handling, latency, API limits, conflict resolution
— in
sandbox before go-live.
Integration with external systems (erp, e‑commerce,
telephony) via creatio apis?
+
Use built‑in connectors or REST APIs to sync data between Creatio and
external
systems (orders, inventory, customer data) for unified operations.
:contentReference[oaicite:44]{index=44}
Kind of businesses benefit most from creatio?
+
Mid‑size to large enterprises with complex sales/service/marketing processes
needing
flexibility, automation, and scalability.
:contentReference[oaicite:30]{index=30}
Knowledge base management in creatio service module?
+
Store FAQs, manuals, service guides — searchable knowledge base to help
agents and
customers resolve issues quickly. :contentReference[oaicite:39]{index=39}
Lead nurturing in creatio?
+
Automated sequence of interactions (emails, reminders, tasks) to gradually
engage
leads until they are sales-ready (qualified).
Lead-to-order process in creatio?
+
Flow from lead capture → qualification → opportunity → order →
contract/invoice
generation — all managed through CRM workflows.
License & pricing model for creatio (user‑based,
module‑based)?
+
Creatio uses modular licensing — clients pay per user per module(s) —
flexibility to
subscribe only to needed modules. :contentReference[oaicite:45]{index=45}
Marketing automation in creatio?
+
Tools to run campaigns, nurture leads, segment contacts, automate
email/social
campaigns, measure results — all within CRM.
:contentReference[oaicite:7]{index=7}
Marketing campaign workflow in creatio?
+
Lead segmentation → campaign initiation → email/social outreach → track
responses →
scoring → follow‑ups or nurture → convert to opportunity.
Monitoring & alerting setup for sla / ticketing
workflows in creatio?
+
Configure alerts/notifications on SLA breach, escalation rules, dashboards
for SLA
compliance tracking.
Multi‑channel customer communication in creatio?
+
Support for email, phone calls, chat, social media — all interactions logged
and
managed centrally. :contentReference[oaicite:43]{index=43}
Multitenancy support in creatio (for agencies)?
+
Ability to manage separate organizations/business units under same instance
with
segregated data and permissions.
No-code agent builder in creatio?
+
A visual tool where users can assemble AI agents (with skills, workflows,
knowledge
bases) without writing code — enabling automation, content generation,
notifications, etc. :contentReference[oaicite:27]{index=27}
Omnichannel communication support in creatio?
+
Handling customer interactions across multiple channels (email, phone, chat,
social)
unified under CRM to track history and response.
:contentReference[oaicite:34]{index=34}
Performance monitoring / logging in creatio for
workflows and system usage?
+
Track execution times, error rates, user activity, data volume — helps
identify
bottlenecks or abuse.
Performance optimization in creatio?
+
Use As‑needed workflows, limit heavy triggers, archive old data, optimize
reports,
and use no‑tracking dashboards for speed.
Pipeline (sales pipeline) management in creatio?
+
Visual pipeline tools that let you track deals across stages, forecast
revenue, and
manage opportunities from lead through closure.
:contentReference[oaicite:5]{index=5}
Pre‑built industry‑specific workflows in creatio?
+
Templates and predefined workflows tailored to verticals (finance, telecom,
services, etc.) for common business processes — reducing need to build from
scratch.
:contentReference[oaicite:28]{index=28}
Process to add a new module or functionality in
creatio
after initial implementation?
+
Use studio to configure module, define entities/fields/workflows, set
permissions,
test, and enable for users — without major downtime.
Real-time analytics vs scheduled reports in creatio?
+
Real-time analytics updates with data changes; scheduled reports are
generated at
intervals (daily/weekly/monthly) for review or export.
Recommended backup frequency for crm system like
creatio?
+
Depends on volume and business needs — daily or weekly backups for critical
data;
more frequent for high‑transaction systems.
Recommended user onboarding/training plan when company
moves to creatio?
+
Role‑based training, sandbox exploration, hands‑on tasks, documentation,
support,
phased adoption and feedback loop.
Reporting and analytics in creatio?
+
Customizable dashboards and reports to track KPIs — sales performance,
marketing
campaign ROI, service metrics, team performance, etc.
:contentReference[oaicite:40]{index=40}
Role of metadata/schema management in creatio custom
apps?
+
Define custom entities/tables, fields, relationships, data types — maintain
schema
for custom business needs without coding.
Role‑based access control (rbac) in creatio?
+
You can define roles and permissions to control which users or teams access
which
data/modules/features in CRM — ensuring security and proper access.
:contentReference[oaicite:20]{index=20}
Rollback plan when automated workflows produce
unintended consequences (e.g. wrong data update)?
+
Use backups, audit logs to identify changes, revert changes or re‑process
via
scripts or manual corrections, notify stakeholders.
Rollback strategy for a failed workflow or
customization
in creatio?
+
Restore from backup, revert to previous workflow version, run data
correction
scripts, notify users and audit changes.
Sales forecasting in creatio crm?
+
Based on pipeline data and past history, predicting future sales, revenue
and
chances of deal closure using built‑in analytics/AI tools.
:contentReference[oaicite:32]{index=32}
Sandbox or test environment in creatio before
production
deployment?
+
A separate instance or environment where you can test workflows,
customizations, and
integrations before applying to live data.
Sandbox testing best practices before deploying
workflows in enterprise creatio?
+
Test all branches, edge cases, user roles, data flows; verify security;
backup data;
get stakeholder sign-off.
Sandbox vs production environment in creatio
implementation?
+
Sandbox used for testing customizations and workflows; production is live
environment — helps avoid disrupting live data.
Scalability concern when many custom workflows and
integrations are added to creatio?
+
Ensure optimized workflows, limit heavy triggers, archive old data, monitor
performance — avoid overloading instance.
Scalability of creatio for large enterprises?
+
With cloud/no‑code + modular architecture, Creatio supports large datasets,
many
users, and complex workflows across departments.
:contentReference[oaicite:42]{index=42}
Security and permissions model in creatio?
+
Role‑based permissions, access control on modules/data, record-level
permissions to
ensure data security and compliance. :contentReference[oaicite:36]{index=36}
Separation of environments (development, staging,
production) in creatio deployment?
+
Maintain separate environments to develop/test customizations, test
integrations,
then deploy to production safely.
Sla configuration for service tickets in creatio?
+
Ability to define service‑level agreements, monitor response
times/resolution
deadlines, automate reminders/escalations when SLAs are near breach.
:contentReference[oaicite:37]{index=37}
Soft delete vs hard delete of records in creatio?
+
Soft delete marks record inactive (kept for history/audit); hard delete
removes
record permanently (used carefully to avoid data loss).
Strategy for managing multi‑region compliance &
localization when using creatio globally?
+
Use localized fields, regional data storage policies, consent management,
region‑specific workflows and permissions per region.
Support and maintenance requirement after creatio
deployment?
+
Monitor system performance, update workflows, backup data, manage
permissions,
handle upgrades and user support.
Support for gdpr / data privacy enforcement in creatio
workflows?
+
Configure consent fields, access permissions, data retention policies,
anonymization
procedures where applicable.
Support for multiple currencies and multi‑region data
in
creatio?
+
Configure fields and entities to support currencies, localization,
region‑specific
workflows for global businesses.
Support for multiple languages in ui and data in
creatio?
+
Locales and language packs — ability to configure UI labels, messages, data
format
for global teams/customers.
Support for role-based dashboards and views in
creatio?
+
Managers, sales reps, support agents can have tailored dashboards showing
data
relevant to their role.
Testing strategy for new workflows or custom apps in
creatio?
+
Use sandbox environment, simulate all scenarios, test edge cases, verify
data
integrity, run performance tests, get user sign‑off before production.
To build a customer feedback survey workflow within
creatio?
+
Create survey entity, send survey via email/workflow after service/ticket
resolution, collect responses, store data, trigger follow‑ups based on
feedback.
To design backup & disaster recovery for medium /
large
creatio deployments?
+
Define backup schedule, off‑site storage, redundant servers/cloud, periodic
recovery
drills, documentation of restore procedures.
To ensure performance when running large bulk data
imports into creatio?
+
Use batch imports, disable triggers if needed, split data into chunks,
validate
beforehand, monitor system load.
To evaluate whether to use out‑of‑box features vs
build
custom workflows in creatio?
+
Compare business requirements vs built-in features, consider complexity,
maintenance
cost, performance, ease of use before customizing.
To handle duplicates and data quality issues during
migration to creatio?
+
Use deduplication logic, validation rules, manual review for conflicts,
maintain
audit logs of merges/cleanup.
To handle feature-request backlog and maintain roadmap
when using low‑code platform like creatio?
+
Prioritise based on impact, maintain documentation, version workflows,
schedule
releases, gather user feedback, test before deployment.
To implement audit‑ready workflow logging and
reporting
in creatio for compliance audits?
+
Enable audit logs, track user actions and changes, store history, provide
exportable
reports for compliance reviews.
To implement cross‑department workflow (e.g. sales →
service → billing) in creatio?
+
Define entities and relationships, build multi-step workflows, set
permissions per
department, use shared customer data, notifications and handoffs.
To implement lead scoring and prioritisation using
creatio built‑in ai features?
+
Configure lead attributes, enable AI lead scoring, define
thresholds/triggers,
auto‑assign or notify sales reps for high‑value leads.
To implement time‑based or scheduled workflows (e.g.
follow‑ups after 30 days) in creatio?
+
Use scheduling features or time‑based triggers to automatically perform
actions
after specified intervals.
To integrate creatio with external analytics/bi
platform
for advanced reporting?
+
Use API/data export, build ETL pipelines or direct DB connections, schedule
data
sync, design reports as per business needs.
To manage data privacy and user consent (for
marketing)
inside creatio?
+
Add consent fields, track opt‑in/opt‑out, restrict data access, implement
data
retention policies, maintain audit logs.
To manage version control and deployment of
customizations across multiple environments (dev, test, prod) in creatio?
+
Use sandbox for dev/testing, version workflows, document changes, test
thoroughly,
smooth promotion to production, track differences.
To migrate crm data and business logic from legacy
system to creatio with minimal downtime?
+
Plan extraction, mapping, pilot import/test, validate data, run parallel
systems
during cut-over, communicate with users, backup data.
To monitor and handle performance issues when many
automations and workflows are active in creatio?
+
Use logs and analytics, identify heavy workflows, optimize them, archive
inactive
items, scale resources, apply caching where possible.
To prepare for creatio crm implementation project?
+
Define business processes clearly, map data schema, prepare migration plan,
define
roles/permissions, set up sandbox, schedule training, plan rollout phases.
To set up role‑based dashboards and permission‑based
record visibility in creatio?
+
Define roles, assign permissions per module/entity, configure dashboards per
role to
show only relevant data.
Training and onboarding support for new creatio users?
+
Use sandbox/demo environment, tutorials, documentation, role‑based
permissions, and
phased rollout to help adoption.
Typical migration scenario when moving to creatio from
legacy crm?
+
Mapping legacy data fields to Creatio schema, cleaning data, importing
contacts/leads, configuring workflows, roles, custom fields, and training
users.
Typical steps for data migration into creatio from
legacy systems?
+
Data extraction → cleansing → mapping to Creatio schema → import →
validation →
testing → go‑live.
Ui localization / multiple languages support in
creatio?
+
Creatio supports multi‑language UI configuration to support global teams and
clients
in different regions.
Use of version history / audit trail for compliance or
internal audits in creatio?
+
Track data changes, user actions, workflow executions to provide
transparency,
accountability and support audits.
Use‑case: building a custom internal project
management
tool inside creatio?
+
Define Projects, Tasks entities; set relationships; build task assignment
and
tracking workflows, notifications, dashboards — custom app built on low‑code
platform.
Use‑case: building customer self‑service portal
through
creatio?
+
Expose case/ticket submission, status tracking, knowledge base, chat/email
support —
allowing customers to self-serve while CRM tracks interactions.
Use‑case: complaint resolution and feedback loop
automation?
+
Customer complaint entered → auto‑assign → send acknowledgement → schedule
resolution → send feedback / survey after resolution — tracked in CRM.
Use‑case: custom compliance workflow for regulated
industries (approvals, audits, documentation) in creatio?
+
Design approval workflows, audit logging, document storage, permissions,
version
history to meet compliance requirements.
Use‑case: customer onboarding workflow (for saas)
using
creatio?
+
Lead → contact → contract → onboarding tasks → welcome email → user training
— all
steps managed via workflow automation.
Use‑case: customizing dashboards for executive
leadership to shigh-level kpis?
+
Create dashboard combining sales pipeline, revenue forecast, service
metrics,
marketing ROI, customer satisfaction — for strategic decisions.
Use‑case: data archive and retention policies for old
records in creatio for compliance / performance reasons?
+
Archive old data, soft‑delete records, purge logs after retention period —
maintain
performance and compliance.
Use‑case: event management (seminars, webinars) using
creatio crm?
+
Registrations (leads), automated reminders, post-event follow‑ups, lead
scoring,
conversion to opportunity — full workflow in CRM.
Use‑case: globalization and multi‑region sales process
with localisation (currency, language) in creatio?
+
Configure multi-currency fields, localization settings, region-based
workflows, and
assign regional teams — manage global operations.
Use‑case: handling subscription renewals and recurring
billing pipelines in creatio?
+
Use workflows to send renewal reminders, generate invoices/contracts, update
statuses, notify account managers — automating subscription lifecycle.
Use‑case: hr onboarding/offboarding and employee
record
management in creatio?
+
Employee entity, onboarding workflow, access assignment, role-based
permissions,
offboarding tasks — manageable via low‑code workflows.
Use‑case: integrating creatio with erp for
order-to-cash
process?
+
Sync customer/order data, invoices, inventory, payment status — ensure full
order
lifecycle from lead to cash in coordinated systems.
Use‑case: integrating telephony or pbx into creatio
for
call logging and click-to-call?
+
Use built‑in connectors or APIs to log calls, record interaction history,
trigger
follow-up tasks — unified communication tracking.
:contentReference[oaicite:46]{index=46}
Use‑case: marketing nurture + re‑engagement workflows
for dormant clients?
+
Segment old clients, run email/social campaigns, schedule follow-up tasks,
track
engagement, convert to opportunity if interest resumes.
Use‑case: marketing‑to‑sales handoff automation in
creatio?
+
Marketing captures lead → nurtures → scores lead → when qualified,
auto‑assign to
sales rep → create opportunity → notify sales team — handoff automated.
Use‑case: multi‑team collaboration (sales + support +
finance) for order & invoice process in creatio?
+
Shared data (customer, orders, invoices), workflows for approval,
notifications
across departments, status tracking — unified operations.
Use‑case: role-based dashboards and permissions for
different teams in creatio?
+
Sales dashboard for sales team; support dashboard for service team; finance
dashboard for billing — each with restricted access per role.
Use‑case: subscription‑based service lifecycle and
renewal tracking using creatio?
+
Contracts entity, renewal dates, reminder workflows, invoice generation,
customer
communication — automate renewals and billing.
Use‑case: support ticket escalation and sla
enforcement
using creatio service module?
+
Ticket created → auto‑assign → SLA timer & reminder → if SLA breach,
auto‑escalate
or alert manager → resolution tracking.
Use‑case: vendor/supplier management (b2b) using
creatio
custom entities?
+
Define Vendor entity, track interactions, purchase orders, contracts,
approvals —
manage vendor lifecycle inside CRM.
User activity / task management within creatio?
+
Users/teams can create tasks, assign to others, track progress; integrated
with CRM
workflow and customer data.
User activity monitoring and analytics in creatio for
management?
+
Track login history, record edits, workflow execution stats, error rates —
use
dashboards to monitor productivity, compliance and usage patterns.
User adoption strategy when switching to creatio crm
in
a company?
+
Communicate benefits, involve key users early, provide training, create
incentives,
gather feedback and iterate workflows.
User roles and permission hierarchy in large
organizations using creatio?
+
Define roles (admin, sales rep, support agent, manager), assign permissions
by
module/record/field to enforce security and privacy.
User training approach when adopting creatio in an
organization?
+
Role-based training, sandbox practice, documentation, mentorship, phased
rollout,
and gathering user feedback to refine workflows.
Version control for customizations in creatio?
+
Track changes to custom apps/workflows, manage versions or rollback if
needed
(depends on deployment/config).
Vertical‑specific (industry‑specific) workflow
template
in creatio?
+
Pre-built process templates for industries (finance, telecom, services)
tailored to
standard operations in that industry.
:contentReference[oaicite:41]{index=41}
Webhook or external trigger support in creatio (for
integrations)?
+
Creatio can integrate external triggers or webhooks to react to external
events
(e.g. from other systems) to start workflows.
Workflow automation in creatio?
+
Automated workflows that trigger actions (notifications, updates,
assignments) based
on events or conditions to reduce manual tasks.
:contentReference[oaicite:9]{index=9}
Workflow trigger’ in creatio?
+
An event or condition (e.g. lead status change, new ticket, date/time event)
that
initiates an automated workflow. :contentReference[oaicite:22]{index=22}
Workflow versioning or change history in creatio?
+
Changes to workflows can be versioned or logged to allow rollback or audit
of
modifications.
Would you build a custom app (e.g. invoice management)
in creatio without coding?
+
Define entities (Invoice/Payment), fields, relationships, UI layouts,
workflows for
invoice generation, approval, payment tracking — all via low‑code tools.
Would you ensure data integrity and avoid duplicates
in
creatio when many integrations feed data?
+
Use validation rules, deduplication logic, unique fields, audit logs,
regular data
cleanup, and possibly API‑side checks.
Would you implement a custom reporting module
combining
data from sales, service, and marketing in creatio?
+
Use cross‑entity queries or custom entities, aggregations, define filters,
build
dashboards, schedule report generation and export.
Would you implement data backup & disaster recovery
for
a creatio deployment?
+
Schedule regular backups, store off‑site, export critical data, plan
failover,
document restoration process and test periodically.
Would you implement sla‑driven customer service
workflow
in creatio?
+
Design SLA rules, assign case priorities, set timers/triggers, escalate
cases on
breach, send notifications, track resolution and compliance.
Would you integrate creatio with a third‑party billing
or invoicing system?
+
Use REST API or built‑in connectors, map invoice/order data, design
synchronization
workflows, handle errors and updates.
Would you integrate creatio with an erp for order
fulfillment?
+
Use Creatio APIs or connectors to sync orders, customer data, statuses; set
up
workflows to push/pull data, manage order lifecycle and inventory.
Would you manage user roles and permissions for a
global
company using creatio?
+
Define hierarchical roles, restrict data by region or business unit,
implement
least‑privilege principle, audit permissions regularly.
Would you migrate 100,000 leads into creatio from
legacy
system?
+
Perform data cleaning, mapping, batch import via CSV/API, validate imported
data,
test workflows, use sandbox first, then go live in phases.
Would you onboard non‑technical users to use creatio
effectively?
+
Provide role‑based training, use step‑by‑step guides, give sandbox access,
deliver
mentorship, keep UI simple, and provide support documentation.
Would you plan disaster recovery and backup strategy
for
a global creatio deployment?
+
Define backup frequency, off‑site storage, restore procedures, failover
servers,
periodic DR drills.
You document crm customizations, workflows, data model
for future maintenance when using creatio?
+
Maintain documentation repositories, version control of workflows, schema
diagrams,
change logs, and periodic reviews.
You ensure data consistency when multiple external
systems sync to creatio?
+
Implement validation rules, transactional updates, conflict resolution
logic,
logging and monitoring for integration actions.
You ensure high availability for a critical creatio
deployment (global enterprise)?
+
Use cloud hosting with redundancy, regular backups, failover setup,
monitoring,
scaling resources as needed, and disaster recovery planning.
You ensure performance and scalability when many
workflows run simultaneously in creatio?
+
Optimize workflows, avoid heavy loops, batch operations, archive old data,
monitor
performance metrics, and scale resources as needed.
You handle data migration when business structure
changes (e.g. reorganization of departments) in creatio?
+
Map old data to new structure, update entities/relationships, preserve
history, test
workflows, update permissions, inform users.
You handle gdpr / data‑privacy compliance when using
creatio for eu customers?
+
Implement consent tracking, data retention policies, role‑based access,
audit logs,
anonymization, and document data handling procedures.
You handle multi‑tenant or multi‑subsidiary business
using single creatio instance?
+
Use role & access isolation, custom entities for subsidiaries, partition
data
logically, implement permissions per tenant.
You handle subscription billing and renewals using
creatio plus external billing module?
+
Use workflows for renewal reminder, integrate with billing system via API,
create
orders/invoices, track status — ensure data sync.
You handle version control and change management for
workflows and customisations in creatio?
+
Maintain version history, use sandbox for testing, document changes, get
approvals,
deploy in stages, keep rollback plan.
You integrate external web forms/landing pages with
creatio lead capture?
+
Use REST API or webhooks, map form fields to Creatio entities, validate
input,
create lead record automatically, trigger follow‑up workflows.
You manage data archive, cleanup of old records to
maintain performance in creatio?
+
Define retention policies, archive or delete old data, purge logs, use
separate
storage/archival, monitor DB size/performance.
You manage security and access control for sensitive
data (e.g. customer financials) in creatio?
+
Use field‑level permissions, role‑based access, encryption (if supported),
audit
logging, and restrict export options.
You merge records and manage duplicates in large
datasets inside creatio?
+
Use deduplication tools, merge function, validation rules, manual review for
ambiguous cases, and audit trail of merges.
You monitor system health, workflow execution metrics,
and usage analytics in creatio?
+
Use built-in analytics, custom dashboards, logs for errors/performance, user
activity reports, alerting on failures or heavy loads.
You onboard new teams or departments into existing
creatio instance with minimal disruption?
+
Use phased rollout, training sessions, permission management, custom
dashboards per
department, and pilot user feedback.
You plan for system maintenance and upgrades in
creatio
used heavily with custom workflows and integrations?
+
Schedule maintenance windows, backup data, test upgrades in sandbox, update
integrations, communicate with users, rollback plan if needed.
You support multi‑currency and global sales operations
in creatio?
+
Configure currency fields, exchange rates, localizations, regional
permissions, and
adapt workflows per region.
‘actions’ in a creatio workflow?
+
Tasks executed automatically: sending email, assigning owner, updating
records,
creating tasks, notifications, etc. :contentReference[oaicite:24]{index=24}
‘conditions and rules’ in a creatio workflow?
+
Logical criteria used inside workflows to branch paths: e.g. if amount > X
then
route to manager; else proceed to next step.
:contentReference[oaicite:23]{index=23}
360‑degree customer view in creatio?
+
A unified profile that stores contact info, interaction history,
orders/cases/contracts — giving full visibility across departments.
:contentReference[oaicite:4]{index=4}
Advantages of using workflow automation vs manual
processes?
+
Consistency, reduced errors, speed, auditability, scalability, and freeing
up human
resources for strategic work. :contentReference[oaicite:25]{index=25}
Ai‑native crm in creatio?
+
AI is embedded at the core: predictive, generative, and agentic AI features
(lead
scoring, automated actions, email generation, insights) to support CRM
tasks.
:contentReference[oaicite:12]{index=12}
Ai‑powered lead scoring in creatio?
+
AI analyzes lead data/history to assign scores to leads — helping
sales/marketing
prioritize high‑potential leads automatically.
Api integrations in creatio crm?
+
REST / API endpoints provided by Creatio to integrate with external systems
(ERP,
e‑commerce platform, telephony, webhooks, etc.).
:contentReference[oaicite:35]{index=35}
Api rate‑limiting and performance considerations for
integrations in creatio?
+
When using APIs for integrations, pay attention to request rates, data
volume, and
trigger load to avoid performance issues.
Approach for a business continuity plan involving
creatio crm (downtime, disaster)?
+
Have backups, redundancy, plan for failover, offline data access if
supported, data
export strategy, manual process fallback.
Approach for auditing user permissions and data access
regularly in creatio?
+
Run audit logs, review roles, validate access levels, revoke unused
permissions,
enforce least privilege principle.
Approach for customizing creatio ui for
brand/organization requirements?
+
Configure layouts, themes, labels, custom fields, modules, and optionally
custom
code/extensions if needed.
Approach for gdpr / data‑privacy compliance with
creatio
in eu or regulated regions?
+
Implement consent fields, data access controls, data retention / purge
policies,
audit logs, role‑based permissions.
Approach for handling data migration during major
schema
changes in creatio?
+
Export existing data, map to new schema, transform as needed, import to new
model,
validate data integrity, test workflows.
Approach for integrating creatio with e‑commerce or
web‑forms (lead capture)?
+
Use APIs/webhooks to push form data to Creatio, auto-create leads or
contacts,
trigger workflows for follow-up or assignment.
Approach for long‑term scalability and maintainability
of custom apps built on creatio?
+
Document schema and workflows, follow naming and versioning standards,
modular
design, regular review and cleanup.
Approach for migration from another crm to creatio
without losing history and data relationships?
+
Extract full data including history, map entities/relationships, import in
correct
order (e.g. accounts before opportunities), maintain IDs or references, test
thoroughly.
Approach for multi‑department collaboration using
creatio across sales, service, marketing?
+
Define shared workflows, permissions, data model; ensure proper assignment
and
notifications; use unified customer profile.
Approach for testing performance under load with many
concurrent workflows/users in creatio?
+
Simulate load, monitor response times, optimize workflows, scale resources,
archive
old data, avoid heavy triggers.
Approach for user feedback and continuous improvement
after rollout of creatio?
+
Collect user feedback, analyze issues, refine workflows/UI, conduct periodic
training, and update documentation.
Approach to ensure data integrity when multiple
integrations write to creatio?
+
Implement validation rules, transaction checks, error handling,
deduplication logic
and monitoring to prevent data corruption.
Approach to incremental rollout of creatio to large
organization?
+
Pilot with small user group, gather feedback, refine workflows, train next
group,
gradually expand — reduce risk and ensure adoption.
Approach to integrate creatio with external analytics
tool (bi)?
+
Use APIs to export CRM data or connect BI tool to database; schedule regular
exports; maintain data integrity and mapping.
Approach to retire or archive old/unused data or
workflows in creatio?
+
Identify deprecated records/processes, archive or delete, update workflows
to avoid
referencing removed data, backup before cleaning.
Audit & compliance readiness when using creatio for
regulated industries (finance, healthcare)?
+
Use access controls, audit logs, encryption, data retention/archival
policies,
strict permissions and workflow approvals.
Audit compliance (e.g. gdpr, iso) support in creatio?
+
Use audit logs, permissions, role‑based access, data retention policies,
secure
integrations to comply with regulatory requirements.
Audit log for user actions in creatio?
+
Records user activities — login, data modifications, workflow executions —
useful
for security, compliance, and tracking.
Audit logging frequency and storage management when
many
user activities logged in creatio?
+
Define retention policies, purge or archive older logs, store securely —
avoid
excessive storage while maintaining compliance.
Audit trail / history tracking in creatio?
+
Record changes to data — who changed what and when — useful for compliance,
tracking
updates, accountability.
Backup and disaster recovery planning with creatio
crm?
+
Regular backups, off‑site storage, redundancy, version control to ensure
data safety
in case of failures or data corruption.
Benefit of crm + bpm (business process management)
combined, as with creatio, compared to standard crm?
+
Allows not only managing customer data but automating operational, internal
and
industry‑specific business processes — increases efficiency and flexibility.
Benefit of modular licensing model for growing
businesses?
+
They can add modules/users as needed, scale gradually without paying for
unneeded
features upfront.
Benefits of low‑code crm for businesses, as offered by
creatio?
+
Faster deployment, lower dependence on developers, reduced costs, and
flexible
adaptation to changing business needs.
:contentReference[oaicite:10]{index=10}
Best practice for naming conventions (entities,
fields,
workflows) in creatio customisation?
+
Use meaningful names, consistent prefixes/suffixes, document definitions —
helps
maintain clarity and avoid conflicts.
Best practice for testing custom workflows in creatio
before production?
+
Use sandbox, test for all edge cases, verify permissions, simulate data
inputs, run
load tests, backup data.
Best way to manage schema changes (entities, fields)
in
creatio over time?
+
Define change log, version workflows, document changes, backup data,
communicate to
stakeholders, test in sandbox.
Bulk data import/export in creatio?
+
Supports bulk import/export operations (CSV/Excel) for contacts, leads, data
migration, backups, and mass updates.
Can creatio be used beyond crm — e.g. for hr, project
management, internal workflows?
+
Use its low‑code BPM / workflow engine and custom entities to model internal
processes (onboarding, approvals, project tracking).
Can creatio help a service/support team improve
customer
resolution time?
+
By automating ticket routing, SLA enforcement, case assignment, and using AI
agents
to suggest responses or prioritize cases.
:contentReference[oaicite:26]{index=26}
Can non‑technical users customise creatio crm?
+
Yes — business users (sales/marketing/service) can use visual designers to
build
workflows, layouts, dashboards, etc., without coding.
:contentReference[oaicite:11]{index=11}
Can you customize ui layouts and dashboards in creatio
without coding?
+
Using visual designers in Creatio’s studio — drag‑and‑drop fields, panels,
dashboards; rearrange layouts as per business needs.
:contentReference[oaicite:21]{index=21}
Can you extend creatio with custom code when no‑code
tools are not enough?
+
Use provided SDK/API, write custom scripts/integrations, use REST endpoints
or
external services — while keeping core no‑code logic separate.
Can you implement marketing roi tracking in creatio?
+
Use campaign and lead‑to‑sale tracking, assign leads to campaigns, track
conversions, revenue, attribution and generate reports/dashboards.
Change management best practice when implementing
creatio?
+
Define business processes clearly, plan roles/permissions, test workflows in
sandbox, migrate data carefully, train users, and roll out incrementally.
Change management when business processes evolve — to
update creatio workflows?
+
Use versioning, test updated workflows in sandbox, communicate changes,
train users
— avoid breaking active business flows.
Changelog or release management in creatio when you
update workflows?
+
Track and manage workflow changes; test in sandbox; deploy to production
safely;
rollback if needed.
Common challenges when implementing creatio crm?
+
Data migration complexity, initial learning curve for
customisation/workflows,
planning roles/permissions properly, defining business processes before
building.
Common use‑cases for workflow automation in creatio?
+
Lead → opportunity process, ticket/case management, loan/credit application,
onboarding workflows, approvals, order‑to‑invoice flows, etc.
:contentReference[oaicite:18]{index=18}
Configuration vs customization in creatio?
+
Configuration = using interface/tools to set up CRM without coding;
customization =
writing scripts or using advanced settings where needed.
Contact and lead management in creatio?
+
It enables capturing leads/contacts, managing their data, tracking
communications
and statuses until conversion. :contentReference[oaicite:6]{index=6}
Contract/invoice/order management inside creatio?
+
CREATIO allows creation/tracking of orders, generating invoices/contracts,
tracking
status — integrating financial/business transactions within CRM.
:contentReference[oaicite:33]{index=33}
Core modules available in creatio crm?
+
Sales, Marketing, Service (customer support), plus a studio/platform for
custom apps
& workflows. :contentReference[oaicite:3]{index=3}
Creatio crm?
+
Creatio CRM is a cloud‑based CRM and business‑process automation platform
that
unifies Sales, Marketing, Service, and workflow automation on a
low‑code/no‑code +
AI‑native platform. :contentReference[oaicite:1]{index=1}
Creatio marketplace?
+
A repository of 700+ applications/integrations/templates to extend
functionality and
adapt CRM to different industries or needs.
:contentReference[oaicite:13]{index=13}
Custom app in creatio?
+
An application built on Creatio’s platform (using low‑code tools) tailored
for
specific business processes beyond standard CRM (e.g. HR, project
management,
vertical‑specific flows).
Custom entity / object in creatio?
+
Users can define new entities (tables) beyond standard CRM ones to map to
business‑specific data (e.g. Projects, Vendors).
Custom field in creatio?
+
Extra field added to existing entity (contact, account, opportunity etc.) to
store
business‑specific data (like tax ID, region code, etc.).
Custom report building for cross‑module analytics in
creatio (e.g. sales + service + marketing)?
+
Define queries combining multiple entities, set filters/aggregations,
schedule
reports/dashboards — useful for overall business insights.
Custom reporting vs standard reporting in creatio?
+
Standard reports are pre‑built for common needs; custom reports are built by
users
to meet specific data/metric requirements (fields, filters, aggregations).
Customer life‑cycle management in creatio?
+
Tracking from first contact (lead) to long-term relationship — including
sales,
service, upsell, renewals, support — unified under CRM.
Customer portal capability in creatio for external
users?
+
Option for customers to access portal to submit tickets, check status, view
history
(where supported by configuration). :contentReference[oaicite:38]{index=38}
Customer service (support) automation in creatio?
+
Support teams can manage tickets/cases, SLAs, communication across channels
—
streamlining service workflows. :contentReference[oaicite:8]{index=8}
Customizable workflow for onboarding new employees
inside creatio (hr use‑case)?
+
Define process: create employee record → assign manager → set tasks →
approvals →
activation — all via CRM workflows.
Customization of workflows per geography or business
unit in creatio?
+
Define different workflows per region/business unit using the flexible
low‑code
platform configuration.
Customization vs out‑of‑box use in creatio?
+
Out‑of‑box means using standard modules with minimal config; customization
involves
building custom fields, workflows, layouts or apps to tailor to specific
needs.
Customizing creatio for project management instead of
pure crm?
+
Use custom entities (Projects, Tasks, Milestones), relationships, workflows
to
manage projects and collaboration inside Creatio.
Data backup and restore in creatio?
+
Ability (or need) to backup CRM data periodically and restore if needed —
ensuring
data safety (depending on deployment model).
Data deduplication and duplicate detection in creatio?
+
Mechanism to detect duplicate contacts/leads, merging duplicates, and
ensuring data
integrity.
Data export from creatio?
+
Export contacts, leads, reports, analytics or any list to CSV/Excel to allow
sharing
or offline analysis.
Data import in creatio?
+
Ability to import existing data (contacts, leads, accounts) from external
sources
(CSV, Excel, other CRMs) into Creatio CRM.
Data privacy and gdpr / region‑compliance support in
creatio?
+
Controls over personal data storage, permissions, access logs, ability to
anonymize
or delete personal data as per compliance needs.
Data transformation during import in creatio?
+
Mapping legacy fields to new schema, cleaning data, applying rules to
convert/validate data before import — helps ensure data quality.
Describe you’d implement lead-to-cash process in
creatio?
+
Explain mapping of entities (Lead → Opportunity → Order → Contract/Invoice),
workflows (lead scoring, assignment, approval), and integration with
billing/ERP.
Diffbet cloud deployment vs on‑premise deployment (if
offered) for creatio?
+
Cloud: easier scaling, maintenance; on-premise: more control over data,
possibly
required for compliance or data‑sensitive businesses.
Diffbet synchronous and asynchronous tasks in workflow
processing (in principle)?
+
Synchronous executes immediately; asynchronous can be scheduled/delayed or
run in
background — helps avoid blocking and allows scalable processing.
Diffbet using creatio for only crm vs full bpm + crm
use-case?
+
CRM-only: sales/marketing/service. Full BPM: includes internal operations,
HR,
procurement, approvals, custom workflows.
Does 'composable architecture' mean in creatio?
+
You can mix and match modules, workflows, custom apps as building blocks —
composing
CRM to business‑specific workflows without writing new code.
:contentReference[oaicite:14]{index=14}
Does creatio help in reducing total cost of ownership
compared to traditional crm systems?
+
Because of its low‑code nature and pre-built modules/integrations,
businesses can
avoid heavy development costs and still get customizable CRM.
:contentReference[oaicite:19]{index=19}
Does creatio help in regulatory compliance or audit
readiness?
+
Through audit trails, role‑based access, record‑history, SLA tracking, and
permissions/configuration to secure data and processes.
Does creatio support collaboration across teams?
+
Shared database, unified UI, communication and task‑assignment workflows,
role‑based
permissions, cross‑team visibility. :contentReference[oaicite:29]{index=29}
Does creatio support mobile access?
+
Yes — there is mobile access so users can manage CRM data and tasks on the
go.
:contentReference[oaicite:17]{index=17}
Does creatio support order / invoice / contract
management?
+
Yes — in addition to CRM, it supports orders, invoices and contract
workflows
(order/contract management via CRM modules).
:contentReference[oaicite:16]{index=16}
Does low-code / no-code mean in creatio?
+
It means you can design workflows, applications, UI layouts and business
logic via
visual designers (drag‑and‑drop, configuration) instead of writing code.
:contentReference[oaicite:2]{index=2}
Effort estimation when migrating legacy crm/data to
creatio?
+
Depends on data volume, number of modules, custom workflows; small CRM
migration may
take days, complex might take weeks with cleaning/mapping.
Error handling and retry logic in automated workflows
in
creatio?
+
Define fallback steps, alerts/notifications on failure, retrials or
escalations to
avoid data loss or stuck workflows.
Fallback/backup workflow when primary automation fails
in creatio?
+
Design error-handling steps: notifications, manual task creation, retries,
logging —
ensure no data/process loss.
Feature request and custom extension process for
creatio
when built-in features are insufficient?
+
Use Creatio’s platform to build custom fields/ entities; optionally develop
custom
code or use external services integrated via API.
Global query in creatio (search across crm)?
+
Search across contacts, leads, accounts, cases, opportunities etc — unified
search
to find any record quickly across modules.
Help‑desk / ticketing workflow in creatio service
module?
+
Automated case creation, assignment, SLA monitoring, escalation rules,
status
tracking, notifications, and case history management.
:contentReference[oaicite:31]{index=31}
Integration capabilities does creatio support?
+
APIs and pre-built connectors to integrate with external systems (ERP,
email,
telephony, third‑party tools) for seamless data flow.
:contentReference[oaicite:15]{index=15}
Integration testing when creatio interacts with
external
systems (erp, e‑commerce)?
+
Test data exchange, error handling, latency, API limits, conflict resolution
— in
sandbox before go-live.
Integration with external systems (erp, e‑commerce,
telephony) via creatio apis?
+
Use built‑in connectors or REST APIs to sync data between Creatio and
external
systems (orders, inventory, customer data) for unified operations.
:contentReference[oaicite:44]{index=44}
Kind of businesses benefit most from creatio?
+
Mid‑size to large enterprises with complex sales/service/marketing processes
needing
flexibility, automation, and scalability.
:contentReference[oaicite:30]{index=30}
Knowledge base management in creatio service module?
+
Store FAQs, manuals, service guides — searchable knowledge base to help
agents and
customers resolve issues quickly. :contentReference[oaicite:39]{index=39}
Lead nurturing in creatio?
+
Automated sequence of interactions (emails, reminders, tasks) to gradually
engage
leads until they are sales-ready (qualified).
Lead-to-order process in creatio?
+
Flow from lead capture → qualification → opportunity → order →
contract/invoice
generation — all managed through CRM workflows.
License & pricing model for creatio (user‑based,
module‑based)?
+
Creatio uses modular licensing — clients pay per user per module(s) —
flexibility to
subscribe only to needed modules. :contentReference[oaicite:45]{index=45}
Marketing automation in creatio?
+
Tools to run campaigns, nurture leads, segment contacts, automate
email/social
campaigns, measure results — all within CRM.
:contentReference[oaicite:7]{index=7}
Marketing campaign workflow in creatio?
+
Lead segmentation → campaign initiation → email/social outreach → track
responses →
scoring → follow‑ups or nurture → convert to opportunity.
Monitoring & alerting setup for sla / ticketing
workflows in creatio?
+
Configure alerts/notifications on SLA breach, escalation rules, dashboards
for SLA
compliance tracking.
Multi‑channel customer communication in creatio?
+
Support for email, phone calls, chat, social media — all interactions logged
and
managed centrally. :contentReference[oaicite:43]{index=43}
Multitenancy support in creatio (for agencies)?
+
Ability to manage separate organizations/business units under same instance
with
segregated data and permissions.
No-code agent builder in creatio?
+
A visual tool where users can assemble AI agents (with skills, workflows,
knowledge
bases) without writing code — enabling automation, content generation,
notifications, etc. :contentReference[oaicite:27]{index=27}
Omnichannel communication support in creatio?
+
Handling customer interactions across multiple channels (email, phone, chat,
social)
unified under CRM to track history and response.
:contentReference[oaicite:34]{index=34}
Performance monitoring / logging in creatio for
workflows and system usage?
+
Track execution times, error rates, user activity, data volume — helps
identify
bottlenecks or abuse.
Performance optimization in creatio?
+
Use As‑needed workflows, limit heavy triggers, archive old data, optimize
reports,
and use no‑tracking dashboards for speed.
Pipeline (sales pipeline) management in creatio?
+
Visual pipeline tools that let you track deals across stages, forecast
revenue, and
manage opportunities from lead through closure.
:contentReference[oaicite:5]{index=5}
Pre‑built industry‑specific workflows in creatio?
+
Templates and predefined workflows tailored to verticals (finance, telecom,
services, etc.) for common business processes — reducing need to build from
scratch.
:contentReference[oaicite:28]{index=28}
Process to add a new module or functionality in
creatio
after initial implementation?
+
Use studio to configure module, define entities/fields/workflows, set
permissions,
test, and enable for users — without major downtime.
Real-time analytics vs scheduled reports in creatio?
+
Real-time analytics updates with data changes; scheduled reports are
generated at
intervals (daily/weekly/monthly) for review or export.
Recommended backup frequency for crm system like
creatio?
+
Depends on volume and business needs — daily or weekly backups for critical
data;
more frequent for high‑transaction systems.
Recommended user onboarding/training plan when company
moves to creatio?
+
Role‑based training, sandbox exploration, hands‑on tasks, documentation,
support,
phased adoption and feedback loop.
Reporting and analytics in creatio?
+
Customizable dashboards and reports to track KPIs — sales performance,
marketing
campaign ROI, service metrics, team performance, etc.
:contentReference[oaicite:40]{index=40}
Role of metadata/schema management in creatio custom
apps?
+
Define custom entities/tables, fields, relationships, data types — maintain
schema
for custom business needs without coding.
Role‑based access control (rbac) in creatio?
+
You can define roles and permissions to control which users or teams access
which
data/modules/features in CRM — ensuring security and proper access.
:contentReference[oaicite:20]{index=20}
Rollback plan when automated workflows produce
unintended consequences (e.g. wrong data update)?
+
Use backups, audit logs to identify changes, revert changes or re‑process
via
scripts or manual corrections, notify stakeholders.
Rollback strategy for a failed workflow or
customization
in creatio?
+
Restore from backup, revert to previous workflow version, run data
correction
scripts, notify users and audit changes.
Sales forecasting in creatio crm?
+
Based on pipeline data and past history, predicting future sales, revenue
and
chances of deal closure using built‑in analytics/AI tools.
:contentReference[oaicite:32]{index=32}
Sandbox or test environment in creatio before
production
deployment?
+
A separate instance or environment where you can test workflows,
customizations, and
integrations before applying to live data.
Sandbox testing best practices before deploying
workflows in enterprise creatio?
+
Test all branches, edge cases, user roles, data flows; verify security;
backup data;
get stakeholder sign-off.
Sandbox vs production environment in creatio
implementation?
+
Sandbox used for testing customizations and workflows; production is live
environment — helps avoid disrupting live data.
Scalability concern when many custom workflows and
integrations are added to creatio?
+
Ensure optimized workflows, limit heavy triggers, archive old data, monitor
performance — avoid overloading instance.
Scalability of creatio for large enterprises?
+
With cloud/no‑code + modular architecture, Creatio supports large datasets,
many
users, and complex workflows across departments.
:contentReference[oaicite:42]{index=42}
Security and permissions model in creatio?
+
Role‑based permissions, access control on modules/data, record-level
permissions to
ensure data security and compliance. :contentReference[oaicite:36]{index=36}
Separation of environments (development, staging,
production) in creatio deployment?
+
Maintain separate environments to develop/test customizations, test
integrations,
then deploy to production safely.
Sla configuration for service tickets in creatio?
+
Ability to define service‑level agreements, monitor response
times/resolution
deadlines, automate reminders/escalations when SLAs are near breach.
:contentReference[oaicite:37]{index=37}
Soft delete vs hard delete of records in creatio?
+
Soft delete marks record inactive (kept for history/audit); hard delete
removes
record permanently (used carefully to avoid data loss).
Strategy for managing multi‑region compliance &
localization when using creatio globally?
+
Use localized fields, regional data storage policies, consent management,
region‑specific workflows and permissions per region.
Support and maintenance requirement after creatio
deployment?
+
Monitor system performance, update workflows, backup data, manage
permissions,
handle upgrades and user support.
Support for gdpr / data privacy enforcement in creatio
workflows?
+
Configure consent fields, access permissions, data retention policies,
anonymization
procedures where applicable.
Support for multiple currencies and multi‑region data
in
creatio?
+
Configure fields and entities to support currencies, localization,
region‑specific
workflows for global businesses.
Support for multiple languages in ui and data in
creatio?
+
Locales and language packs — ability to configure UI labels, messages, data
format
for global teams/customers.
Support for role-based dashboards and views in
creatio?
+
Managers, sales reps, support agents can have tailored dashboards showing
data
relevant to their role.
Testing strategy for new workflows or custom apps in
creatio?
+
Use sandbox environment, simulate all scenarios, test edge cases, verify
data
integrity, run performance tests, get user sign‑off before production.
To build a customer feedback survey workflow within
creatio?
+
Create survey entity, send survey via email/workflow after service/ticket
resolution, collect responses, store data, trigger follow‑ups based on
feedback.
To design backup & disaster recovery for medium /
large
creatio deployments?
+
Define backup schedule, off‑site storage, redundant servers/cloud, periodic
recovery
drills, documentation of restore procedures.
To ensure performance when running large bulk data
imports into creatio?
+
Use batch imports, disable triggers if needed, split data into chunks,
validate
beforehand, monitor system load.
To evaluate whether to use out‑of‑box features vs
build
custom workflows in creatio?
+
Compare business requirements vs built-in features, consider complexity,
maintenance
cost, performance, ease of use before customizing.
To handle duplicates and data quality issues during
migration to creatio?
+
Use deduplication logic, validation rules, manual review for conflicts,
maintain
audit logs of merges/cleanup.
To handle feature-request backlog and maintain roadmap
when using low‑code platform like creatio?
+
Prioritise based on impact, maintain documentation, version workflows,
schedule
releases, gather user feedback, test before deployment.
To implement audit‑ready workflow logging and
reporting
in creatio for compliance audits?
+
Enable audit logs, track user actions and changes, store history, provide
exportable
reports for compliance reviews.
To implement cross‑department workflow (e.g. sales →
service → billing) in creatio?
+
Define entities and relationships, build multi-step workflows, set
permissions per
department, use shared customer data, notifications and handoffs.
To implement lead scoring and prioritisation using
creatio built‑in ai features?
+
Configure lead attributes, enable AI lead scoring, define
thresholds/triggers,
auto‑assign or notify sales reps for high‑value leads.
To implement time‑based or scheduled workflows (e.g.
follow‑ups after 30 days) in creatio?
+
Use scheduling features or time‑based triggers to automatically perform
actions
after specified intervals.
To integrate creatio with external analytics/bi
platform
for advanced reporting?
+
Use API/data export, build ETL pipelines or direct DB connections, schedule
data
sync, design reports as per business needs.
To manage data privacy and user consent (for
marketing)
inside creatio?
+
Add consent fields, track opt‑in/opt‑out, restrict data access, implement
data
retention policies, maintain audit logs.
To manage version control and deployment of
customizations across multiple environments (dev, test, prod) in creatio?
+
Use sandbox for dev/testing, version workflows, document changes, test
thoroughly,
smooth promotion to production, track differences.
To migrate crm data and business logic from legacy
system to creatio with minimal downtime?
+
Plan extraction, mapping, pilot import/test, validate data, run parallel
systems
during cut-over, communicate with users, backup data.
To monitor and handle performance issues when many
automations and workflows are active in creatio?
+
Use logs and analytics, identify heavy workflows, optimize them, archive
inactive
items, scale resources, apply caching where possible.
To prepare for creatio crm implementation project?
+
Define business processes clearly, map data schema, prepare migration plan,
define
roles/permissions, set up sandbox, schedule training, plan rollout phases.
To set up role‑based dashboards and permission‑based
record visibility in creatio?
+
Define roles, assign permissions per module/entity, configure dashboards per
role to
show only relevant data.
Training and onboarding support for new creatio users?
+
Use sandbox/demo environment, tutorials, documentation, role‑based
permissions, and
phased rollout to help adoption.
Typical migration scenario when moving to creatio from
legacy crm?
+
Mapping legacy data fields to Creatio schema, cleaning data, importing
contacts/leads, configuring workflows, roles, custom fields, and training
users.
Typical steps for data migration into creatio from
legacy systems?
+
Data extraction → cleansing → mapping to Creatio schema → import →
validation →
testing → go‑live.
Ui localization / multiple languages support in
creatio?
+
Creatio supports multi‑language UI configuration to support global teams and
clients
in different regions.
Use of version history / audit trail for compliance or
internal audits in creatio?
+
Track data changes, user actions, workflow executions to provide
transparency,
accountability and support audits.
Use‑case: building a custom internal project
management
tool inside creatio?
+
Define Projects, Tasks entities; set relationships; build task assignment
and
tracking workflows, notifications, dashboards — custom app built on low‑code
platform.
Use‑case: building customer self‑service portal
through
creatio?
+
Expose case/ticket submission, status tracking, knowledge base, chat/email
support —
allowing customers to self-serve while CRM tracks interactions.
Use‑case: complaint resolution and feedback loop
automation?
+
Customer complaint entered → auto‑assign → send acknowledgement → schedule
resolution → send feedback / survey after resolution — tracked in CRM.
Use‑case: custom compliance workflow for regulated
industries (approvals, audits, documentation) in creatio?
+
Design approval workflows, audit logging, document storage, permissions,
version
history to meet compliance requirements.
Use‑case: customer onboarding workflow (for saas)
using
creatio?
+
Lead → contact → contract → onboarding tasks → welcome email → user training
— all
steps managed via workflow automation.
Use‑case: customizing dashboards for executive
leadership to shigh-level kpis?
+
Create dashboard combining sales pipeline, revenue forecast, service
metrics,
marketing ROI, customer satisfaction — for strategic decisions.
Use‑case: data archive and retention policies for old
records in creatio for compliance / performance reasons?
+
Archive old data, soft‑delete records, purge logs after retention period —
maintain
performance and compliance.
Use‑case: event management (seminars, webinars) using
creatio crm?
+
Registrations (leads), automated reminders, post-event follow‑ups, lead
scoring,
conversion to opportunity — full workflow in CRM.
Use‑case: globalization and multi‑region sales process
with localisation (currency, language) in creatio?
+
Configure multi-currency fields, localization settings, region-based
workflows, and
assign regional teams — manage global operations.
Use‑case: handling subscription renewals and recurring
billing pipelines in creatio?
+
Use workflows to send renewal reminders, generate invoices/contracts, update
statuses, notify account managers — automating subscription lifecycle.
Use‑case: hr onboarding/offboarding and employee
record
management in creatio?
+
Employee entity, onboarding workflow, access assignment, role-based
permissions,
offboarding tasks — manageable via low‑code workflows.
Use‑case: integrating creatio with erp for
order-to-cash
process?
+
Sync customer/order data, invoices, inventory, payment status — ensure full
order
lifecycle from lead to cash in coordinated systems.
Use‑case: integrating telephony or pbx into creatio
for
call logging and click-to-call?
+
Use built‑in connectors or APIs to log calls, record interaction history,
trigger
follow-up tasks — unified communication tracking.
:contentReference[oaicite:46]{index=46}
Use‑case: marketing nurture + re‑engagement workflows
for dormant clients?
+
Segment old clients, run email/social campaigns, schedule follow-up tasks,
track
engagement, convert to opportunity if interest resumes.
Use‑case: marketing‑to‑sales handoff automation in
creatio?
+
Marketing captures lead → nurtures → scores lead → when qualified,
auto‑assign to
sales rep → create opportunity → notify sales team — handoff automated.
Use‑case: multi‑team collaboration (sales + support +
finance) for order & invoice process in creatio?
+
Shared data (customer, orders, invoices), workflows for approval,
notifications
across departments, status tracking — unified operations.
Use‑case: role-based dashboards and permissions for
different teams in creatio?
+
Sales dashboard for sales team; support dashboard for service team; finance
dashboard for billing — each with restricted access per role.
Use‑case: subscription‑based service lifecycle and
renewal tracking using creatio?
+
Contracts entity, renewal dates, reminder workflows, invoice generation,
customer
communication — automate renewals and billing.
Use‑case: support ticket escalation and sla
enforcement
using creatio service module?
+
Ticket created → auto‑assign → SLA timer & reminder → if SLA breach,
auto‑escalate
or alert manager → resolution tracking.
Use‑case: vendor/supplier management (b2b) using
creatio
custom entities?
+
Define Vendor entity, track interactions, purchase orders, contracts,
approvals —
manage vendor lifecycle inside CRM.
User activity / task management within creatio?
+
Users/teams can create tasks, assign to others, track progress; integrated
with CRM
workflow and customer data.
User activity monitoring and analytics in creatio for
management?
+
Track login history, record edits, workflow execution stats, error rates —
use
dashboards to monitor productivity, compliance and usage patterns.
User adoption strategy when switching to creatio crm
in
a company?
+
Communicate benefits, involve key users early, provide training, create
incentives,
gather feedback and iterate workflows.
User roles and permission hierarchy in large
organizations using creatio?
+
Define roles (admin, sales rep, support agent, manager), assign permissions
by
module/record/field to enforce security and privacy.
User training approach when adopting creatio in an
organization?
+
Role-based training, sandbox practice, documentation, mentorship, phased
rollout,
and gathering user feedback to refine workflows.
Version control for customizations in creatio?
+
Track changes to custom apps/workflows, manage versions or rollback if
needed
(depends on deployment/config).
Vertical‑specific (industry‑specific) workflow
template
in creatio?
+
Pre-built process templates for industries (finance, telecom, services)
tailored to
standard operations in that industry.
:contentReference[oaicite:41]{index=41}
Webhook or external trigger support in creatio (for
integrations)?
+
Creatio can integrate external triggers or webhooks to react to external
events
(e.g. from other systems) to start workflows.
Workflow automation in creatio?
+
Automated workflows that trigger actions (notifications, updates,
assignments) based
on events or conditions to reduce manual tasks.
:contentReference[oaicite:9]{index=9}
Workflow trigger’ in creatio?
+
An event or condition (e.g. lead status change, new ticket, date/time event)
that
initiates an automated workflow. :contentReference[oaicite:22]{index=22}
Workflow versioning or change history in creatio?
+
Changes to workflows can be versioned or logged to allow rollback or audit
of
modifications.
Would you build a custom app (e.g. invoice management)
in creatio without coding?
+
Define entities (Invoice/Payment), fields, relationships, UI layouts,
workflows for
invoice generation, approval, payment tracking — all via low‑code tools.
Would you ensure data integrity and avoid duplicates
in
creatio when many integrations feed data?
+
Use validation rules, deduplication logic, unique fields, audit logs,
regular data
cleanup, and possibly API‑side checks.
Would you implement a custom reporting module
combining
data from sales, service, and marketing in creatio?
+
Use cross‑entity queries or custom entities, aggregations, define filters,
build
dashboards, schedule report generation and export.
Would you implement data backup & disaster recovery
for
a creatio deployment?
+
Schedule regular backups, store off‑site, export critical data, plan
failover,
document restoration process and test periodically.
Would you implement sla‑driven customer service
workflow
in creatio?
+
Design SLA rules, assign case priorities, set timers/triggers, escalate
cases on
breach, send notifications, track resolution and compliance.
Would you integrate creatio with a third‑party billing
or invoicing system?
+
Use REST API or built‑in connectors, map invoice/order data, design
synchronization
workflows, handle errors and updates.
Would you integrate creatio with an erp for order
fulfillment?
+
Use Creatio APIs or connectors to sync orders, customer data, statuses; set
up
workflows to push/pull data, manage order lifecycle and inventory.
Would you manage user roles and permissions for a
global
company using creatio?
+
Define hierarchical roles, restrict data by region or business unit,
implement
least‑privilege principle, audit permissions regularly.
Would you migrate 100,000 leads into creatio from
legacy
system?
+
Perform data cleaning, mapping, batch import via CSV/API, validate imported
data,
test workflows, use sandbox first, then go live in phases.
Would you onboard non‑technical users to use creatio
effectively?
+
Provide role‑based training, use step‑by‑step guides, give sandbox access,
deliver
mentorship, keep UI simple, and provide support documentation.
Would you plan disaster recovery and backup strategy
for
a global creatio deployment?
+
Define backup frequency, off‑site storage, restore procedures, failover
servers,
periodic DR drills.
You document crm customizations, workflows, data model
for future maintenance when using creatio?
+
Maintain documentation repositories, version control of workflows, schema
diagrams,
change logs, and periodic reviews.
You ensure data consistency when multiple external
systems sync to creatio?
+
Implement validation rules, transactional updates, conflict resolution
logic,
logging and monitoring for integration actions.
You ensure high availability for a critical creatio
deployment (global enterprise)?
+
Use cloud hosting with redundancy, regular backups, failover setup,
monitoring,
scaling resources as needed, and disaster recovery planning.
You ensure performance and scalability when many
workflows run simultaneously in creatio?
+
Optimize workflows, avoid heavy loops, batch operations, archive old data,
monitor
performance metrics, and scale resources as needed.
You handle data migration when business structure
changes (e.g. reorganization of departments) in creatio?
+
Map old data to new structure, update entities/relationships, preserve
history, test
workflows, update permissions, inform users.
You handle gdpr / data‑privacy compliance when using
creatio for eu customers?
+
Implement consent tracking, data retention policies, role‑based access,
audit logs,
anonymization, and document data handling procedures.
You handle multi‑tenant or multi‑subsidiary business
using single creatio instance?
+
Use role & access isolation, custom entities for subsidiaries, partition
data
logically, implement permissions per tenant.
You handle subscription billing and renewals using
creatio plus external billing module?
+
Use workflows for renewal reminder, integrate with billing system via API,
create
orders/invoices, track status — ensure data sync.
You handle version control and change management for
workflows and customisations in creatio?
+
Maintain version history, use sandbox for testing, document changes, get
approvals,
deploy in stages, keep rollback plan.
You integrate external web forms/landing pages with
creatio lead capture?
+
Use REST API or webhooks, map form fields to Creatio entities, validate
input,
create lead record automatically, trigger follow‑up workflows.
You manage data archive, cleanup of old records to
maintain performance in creatio?
+
Define retention policies, archive or delete old data, purge logs, use
separate
storage/archival, monitor DB size/performance.
You manage security and access control for sensitive
data (e.g. customer financials) in creatio?
+
Use field‑level permissions, role‑based access, encryption (if supported),
audit
logging, and restrict export options.
You merge records and manage duplicates in large
datasets inside creatio?
+
Use deduplication tools, merge function, validation rules, manual review for
ambiguous cases, and audit trail of merges.
You monitor system health, workflow execution metrics,
and usage analytics in creatio?
+
Use built-in analytics, custom dashboards, logs for errors/performance, user
activity reports, alerting on failures or heavy loads.
You onboard new teams or departments into existing
creatio instance with minimal disruption?
+
Use phased rollout, training sessions, permission management, custom
dashboards per
department, and pilot user feedback.
You plan for system maintenance and upgrades in
creatio
used heavily with custom workflows and integrations?
+
Schedule maintenance windows, backup data, test upgrades in sandbox, update
integrations, communicate with users, rollback plan if needed.
You support multi‑currency and global sales operations
in creatio?
+
Configure currency fields, exchange rates, localizations, regional
permissions, and
adapt workflows per region.
‘actions’ in a creatio workflow?
+
Tasks executed automatically: sending email, assigning owner, updating
records,
creating tasks, notifications, etc. :contentReference[oaicite:24]{index=24}
‘conditions and rules’ in a creatio workflow?
+
Logical criteria used inside workflows to branch paths: e.g. if amount > X
then
route to manager; else proceed to next step.
:contentReference[oaicite:23]{index=23}
360‑degree customer view in creatio?
+
A unified profile that stores contact info, interaction history,
orders/cases/contracts — giving full visibility across departments.
:contentReference[oaicite:4]{index=4}
Advantages of using workflow automation vs manual
processes?
+
Consistency, reduced errors, speed, auditability, scalability, and freeing
up human
resources for strategic work. :contentReference[oaicite:25]{index=25}
Ai‑native crm in creatio?
+
AI is embedded at the core: predictive, generative, and agentic AI features
(lead
scoring, automated actions, email generation, insights) to support CRM
tasks.
:contentReference[oaicite:12]{index=12}
Ai‑powered lead scoring in creatio?
+
AI analyzes lead data/history to assign scores to leads — helping
sales/marketing
prioritize high‑potential leads automatically.
Api integrations in creatio crm?
+
REST / API endpoints provided by Creatio to integrate with external systems
(ERP,
e‑commerce platform, telephony, webhooks, etc.).
:contentReference[oaicite:35]{index=35}
Api rate‑limiting and performance considerations for
integrations in creatio?
+
When using APIs for integrations, pay attention to request rates, data
volume, and
trigger load to avoid performance issues.
Approach for a business continuity plan involving
creatio crm (downtime, disaster)?
+
Have backups, redundancy, plan for failover, offline data access if
supported, data
export strategy, manual process fallback.
Approach for auditing user permissions and data access
regularly in creatio?
+
Run audit logs, review roles, validate access levels, revoke unused
permissions,
enforce least privilege principle.
Approach for customizing creatio ui for
brand/organization requirements?
+
Configure layouts, themes, labels, custom fields, modules, and optionally
custom
code/extensions if needed.
Approach for gdpr / data‑privacy compliance with
creatio
in eu or regulated regions?
+
Implement consent fields, data access controls, data retention / purge
policies,
audit logs, role‑based permissions.
Approach for handling data migration during major
schema
changes in creatio?
+
Export existing data, map to new schema, transform as needed, import to new
model,
validate data integrity, test workflows.
Approach for integrating creatio with e‑commerce or
web‑forms (lead capture)?
+
Use APIs/webhooks to push form data to Creatio, auto-create leads or
contacts,
trigger workflows for follow-up or assignment.
Approach for long‑term scalability and maintainability
of custom apps built on creatio?
+
Document schema and workflows, follow naming and versioning standards,
modular
design, regular review and cleanup.
Approach for migration from another crm to creatio
without losing history and data relationships?
+
Extract full data including history, map entities/relationships, import in
correct
order (e.g. accounts before opportunities), maintain IDs or references, test
thoroughly.
Approach for multi‑department collaboration using
creatio across sales, service, marketing?
+
Define shared workflows, permissions, data model; ensure proper assignment
and
notifications; use unified customer profile.
Approach for testing performance under load with many
concurrent workflows/users in creatio?
+
Simulate load, monitor response times, optimize workflows, scale resources,
archive
old data, avoid heavy triggers.
Approach for user feedback and continuous improvement
after rollout of creatio?
+
Collect user feedback, analyze issues, refine workflows/UI, conduct periodic
training, and update documentation.
Approach to ensure data integrity when multiple
integrations write to creatio?
+
Implement validation rules, transaction checks, error handling,
deduplication logic
and monitoring to prevent data corruption.
Approach to incremental rollout of creatio to large
organization?
+
Pilot with small user group, gather feedback, refine workflows, train next
group,
gradually expand — reduce risk and ensure adoption.
Approach to integrate creatio with external analytics
tool (bi)?
+
Use APIs to export CRM data or connect BI tool to database; schedule regular
exports; maintain data integrity and mapping.
Approach to retire or archive old/unused data or
workflows in creatio?
+
Identify deprecated records/processes, archive or delete, update workflows
to avoid
referencing removed data, backup before cleaning.
Audit & compliance readiness when using creatio for
regulated industries (finance, healthcare)?
+
Use access controls, audit logs, encryption, data retention/archival
policies,
strict permissions and workflow approvals.
Audit compliance (e.g. gdpr, iso) support in creatio?
+
Use audit logs, permissions, role‑based access, data retention policies,
secure
integrations to comply with regulatory requirements.
Audit log for user actions in creatio?
+
Records user activities — login, data modifications, workflow executions —
useful
for security, compliance, and tracking.
Audit logging frequency and storage management when
many
user activities logged in creatio?
+
Define retention policies, purge or archive older logs, store securely —
avoid
excessive storage while maintaining compliance.
Audit trail / history tracking in creatio?
+
Record changes to data — who changed what and when — useful for compliance,
tracking
updates, accountability.
Backup and disaster recovery planning with creatio
crm?
+
Regular backups, off‑site storage, redundancy, version control to ensure
data safety
in case of failures or data corruption.
Benefit of crm + bpm (business process management)
combined, as with creatio, compared to standard crm?
+
Allows not only managing customer data but automating operational, internal
and
industry‑specific business processes — increases efficiency and flexibility.
Benefit of modular licensing model for growing
businesses?
+
They can add modules/users as needed, scale gradually without paying for
unneeded
features upfront.
Benefits of low‑code crm for businesses, as offered by
creatio?
+
Faster deployment, lower dependence on developers, reduced costs, and
flexible
adaptation to changing business needs.
:contentReference[oaicite:10]{index=10}
Best practice for naming conventions (entities,
fields,
workflows) in creatio customisation?
+
Use meaningful names, consistent prefixes/suffixes, document definitions —
helps
maintain clarity and avoid conflicts.
Best practice for testing custom workflows in creatio
before production?
+
Use sandbox, test for all edge cases, verify permissions, simulate data
inputs, run
load tests, backup data.
Best way to manage schema changes (entities, fields)
in
creatio over time?
+
Define change log, version workflows, document changes, backup data,
communicate to
stakeholders, test in sandbox.
Bulk data import/export in creatio?
+
Supports bulk import/export operations (CSV/Excel) for contacts, leads, data
migration, backups, and mass updates.
Can creatio be used beyond crm — e.g. for hr, project
management, internal workflows?
+
Use its low‑code BPM / workflow engine and custom entities to model internal
processes (onboarding, approvals, project tracking).
Can creatio help a service/support team improve
customer
resolution time?
+
By automating ticket routing, SLA enforcement, case assignment, and using AI
agents
to suggest responses or prioritize cases.
:contentReference[oaicite:26]{index=26}
Can non‑technical users customise creatio crm?
+
Yes — business users (sales/marketing/service) can use visual designers to
build
workflows, layouts, dashboards, etc., without coding.
:contentReference[oaicite:11]{index=11}
Can you customize ui layouts and dashboards in creatio
without coding?
+
Using visual designers in Creatio’s studio — drag‑and‑drop fields, panels,
dashboards; rearrange layouts as per business needs.
:contentReference[oaicite:21]{index=21}
Can you extend creatio with custom code when no‑code
tools are not enough?
+
Use provided SDK/API, write custom scripts/integrations, use REST endpoints
or
external services — while keeping core no‑code logic separate.
Can you implement marketing roi tracking in creatio?
+
Use campaign and lead‑to‑sale tracking, assign leads to campaigns, track
conversions, revenue, attribution and generate reports/dashboards.
Change management best practice when implementing
creatio?
+
Define business processes clearly, plan roles/permissions, test workflows in
sandbox, migrate data carefully, train users, and roll out incrementally.
Change management when business processes evolve — to
update creatio workflows?
+
Use versioning, test updated workflows in sandbox, communicate changes,
train users
— avoid breaking active business flows.
Changelog or release management in creatio when you
update workflows?
+
Track and manage workflow changes; test in sandbox; deploy to production
safely;
rollback if needed.
Common challenges when implementing creatio crm?
+
Data migration complexity, initial learning curve for
customisation/workflows,
planning roles/permissions properly, defining business processes before
building.
Common use‑cases for workflow automation in creatio?
+
Lead → opportunity process, ticket/case management, loan/credit application,
onboarding workflows, approvals, order‑to‑invoice flows, etc.
:contentReference[oaicite:18]{index=18}
Configuration vs customization in creatio?
+
Configuration = using interface/tools to set up CRM without coding;
customization =
writing scripts or using advanced settings where needed.
Contact and lead management in creatio?
+
It enables capturing leads/contacts, managing their data, tracking
communications
and statuses until conversion. :contentReference[oaicite:6]{index=6}
Contract/invoice/order management inside creatio?
+
CREATIO allows creation/tracking of orders, generating invoices/contracts,
tracking
status — integrating financial/business transactions within CRM.
:contentReference[oaicite:33]{index=33}
Core modules available in creatio crm?
+
Sales, Marketing, Service (customer support), plus a studio/platform for
custom apps
& workflows. :contentReference[oaicite:3]{index=3}
Creatio crm?
+
Creatio CRM is a cloud‑based CRM and business‑process automation platform
that
unifies Sales, Marketing, Service, and workflow automation on a
low‑code/no‑code +
AI‑native platform. :contentReference[oaicite:1]{index=1}
Creatio marketplace?
+
A repository of 700+ applications/integrations/templates to extend
functionality and
adapt CRM to different industries or needs.
:contentReference[oaicite:13]{index=13}
Custom app in creatio?
+
An application built on Creatio’s platform (using low‑code tools) tailored
for
specific business processes beyond standard CRM (e.g. HR, project
management,
vertical‑specific flows).
Custom entity / object in creatio?
+
Users can define new entities (tables) beyond standard CRM ones to map to
business‑specific data (e.g. Projects, Vendors).
Custom field in creatio?
+
Extra field added to existing entity (contact, account, opportunity etc.) to
store
business‑specific data (like tax ID, region code, etc.).
Custom report building for cross‑module analytics in
creatio (e.g. sales + service + marketing)?
+
Define queries combining multiple entities, set filters/aggregations,
schedule
reports/dashboards — useful for overall business insights.
Custom reporting vs standard reporting in creatio?
+
Standard reports are pre‑built for common needs; custom reports are built by
users
to meet specific data/metric requirements (fields, filters, aggregations).
Customer life‑cycle management in creatio?
+
Tracking from first contact (lead) to long-term relationship — including
sales,
service, upsell, renewals, support — unified under CRM.
Customer portal capability in creatio for external
users?
+
Option for customers to access portal to submit tickets, check status, view
history
(where supported by configuration). :contentReference[oaicite:38]{index=38}
Customer service (support) automation in creatio?
+
Support teams can manage tickets/cases, SLAs, communication across channels
—
streamlining service workflows. :contentReference[oaicite:8]{index=8}
Customizable workflow for onboarding new employees
inside creatio (hr use‑case)?
+
Define process: create employee record → assign manager → set tasks →
approvals →
activation — all via CRM workflows.
Customization of workflows per geography or business
unit in creatio?
+
Define different workflows per region/business unit using the flexible
low‑code
platform configuration.
Customization vs out‑of‑box use in creatio?
+
Out‑of‑box means using standard modules with minimal config; customization
involves
building custom fields, workflows, layouts or apps to tailor to specific
needs.
Customizing creatio for project management instead of
pure crm?
+
Use custom entities (Projects, Tasks, Milestones), relationships, workflows
to
manage projects and collaboration inside Creatio.
Data backup and restore in creatio?
+
Ability (or need) to backup CRM data periodically and restore if needed —
ensuring
data safety (depending on deployment model).
Data deduplication and duplicate detection in creatio?
+
Mechanism to detect duplicate contacts/leads, merging duplicates, and
ensuring data
integrity.
Data export from creatio?
+
Export contacts, leads, reports, analytics or any list to CSV/Excel to allow
sharing
or offline analysis.
Data import in creatio?
+
Ability to import existing data (contacts, leads, accounts) from external
sources
(CSV, Excel, other CRMs) into Creatio CRM.
Data privacy and gdpr / region‑compliance support in
creatio?
+
Controls over personal data storage, permissions, access logs, ability to
anonymize
or delete personal data as per compliance needs.
Data transformation during import in creatio?
+
Mapping legacy fields to new schema, cleaning data, applying rules to
convert/validate data before import — helps ensure data quality.
Describe you’d implement lead-to-cash process in
creatio?
+
Explain mapping of entities (Lead → Opportunity → Order → Contract/Invoice),
workflows (lead scoring, assignment, approval), and integration with
billing/ERP.
Diffbet cloud deployment vs on‑premise deployment (if
offered) for creatio?
+
Cloud: easier scaling, maintenance; on-premise: more control over data,
possibly
required for compliance or data‑sensitive businesses.
Diffbet synchronous and asynchronous tasks in workflow
processing (in principle)?
+
Synchronous executes immediately; asynchronous can be scheduled/delayed or
run in
background — helps avoid blocking and allows scalable processing.
Diffbet using creatio for only crm vs full bpm + crm
use-case?
+
CRM-only: sales/marketing/service. Full BPM: includes internal operations,
HR,
procurement, approvals, custom workflows.
Does 'composable architecture' mean in creatio?
+
You can mix and match modules, workflows, custom apps as building blocks —
composing
CRM to business‑specific workflows without writing new code.
:contentReference[oaicite:14]{index=14}
Does creatio help in reducing total cost of ownership
compared to traditional crm systems?
+
Because of its low‑code nature and pre-built modules/integrations,
businesses can
avoid heavy development costs and still get customizable CRM.
:contentReference[oaicite:19]{index=19}
Does creatio help in regulatory compliance or audit
readiness?
+
Through audit trails, role‑based access, record‑history, SLA tracking, and
permissions/configuration to secure data and processes.
Does creatio support collaboration across teams?
+
Shared database, unified UI, communication and task‑assignment workflows,
role‑based
permissions, cross‑team visibility. :contentReference[oaicite:29]{index=29}
Does creatio support mobile access?
+
Yes — there is mobile access so users can manage CRM data and tasks on the
go.
:contentReference[oaicite:17]{index=17}
Does creatio support order / invoice / contract
management?
+
Yes — in addition to CRM, it supports orders, invoices and contract
workflows
(order/contract management via CRM modules).
:contentReference[oaicite:16]{index=16}
Does low-code / no-code mean in creatio?
+
It means you can design workflows, applications, UI layouts and business
logic via
visual designers (drag‑and‑drop, configuration) instead of writing code.
:contentReference[oaicite:2]{index=2}
Effort estimation when migrating legacy crm/data to
creatio?
+
Depends on data volume, number of modules, custom workflows; small CRM
migration may
take days, complex might take weeks with cleaning/mapping.
Error handling and retry logic in automated workflows
in
creatio?
+
Define fallback steps, alerts/notifications on failure, retrials or
escalations to
avoid data loss or stuck workflows.
Fallback/backup workflow when primary automation fails
in creatio?
+
Design error-handling steps: notifications, manual task creation, retries,
logging —
ensure no data/process loss.
Feature request and custom extension process for
creatio
when built-in features are insufficient?
+
Use Creatio’s platform to build custom fields/ entities; optionally develop
custom
code or use external services integrated via API.
Global query in creatio (search across crm)?
+
Search across contacts, leads, accounts, cases, opportunities etc — unified
search
to find any record quickly across modules.
Help‑desk / ticketing workflow in creatio service
module?
+
Automated case creation, assignment, SLA monitoring, escalation rules,
status
tracking, notifications, and case history management.
:contentReference[oaicite:31]{index=31}
Integration capabilities does creatio support?
+
APIs and pre-built connectors to integrate with external systems (ERP,
email,
telephony, third‑party tools) for seamless data flow.
:contentReference[oaicite:15]{index=15}
Integration testing when creatio interacts with
external
systems (erp, e‑commerce)?
+
Test data exchange, error handling, latency, API limits, conflict resolution
— in
sandbox before go-live.
Integration with external systems (erp, e‑commerce,
telephony) via creatio apis?
+
Use built‑in connectors or REST APIs to sync data between Creatio and
external
systems (orders, inventory, customer data) for unified operations.
:contentReference[oaicite:44]{index=44}
Kind of businesses benefit most from creatio?
+
Mid‑size to large enterprises with complex sales/service/marketing processes
needing
flexibility, automation, and scalability.
:contentReference[oaicite:30]{index=30}
Knowledge base management in creatio service module?
+
Store FAQs, manuals, service guides — searchable knowledge base to help
agents and
customers resolve issues quickly. :contentReference[oaicite:39]{index=39}
Lead nurturing in creatio?
+
Automated sequence of interactions (emails, reminders, tasks) to gradually
engage
leads until they are sales-ready (qualified).
Lead-to-order process in creatio?
+
Flow from lead capture → qualification → opportunity → order →
contract/invoice
generation — all managed through CRM workflows.
License & pricing model for creatio (user‑based,
module‑based)?
+
Creatio uses modular licensing — clients pay per user per module(s) —
flexibility to
subscribe only to needed modules. :contentReference[oaicite:45]{index=45}
Marketing automation in creatio?
+
Tools to run campaigns, nurture leads, segment contacts, automate
email/social
campaigns, measure results — all within CRM.
:contentReference[oaicite:7]{index=7}
Marketing campaign workflow in creatio?
+
Lead segmentation → campaign initiation → email/social outreach → track
responses →
scoring → follow‑ups or nurture → convert to opportunity.
Monitoring & alerting setup for sla / ticketing
workflows in creatio?
+
Configure alerts/notifications on SLA breach, escalation rules, dashboards
for SLA
compliance tracking.
Multi‑channel customer communication in creatio?
+
Support for email, phone calls, chat, social media — all interactions logged
and
managed centrally. :contentReference[oaicite:43]{index=43}
Multitenancy support in creatio (for agencies)?
+
Ability to manage separate organizations/business units under same instance
with
segregated data and permissions.
No-code agent builder in creatio?
+
A visual tool where users can assemble AI agents (with skills, workflows,
knowledge
bases) without writing code — enabling automation, content generation,
notifications, etc. :contentReference[oaicite:27]{index=27}
Omnichannel communication support in creatio?
+
Handling customer interactions across multiple channels (email, phone, chat,
social)
unified under CRM to track history and response.
:contentReference[oaicite:34]{index=34}
Performance monitoring / logging in creatio for
workflows and system usage?
+
Track execution times, error rates, user activity, data volume — helps
identify
bottlenecks or abuse.
Performance optimization in creatio?
+
Use As‑needed workflows, limit heavy triggers, archive old data, optimize
reports,
and use no‑tracking dashboards for speed.
Pipeline (sales pipeline) management in creatio?
+
Visual pipeline tools that let you track deals across stages, forecast
revenue, and
manage opportunities from lead through closure.
:contentReference[oaicite:5]{index=5}
Pre‑built industry‑specific workflows in creatio?
+
Templates and predefined workflows tailored to verticals (finance, telecom,
services, etc.) for common business processes — reducing need to build from
scratch.
:contentReference[oaicite:28]{index=28}
Process to add a new module or functionality in
creatio
after initial implementation?
+
Use studio to configure module, define entities/fields/workflows, set
permissions,
test, and enable for users — without major downtime.
Real-time analytics vs scheduled reports in creatio?
+
Real-time analytics updates with data changes; scheduled reports are
generated at
intervals (daily/weekly/monthly) for review or export.
Recommended backup frequency for crm system like
creatio?
+
Depends on volume and business needs — daily or weekly backups for critical
data;
more frequent for high‑transaction systems.
Recommended user onboarding/training plan when company
moves to creatio?
+
Role‑based training, sandbox exploration, hands‑on tasks, documentation,
support,
phased adoption and feedback loop.
Reporting and analytics in creatio?
+
Customizable dashboards and reports to track KPIs — sales performance,
marketing
campaign ROI, service metrics, team performance, etc.
:contentReference[oaicite:40]{index=40}
Role of metadata/schema management in creatio custom
apps?
+
Define custom entities/tables, fields, relationships, data types — maintain
schema
for custom business needs without coding.
Role‑based access control (rbac) in creatio?
+
You can define roles and permissions to control which users or teams access
which
data/modules/features in CRM — ensuring security and proper access.
:contentReference[oaicite:20]{index=20}
Rollback plan when automated workflows produce
unintended consequences (e.g. wrong data update)?
+
Use backups, audit logs to identify changes, revert changes or re‑process
via
scripts or manual corrections, notify stakeholders.
Rollback strategy for a failed workflow or
customization
in creatio?
+
Restore from backup, revert to previous workflow version, run data
correction
scripts, notify users and audit changes.
Sales forecasting in creatio crm?
+
Based on pipeline data and past history, predicting future sales, revenue
and
chances of deal closure using built‑in analytics/AI tools.
:contentReference[oaicite:32]{index=32}
Sandbox or test environment in creatio before
production
deployment?
+
A separate instance or environment where you can test workflows,
customizations, and
integrations before applying to live data.
Sandbox testing best practices before deploying
workflows in enterprise creatio?
+
Test all branches, edge cases, user roles, data flows; verify security;
backup data;
get stakeholder sign-off.
Sandbox vs production environment in creatio
implementation?
+
Sandbox used for testing customizations and workflows; production is live
environment — helps avoid disrupting live data.
Scalability concern when many custom workflows and
integrations are added to creatio?
+
Ensure optimized workflows, limit heavy triggers, archive old data, monitor
performance — avoid overloading instance.
Scalability of creatio for large enterprises?
+
With cloud/no‑code + modular architecture, Creatio supports large datasets,
many
users, and complex workflows across departments.
:contentReference[oaicite:42]{index=42}
Security and permissions model in creatio?
+
Role‑based permissions, access control on modules/data, record-level
permissions to
ensure data security and compliance. :contentReference[oaicite:36]{index=36}
Separation of environments (development, staging,
production) in creatio deployment?
+
Maintain separate environments to develop/test customizations, test
integrations,
then deploy to production safely.
Sla configuration for service tickets in creatio?
+
Ability to define service‑level agreements, monitor response
times/resolution
deadlines, automate reminders/escalations when SLAs are near breach.
:contentReference[oaicite:37]{index=37}
Soft delete vs hard delete of records in creatio?
+
Soft delete marks record inactive (kept for history/audit); hard delete
removes
record permanently (used carefully to avoid data loss).
Strategy for managing multi‑region compliance &
localization when using creatio globally?
+
Use localized fields, regional data storage policies, consent management,
region‑specific workflows and permissions per region.
Support and maintenance requirement after creatio
deployment?
+
Monitor system performance, update workflows, backup data, manage
permissions,
handle upgrades and user support.
Support for gdpr / data privacy enforcement in creatio
workflows?
+
Configure consent fields, access permissions, data retention policies,
anonymization
procedures where applicable.
Support for multiple currencies and multi‑region data
in
creatio?
+
Configure fields and entities to support currencies, localization,
region‑specific
workflows for global businesses.
Support for multiple languages in ui and data in
creatio?
+
Locales and language packs — ability to configure UI labels, messages, data
format
for global teams/customers.
Support for role-based dashboards and views in
creatio?
+
Managers, sales reps, support agents can have tailored dashboards showing
data
relevant to their role.
Testing strategy for new workflows or custom apps in
creatio?
+
Use sandbox environment, simulate all scenarios, test edge cases, verify
data
integrity, run performance tests, get user sign‑off before production.
To build a customer feedback survey workflow within
creatio?
+
Create survey entity, send survey via email/workflow after service/ticket
resolution, collect responses, store data, trigger follow‑ups based on
feedback.
To design backup & disaster recovery for medium /
large
creatio deployments?
+
Define backup schedule, off‑site storage, redundant servers/cloud, periodic
recovery
drills, documentation of restore procedures.
To ensure performance when running large bulk data
imports into creatio?
+
Use batch imports, disable triggers if needed, split data into chunks,
validate
beforehand, monitor system load.
To evaluate whether to use out‑of‑box features vs
build
custom workflows in creatio?
+
Compare business requirements vs built-in features, consider complexity,
maintenance
cost, performance, ease of use before customizing.
To handle duplicates and data quality issues during
migration to creatio?
+
Use deduplication logic, validation rules, manual review for conflicts,
maintain
audit logs of merges/cleanup.
To handle feature-request backlog and maintain roadmap
when using low‑code platform like creatio?
+
Prioritise based on impact, maintain documentation, version workflows,
schedule
releases, gather user feedback, test before deployment.
To implement audit‑ready workflow logging and
reporting
in creatio for compliance audits?
+
Enable audit logs, track user actions and changes, store history, provide
exportable
reports for compliance reviews.
To implement cross‑department workflow (e.g. sales →
service → billing) in creatio?
+
Define entities and relationships, build multi-step workflows, set
permissions per
department, use shared customer data, notifications and handoffs.
To implement lead scoring and prioritisation using
creatio built‑in ai features?
+
Configure lead attributes, enable AI lead scoring, define
thresholds/triggers,
auto‑assign or notify sales reps for high‑value leads.
To implement time‑based or scheduled workflows (e.g.
follow‑ups after 30 days) in creatio?
+
Use scheduling features or time‑based triggers to automatically perform
actions
after specified intervals.
To integrate creatio with external analytics/bi
platform
for advanced reporting?
+
Use API/data export, build ETL pipelines or direct DB connections, schedule
data
sync, design reports as per business needs.
To manage data privacy and user consent (for
marketing)
inside creatio?
+
Add consent fields, track opt‑in/opt‑out, restrict data access, implement
data
retention policies, maintain audit logs.
To manage version control and deployment of
customizations across multiple environments (dev, test, prod) in creatio?
+
Use sandbox for dev/testing, version workflows, document changes, test
thoroughly,
smooth promotion to production, track differences.
To migrate crm data and business logic from legacy
system to creatio with minimal downtime?
+
Plan extraction, mapping, pilot import/test, validate data, run parallel
systems
during cut-over, communicate with users, backup data.
To monitor and handle performance issues when many
automations and workflows are active in creatio?
+
Use logs and analytics, identify heavy workflows, optimize them, archive
inactive
items, scale resources, apply caching where possible.
To prepare for creatio crm implementation project?
+
Define business processes clearly, map data schema, prepare migration plan,
define
roles/permissions, set up sandbox, schedule training, plan rollout phases.
To set up role‑based dashboards and permission‑based
record visibility in creatio?
+
Define roles, assign permissions per module/entity, configure dashboards per
role to
show only relevant data.
Training and onboarding support for new creatio users?
+
Use sandbox/demo environment, tutorials, documentation, role‑based
permissions, and
phased rollout to help adoption.
Typical migration scenario when moving to creatio from
legacy crm?
+
Mapping legacy data fields to Creatio schema, cleaning data, importing
contacts/leads, configuring workflows, roles, custom fields, and training
users.
Typical steps for data migration into creatio from
legacy systems?
+
Data extraction → cleansing → mapping to Creatio schema → import →
validation →
testing → go‑live.
Ui localization / multiple languages support in
creatio?
+
Creatio supports multi‑language UI configuration to support global teams and
clients
in different regions.
Use of version history / audit trail for compliance or
internal audits in creatio?
+
Track data changes, user actions, workflow executions to provide
transparency,
accountability and support audits.
Use‑case: building a custom internal project
management
tool inside creatio?
+
Define Projects, Tasks entities; set relationships; build task assignment
and
tracking workflows, notifications, dashboards — custom app built on low‑code
platform.
Use‑case: building customer self‑service portal
through
creatio?
+
Expose case/ticket submission, status tracking, knowledge base, chat/email
support —
allowing customers to self-serve while CRM tracks interactions.
Use‑case: complaint resolution and feedback loop
automation?
+
Customer complaint entered → auto‑assign → send acknowledgement → schedule
resolution → send feedback / survey after resolution — tracked in CRM.
Use‑case: custom compliance workflow for regulated
industries (approvals, audits, documentation) in creatio?
+
Design approval workflows, audit logging, document storage, permissions,
version
history to meet compliance requirements.
Use‑case: customer onboarding workflow (for saas)
using
creatio?
+
Lead → contact → contract → onboarding tasks → welcome email → user training
— all
steps managed via workflow automation.
Use‑case: customizing dashboards for executive
leadership to shigh-level kpis?
+
Create dashboard combining sales pipeline, revenue forecast, service
metrics,
marketing ROI, customer satisfaction — for strategic decisions.
Use‑case: data archive and retention policies for old
records in creatio for compliance / performance reasons?
+
Archive old data, soft‑delete records, purge logs after retention period —
maintain
performance and compliance.
Use‑case: event management (seminars, webinars) using
creatio crm?
+
Registrations (leads), automated reminders, post-event follow‑ups, lead
scoring,
conversion to opportunity — full workflow in CRM.
Use‑case: globalization and multi‑region sales process
with localisation (currency, language) in creatio?
+
Configure multi-currency fields, localization settings, region-based
workflows, and
assign regional teams — manage global operations.
Use‑case: handling subscription renewals and recurring
billing pipelines in creatio?
+
Use workflows to send renewal reminders, generate invoices/contracts, update
statuses, notify account managers — automating subscription lifecycle.
Use‑case: hr onboarding/offboarding and employee
record
management in creatio?
+
Employee entity, onboarding workflow, access assignment, role-based
permissions,
offboarding tasks — manageable via low‑code workflows.
Use‑case: integrating creatio with erp for
order-to-cash
process?
+
Sync customer/order data, invoices, inventory, payment status — ensure full
order
lifecycle from lead to cash in coordinated systems.
Use‑case: integrating telephony or pbx into creatio
for
call logging and click-to-call?
+
Use built‑in connectors or APIs to log calls, record interaction history,
trigger
follow-up tasks — unified communication tracking.
:contentReference[oaicite:46]{index=46}
Use‑case: marketing nurture + re‑engagement workflows
for dormant clients?
+
Segment old clients, run email/social campaigns, schedule follow-up tasks,
track
engagement, convert to opportunity if interest resumes.
Use‑case: marketing‑to‑sales handoff automation in
creatio?
+
Marketing captures lead → nurtures → scores lead → when qualified,
auto‑assign to
sales rep → create opportunity → notify sales team — handoff automated.
Use‑case: multi‑team collaboration (sales + support +
finance) for order & invoice process in creatio?
+
Shared data (customer, orders, invoices), workflows for approval,
notifications
across departments, status tracking — unified operations.
Use‑case: role-based dashboards and permissions for
different teams in creatio?
+
Sales dashboard for sales team; support dashboard for service team; finance
dashboard for billing — each with restricted access per role.
Use‑case: subscription‑based service lifecycle and
renewal tracking using creatio?
+
Contracts entity, renewal dates, reminder workflows, invoice generation,
customer
communication — automate renewals and billing.
Use‑case: support ticket escalation and sla
enforcement
using creatio service module?
+
Ticket created → auto‑assign → SLA timer & reminder → if SLA breach,
auto‑escalate
or alert manager → resolution tracking.
Use‑case: vendor/supplier management (b2b) using
creatio
custom entities?
+
Define Vendor entity, track interactions, purchase orders, contracts,
approvals —
manage vendor lifecycle inside CRM.
User activity / task management within creatio?
+
Users/teams can create tasks, assign to others, track progress; integrated
with CRM
workflow and customer data.
User activity monitoring and analytics in creatio for
management?
+
Track login history, record edits, workflow execution stats, error rates —
use
dashboards to monitor productivity, compliance and usage patterns.
User adoption strategy when switching to creatio crm
in
a company?
+
Communicate benefits, involve key users early, provide training, create
incentives,
gather feedback and iterate workflows.
User roles and permission hierarchy in large
organizations using creatio?
+
Define roles (admin, sales rep, support agent, manager), assign permissions
by
module/record/field to enforce security and privacy.
User training approach when adopting creatio in an
organization?
+
Role-based training, sandbox practice, documentation, mentorship, phased
rollout,
and gathering user feedback to refine workflows.
Version control for customizations in creatio?
+
Track changes to custom apps/workflows, manage versions or rollback if
needed
(depends on deployment/config).
Vertical‑specific (industry‑specific) workflow
template
in creatio?
+
Pre-built process templates for industries (finance, telecom, services)
tailored to
standard operations in that industry.
:contentReference[oaicite:41]{index=41}
Webhook or external trigger support in creatio (for
integrations)?
+
Creatio can integrate external triggers or webhooks to react to external
events
(e.g. from other systems) to start workflows.
Workflow automation in creatio?
+
Automated workflows that trigger actions (notifications, updates,
assignments) based
on events or conditions to reduce manual tasks.
:contentReference[oaicite:9]{index=9}
Workflow trigger’ in creatio?
+
An event or condition (e.g. lead status change, new ticket, date/time event)
that
initiates an automated workflow. :contentReference[oaicite:22]{index=22}
Workflow versioning or change history in creatio?
+
Changes to workflows can be versioned or logged to allow rollback or audit
of
modifications.
Would you build a custom app (e.g. invoice management)
in creatio without coding?
+
Define entities (Invoice/Payment), fields, relationships, UI layouts,
workflows for
invoice generation, approval, payment tracking — all via low‑code tools.
Would you ensure data integrity and avoid duplicates
in
creatio when many integrations feed data?
+
Use validation rules, deduplication logic, unique fields, audit logs,
regular data
cleanup, and possibly API‑side checks.
Would you implement a custom reporting module
combining
data from sales, service, and marketing in creatio?
+
Use cross‑entity queries or custom entities, aggregations, define filters,
build
dashboards, schedule report generation and export.
Would you implement data backup & disaster recovery
for
a creatio deployment?
+
Schedule regular backups, store off‑site, export critical data, plan
failover,
document restoration process and test periodically.
Would you implement sla‑driven customer service
workflow
in creatio?
+
Design SLA rules, assign case priorities, set timers/triggers, escalate
cases on
breach, send notifications, track resolution and compliance.
Would you integrate creatio with a third‑party billing
or invoicing system?
+
Use REST API or built‑in connectors, map invoice/order data, design
synchronization
workflows, handle errors and updates.
Would you integrate creatio with an erp for order
fulfillment?
+
Use Creatio APIs or connectors to sync orders, customer data, statuses; set
up
workflows to push/pull data, manage order lifecycle and inventory.
Would you manage user roles and permissions for a
global
company using creatio?
+
Define hierarchical roles, restrict data by region or business unit,
implement
least‑privilege principle, audit permissions regularly.
Would you migrate 100,000 leads into creatio from
legacy
system?
+
Perform data cleaning, mapping, batch import via CSV/API, validate imported
data,
test workflows, use sandbox first, then go live in phases.
Would you onboard non‑technical users to use creatio
effectively?
+
Provide role‑based training, use step‑by‑step guides, give sandbox access,
deliver
mentorship, keep UI simple, and provide support documentation.
Would you plan disaster recovery and backup strategy
for
a global creatio deployment?
+
Define backup frequency, off‑site storage, restore procedures, failover
servers,
periodic DR drills.
You document crm customizations, workflows, data model
for future maintenance when using creatio?
+
Maintain documentation repositories, version control of workflows, schema
diagrams,
change logs, and periodic reviews.
You ensure data consistency when multiple external
systems sync to creatio?
+
Implement validation rules, transactional updates, conflict resolution
logic,
logging and monitoring for integration actions.
You ensure high availability for a critical creatio
deployment (global enterprise)?
+
Use cloud hosting with redundancy, regular backups, failover setup,
monitoring,
scaling resources as needed, and disaster recovery planning.
You ensure performance and scalability when many
workflows run simultaneously in creatio?
+
Optimize workflows, avoid heavy loops, batch operations, archive old data,
monitor
performance metrics, and scale resources as needed.
You handle data migration when business structure
changes (e.g. reorganization of departments) in creatio?
+
Map old data to new structure, update entities/relationships, preserve
history, test
workflows, update permissions, inform users.
You handle gdpr / data‑privacy compliance when using
creatio for eu customers?
+
Implement consent tracking, data retention policies, role‑based access,
audit logs,
anonymization, and document data handling procedures.
You handle multi‑tenant or multi‑subsidiary business
using single creatio instance?
+
Use role & access isolation, custom entities for subsidiaries, partition
data
logically, implement permissions per tenant.
You handle subscription billing and renewals using
creatio plus external billing module?
+
Use workflows for renewal reminder, integrate with billing system via API,
create
orders/invoices, track status — ensure data sync.
You handle version control and change management for
workflows and customisations in creatio?
+
Maintain version history, use sandbox for testing, document changes, get
approvals,
deploy in stages, keep rollback plan.
You integrate external web forms/landing pages with
creatio lead capture?
+
Use REST API or webhooks, map form fields to Creatio entities, validate
input,
create lead record automatically, trigger follow‑up workflows.
You manage data archive, cleanup of old records to
maintain performance in creatio?
+
Define retention policies, archive or delete old data, purge logs, use
separate
storage/archival, monitor DB size/performance.
You manage security and access control for sensitive
data (e.g. customer financials) in creatio?
+
Use field‑level permissions, role‑based access, encryption (if supported),
audit
logging, and restrict export options.
You merge records and manage duplicates in large
datasets inside creatio?
+
Use deduplication tools, merge function, validation rules, manual review for
ambiguous cases, and audit trail of merges.
You monitor system health, workflow execution metrics,
and usage analytics in creatio?
+
Use built-in analytics, custom dashboards, logs for errors/performance, user
activity reports, alerting on failures or heavy loads.
You onboard new teams or departments into existing
creatio instance with minimal disruption?
+
Use phased rollout, training sessions, permission management, custom
dashboards per
department, and pilot user feedback.
You plan for system maintenance and upgrades in
creatio
used heavily with custom workflows and integrations?
+
Schedule maintenance windows, backup data, test upgrades in sandbox, update
integrations, communicate with users, rollback plan if needed.
You support multi‑currency and global sales operations
in creatio?
+
Configure currency fields, exchange rates, localizations, regional
permissions, and
adapt workflows per region.
‘actions’ in a creatio workflow?
+
Tasks executed automatically: sending email, assigning owner, updating
records,
creating tasks, notifications, etc. :contentReference[oaicite:24]{index=24}
‘conditions and rules’ in a creatio workflow?
+
Logical criteria used inside workflows to branch paths: e.g. if amount > X
then
route to manager; else proceed to next step.
:contentReference[oaicite:23]{index=23}
360‑degree customer view in creatio?
+
A unified profile that stores contact info, interaction history,
orders/cases/contracts — giving full visibility across departments.
:contentReference[oaicite:4]{index=4}
Advantages of using workflow automation vs manual
processes?
+
Consistency, reduced errors, speed, auditability, scalability, and freeing
up human
resources for strategic work. :contentReference[oaicite:25]{index=25}
Ai‑native crm in creatio?
+
AI is embedded at the core: predictive, generative, and agentic AI features
(lead
scoring, automated actions, email generation, insights) to support CRM
tasks.
:contentReference[oaicite:12]{index=12}
Ai‑powered lead scoring in creatio?
+
AI analyzes lead data/history to assign scores to leads — helping
sales/marketing
prioritize high‑potential leads automatically.
Api integrations in creatio crm?
+
REST / API endpoints provided by Creatio to integrate with external systems
(ERP,
e‑commerce platform, telephony, webhooks, etc.).
:contentReference[oaicite:35]{index=35}
Api rate‑limiting and performance considerations for
integrations in creatio?
+
When using APIs for integrations, pay attention to request rates, data
volume, and
trigger load to avoid performance issues.
Approach for a business continuity plan involving
creatio crm (downtime, disaster)?
+
Have backups, redundancy, plan for failover, offline data access if
supported, data
export strategy, manual process fallback.
Approach for auditing user permissions and data access
regularly in creatio?
+
Run audit logs, review roles, validate access levels, revoke unused
permissions,
enforce least privilege principle.
Approach for customizing creatio ui for
brand/organization requirements?
+
Configure layouts, themes, labels, custom fields, modules, and optionally
custom
code/extensions if needed.
Approach for gdpr / data‑privacy compliance with
creatio
in eu or regulated regions?
+
Implement consent fields, data access controls, data retention / purge
policies,
audit logs, role‑based permissions.
Approach for handling data migration during major
schema
changes in creatio?
+
Export existing data, map to new schema, transform as needed, import to new
model,
validate data integrity, test workflows.
Approach for integrating creatio with e‑commerce or
web‑forms (lead capture)?
+
Use APIs/webhooks to push form data to Creatio, auto-create leads or
contacts,
trigger workflows for follow-up or assignment.
Approach for long‑term scalability and maintainability
of custom apps built on creatio?
+
Document schema and workflows, follow naming and versioning standards,
modular
design, regular review and cleanup.
Approach for migration from another crm to creatio
without losing history and data relationships?
+
Extract full data including history, map entities/relationships, import in
correct
order (e.g. accounts before opportunities), maintain IDs or references, test
thoroughly.
Approach for multi‑department collaboration using
creatio across sales, service, marketing?
+
Define shared workflows, permissions, data model; ensure proper assignment
and
notifications; use unified customer profile.
Approach for testing performance under load with many
concurrent workflows/users in creatio?
+
Simulate load, monitor response times, optimize workflows, scale resources,
archive
old data, avoid heavy triggers.
Approach for user feedback and continuous improvement
after rollout of creatio?
+
Collect user feedback, analyze issues, refine workflows/UI, conduct periodic
training, and update documentation.
Approach to ensure data integrity when multiple
integrations write to creatio?
+
Implement validation rules, transaction checks, error handling,
deduplication logic
and monitoring to prevent data corruption.
Approach to incremental rollout of creatio to large
organization?
+
Pilot with small user group, gather feedback, refine workflows, train next
group,
gradually expand — reduce risk and ensure adoption.
Approach to integrate creatio with external analytics
tool (bi)?
+
Use APIs to export CRM data or connect BI tool to database; schedule regular
exports; maintain data integrity and mapping.
Approach to retire or archive old/unused data or
workflows in creatio?
+
Identify deprecated records/processes, archive or delete, update workflows
to avoid
referencing removed data, backup before cleaning.
Audit & compliance readiness when using creatio for
regulated industries (finance, healthcare)?
+
Use access controls, audit logs, encryption, data retention/archival
policies,
strict permissions and workflow approvals.
Audit compliance (e.g. gdpr, iso) support in creatio?
+
Use audit logs, permissions, role‑based access, data retention policies,
secure
integrations to comply with regulatory requirements.
Audit log for user actions in creatio?
+
Records user activities — login, data modifications, workflow executions —
useful
for security, compliance, and tracking.
Audit logging frequency and storage management when
many
user activities logged in creatio?
+
Define retention policies, purge or archive older logs, store securely —
avoid
excessive storage while maintaining compliance.
Audit trail / history tracking in creatio?
+
Record changes to data — who changed what and when — useful for compliance,
tracking
updates, accountability.
Backup and disaster recovery planning with creatio
crm?
+
Regular backups, off‑site storage, redundancy, version control to ensure
data safety
in case of failures or data corruption.
Benefit of crm + bpm (business process management)
combined, as with creatio, compared to standard crm?
+
Allows not only managing customer data but automating operational, internal
and
industry‑specific business processes — increases efficiency and flexibility.
Benefit of modular licensing model for growing
businesses?
+
They can add modules/users as needed, scale gradually without paying for
unneeded
features upfront.
Benefits of low‑code crm for businesses, as offered by
creatio?
+
Faster deployment, lower dependence on developers, reduced costs, and
flexible
adaptation to changing business needs.
:contentReference[oaicite:10]{index=10}
Best practice for naming conventions (entities,
fields,
workflows) in creatio customisation?
+
Use meaningful names, consistent prefixes/suffixes, document definitions —
helps
maintain clarity and avoid conflicts.
Best practice for testing custom workflows in creatio
before production?
+
Use sandbox, test for all edge cases, verify permissions, simulate data
inputs, run
load tests, backup data.
Best way to manage schema changes (entities, fields)
in
creatio over time?
+
Define change log, version workflows, document changes, backup data,
communicate to
stakeholders, test in sandbox.
Bulk data import/export in creatio?
+
Supports bulk import/export operations (CSV/Excel) for contacts, leads, data
migration, backups, and mass updates.
Can creatio be used beyond crm — e.g. for hr, project
management, internal workflows?
+
Use its low‑code BPM / workflow engine and custom entities to model internal
processes (onboarding, approvals, project tracking).
Can creatio help a service/support team improve
customer
resolution time?
+
By automating ticket routing, SLA enforcement, case assignment, and using AI
agents
to suggest responses or prioritize cases.
:contentReference[oaicite:26]{index=26}
Can non‑technical users customise creatio crm?
+
Yes — business users (sales/marketing/service) can use visual designers to
build
workflows, layouts, dashboards, etc., without coding.
:contentReference[oaicite:11]{index=11}
Can you customize ui layouts and dashboards in creatio
without coding?
+
Using visual designers in Creatio’s studio — drag‑and‑drop fields, panels,
dashboards; rearrange layouts as per business needs.
:contentReference[oaicite:21]{index=21}
Can you extend creatio with custom code when no‑code
tools are not enough?
+
Use provided SDK/API, write custom scripts/integrations, use REST endpoints
or
external services — while keeping core no‑code logic separate.
Can you implement marketing roi tracking in creatio?
+
Use campaign and lead‑to‑sale tracking, assign leads to campaigns, track
conversions, revenue, attribution and generate reports/dashboards.
Change management best practice when implementing
creatio?
+
Define business processes clearly, plan roles/permissions, test workflows in
sandbox, migrate data carefully, train users, and roll out incrementally.
Change management when business processes evolve — to
update creatio workflows?
+
Use versioning, test updated workflows in sandbox, communicate changes,
train users
— avoid breaking active business flows.
Changelog or release management in creatio when you
update workflows?
+
Track and manage workflow changes; test in sandbox; deploy to production
safely;
rollback if needed.
Common challenges when implementing creatio crm?
+
Data migration complexity, initial learning curve for
customisation/workflows,
planning roles/permissions properly, defining business processes before
building.
Common use‑cases for workflow automation in creatio?
+
Lead → opportunity process, ticket/case management, loan/credit application,
onboarding workflows, approvals, order‑to‑invoice flows, etc.
:contentReference[oaicite:18]{index=18}
Configuration vs customization in creatio?
+
Configuration = using interface/tools to set up CRM without coding;
customization =
writing scripts or using advanced settings where needed.
Contact and lead management in creatio?
+
It enables capturing leads/contacts, managing their data, tracking
communications
and statuses until conversion. :contentReference[oaicite:6]{index=6}
Contract/invoice/order management inside creatio?
+
CREATIO allows creation/tracking of orders, generating invoices/contracts,
tracking
status — integrating financial/business transactions within CRM.
:contentReference[oaicite:33]{index=33}
Core modules available in creatio crm?
+
Sales, Marketing, Service (customer support), plus a studio/platform for
custom apps
& workflows. :contentReference[oaicite:3]{index=3}
Creatio crm?
+
Creatio CRM is a cloud‑based CRM and business‑process automation platform
that
unifies Sales, Marketing, Service, and workflow automation on a
low‑code/no‑code +
AI‑native platform. :contentReference[oaicite:1]{index=1}
Creatio marketplace?
+
A repository of 700+ applications/integrations/templates to extend
functionality and
adapt CRM to different industries or needs.
:contentReference[oaicite:13]{index=13}
Custom app in creatio?
+
An application built on Creatio’s platform (using low‑code tools) tailored
for
specific business processes beyond standard CRM (e.g. HR, project
management,
vertical‑specific flows).
Custom entity / object in creatio?
+
Users can define new entities (tables) beyond standard CRM ones to map to
business‑specific data (e.g. Projects, Vendors).
Custom field in creatio?
+
Extra field added to existing entity (contact, account, opportunity etc.) to
store
business‑specific data (like tax ID, region code, etc.).
Custom report building for cross‑module analytics in
creatio (e.g. sales + service + marketing)?
+
Define queries combining multiple entities, set filters/aggregations,
schedule
reports/dashboards — useful for overall business insights.
Custom reporting vs standard reporting in creatio?
+
Standard reports are pre‑built for common needs; custom reports are built by
users
to meet specific data/metric requirements (fields, filters, aggregations).
Customer life‑cycle management in creatio?
+
Tracking from first contact (lead) to long-term relationship — including
sales,
service, upsell, renewals, support — unified under CRM.
Customer portal capability in creatio for external
users?
+
Option for customers to access portal to submit tickets, check status, view
history
(where supported by configuration). :contentReference[oaicite:38]{index=38}
Customer service (support) automation in creatio?
+
Support teams can manage tickets/cases, SLAs, communication across channels
—
streamlining service workflows. :contentReference[oaicite:8]{index=8}
Customizable workflow for onboarding new employees
inside creatio (hr use‑case)?
+
Define process: create employee record → assign manager → set tasks →
approvals →
activation — all via CRM workflows.
Customization of workflows per geography or business
unit in creatio?
+
Define different workflows per region/business unit using the flexible
low‑code
platform configuration.
Customization vs out‑of‑box use in creatio?
+
Out‑of‑box means using standard modules with minimal config; customization
involves
building custom fields, workflows, layouts or apps to tailor to specific
needs.
Customizing creatio for project management instead of
pure crm?
+
Use custom entities (Projects, Tasks, Milestones), relationships, workflows
to
manage projects and collaboration inside Creatio.
Data backup and restore in creatio?
+
Ability (or need) to backup CRM data periodically and restore if needed —
ensuring
data safety (depending on deployment model).
Data deduplication and duplicate detection in creatio?
+
Mechanism to detect duplicate contacts/leads, merging duplicates, and
ensuring data
integrity.
Data export from creatio?
+
Export contacts, leads, reports, analytics or any list to CSV/Excel to allow
sharing
or offline analysis.
Data import in creatio?
+
Ability to import existing data (contacts, leads, accounts) from external
sources
(CSV, Excel, other CRMs) into Creatio CRM.
Data privacy and gdpr / region‑compliance support in
creatio?
+
Controls over personal data storage, permissions, access logs, ability to
anonymize
or delete personal data as per compliance needs.
Data transformation during import in creatio?
+
Mapping legacy fields to new schema, cleaning data, applying rules to
convert/validate data before import — helps ensure data quality.
Describe you’d implement lead-to-cash process in
creatio?
+
Explain mapping of entities (Lead → Opportunity → Order → Contract/Invoice),
workflows (lead scoring, assignment, approval), and integration with
billing/ERP.
Diffbet cloud deployment vs on‑premise deployment (if
offered) for creatio?
+
Cloud: easier scaling, maintenance; on-premise: more control over data,
possibly
required for compliance or data‑sensitive businesses.
Diffbet synchronous and asynchronous tasks in workflow
processing (in principle)?
+
Synchronous executes immediately; asynchronous can be scheduled/delayed or
run in
background — helps avoid blocking and allows scalable processing.
Diffbet using creatio for only crm vs full bpm + crm
use-case?
+
CRM-only: sales/marketing/service. Full BPM: includes internal operations,
HR,
procurement, approvals, custom workflows.
Does 'composable architecture' mean in creatio?
+
You can mix and match modules, workflows, custom apps as building blocks —
composing
CRM to business‑specific workflows without writing new code.
:contentReference[oaicite:14]{index=14}
Does creatio help in reducing total cost of ownership
compared to traditional crm systems?
+
Because of its low‑code nature and pre-built modules/integrations,
businesses can
avoid heavy development costs and still get customizable CRM.
:contentReference[oaicite:19]{index=19}
Does creatio help in regulatory compliance or audit
readiness?
+
Through audit trails, role‑based access, record‑history, SLA tracking, and
permissions/configuration to secure data and processes.
Does creatio support collaboration across teams?
+
Shared database, unified UI, communication and task‑assignment workflows,
role‑based
permissions, cross‑team visibility. :contentReference[oaicite:29]{index=29}
Does creatio support mobile access?
+
Yes — there is mobile access so users can manage CRM data and tasks on the
go.
:contentReference[oaicite:17]{index=17}
Does creatio support order / invoice / contract
management?
+
Yes — in addition to CRM, it supports orders, invoices and contract
workflows
(order/contract management via CRM modules).
:contentReference[oaicite:16]{index=16}
Does low-code / no-code mean in creatio?
+
It means you can design workflows, applications, UI layouts and business
logic via
visual designers (drag‑and‑drop, configuration) instead of writing code.
:contentReference[oaicite:2]{index=2}
Effort estimation when migrating legacy crm/data to
creatio?
+
Depends on data volume, number of modules, custom workflows; small CRM
migration may
take days, complex might take weeks with cleaning/mapping.
Error handling and retry logic in automated workflows
in
creatio?
+
Define fallback steps, alerts/notifications on failure, retrials or
escalations to
avoid data loss or stuck workflows.
Fallback/backup workflow when primary automation fails
in creatio?
+
Design error-handling steps: notifications, manual task creation, retries,
logging —
ensure no data/process loss.
Feature request and custom extension process for
creatio
when built-in features are insufficient?
+
Use Creatio’s platform to build custom fields/ entities; optionally develop
custom
code or use external services integrated via API.
Global query in creatio (search across crm)?
+
Search across contacts, leads, accounts, cases, opportunities etc — unified
search
to find any record quickly across modules.
Help‑desk / ticketing workflow in creatio service
module?
+
Automated case creation, assignment, SLA monitoring, escalation rules,
status
tracking, notifications, and case history management.
:contentReference[oaicite:31]{index=31}
Integration capabilities does creatio support?
+
APIs and pre-built connectors to integrate with external systems (ERP,
email,
telephony, third‑party tools) for seamless data flow.
:contentReference[oaicite:15]{index=15}
Integration testing when creatio interacts with
external
systems (erp, e‑commerce)?
+
Test data exchange, error handling, latency, API limits, conflict resolution
— in
sandbox before go-live.
Integration with external systems (erp, e‑commerce,
telephony) via creatio apis?
+
Use built‑in connectors or REST APIs to sync data between Creatio and
external
systems (orders, inventory, customer data) for unified operations.
:contentReference[oaicite:44]{index=44}
Kind of businesses benefit most from creatio?
+
Mid‑size to large enterprises with complex sales/service/marketing processes
needing
flexibility, automation, and scalability.
:contentReference[oaicite:30]{index=30}
Knowledge base management in creatio service module?
+
Store FAQs, manuals, service guides — searchable knowledge base to help
agents and
customers resolve issues quickly. :contentReference[oaicite:39]{index=39}
Lead nurturing in creatio?
+
Automated sequence of interactions (emails, reminders, tasks) to gradually
engage
leads until they are sales-ready (qualified).
Lead-to-order process in creatio?
+
Flow from lead capture → qualification → opportunity → order →
contract/invoice
generation — all managed through CRM workflows.
License & pricing model for creatio (user‑based,
module‑based)?
+
Creatio uses modular licensing — clients pay per user per module(s) —
flexibility to
subscribe only to needed modules. :contentReference[oaicite:45]{index=45}
Marketing automation in creatio?
+
Tools to run campaigns, nurture leads, segment contacts, automate
email/social
campaigns, measure results — all within CRM.
:contentReference[oaicite:7]{index=7}
Marketing campaign workflow in creatio?
+
Lead segmentation → campaign initiation → email/social outreach → track
responses →
scoring → follow‑ups or nurture → convert to opportunity.
Monitoring & alerting setup for sla / ticketing
workflows in creatio?
+
Configure alerts/notifications on SLA breach, escalation rules, dashboards
for SLA
compliance tracking.
Multi‑channel customer communication in creatio?
+
Support for email, phone calls, chat, social media — all interactions logged
and
managed centrally. :contentReference[oaicite:43]{index=43}
Multitenancy support in creatio (for agencies)?
+
Ability to manage separate organizations/business units under same instance
with
segregated data and permissions.
No-code agent builder in creatio?
+
A visual tool where users can assemble AI agents (with skills, workflows,
knowledge
bases) without writing code — enabling automation, content generation,
notifications, etc. :contentReference[oaicite:27]{index=27}
Omnichannel communication support in creatio?
+
Handling customer interactions across multiple channels (email, phone, chat,
social)
unified under CRM to track history and response.
:contentReference[oaicite:34]{index=34}
Performance monitoring / logging in creatio for
workflows and system usage?
+
Track execution times, error rates, user activity, data volume — helps
identify
bottlenecks or abuse.
Performance optimization in creatio?
+
Use As‑needed workflows, limit heavy triggers, archive old data, optimize
reports,
and use no‑tracking dashboards for speed.
Pipeline (sales pipeline) management in creatio?
+
Visual pipeline tools that let you track deals across stages, forecast
revenue, and
manage opportunities from lead through closure.
:contentReference[oaicite:5]{index=5}
Pre‑built industry‑specific workflows in creatio?
+
Templates and predefined workflows tailored to verticals (finance, telecom,
services, etc.) for common business processes — reducing need to build from
scratch.
:contentReference[oaicite:28]{index=28}
Process to add a new module or functionality in
creatio
after initial implementation?
+
Use studio to configure module, define entities/fields/workflows, set
permissions,
test, and enable for users — without major downtime.
Real-time analytics vs scheduled reports in creatio?
+
Real-time analytics updates with data changes; scheduled reports are
generated at
intervals (daily/weekly/monthly) for review or export.
Recommended backup frequency for crm system like
creatio?
+
Depends on volume and business needs — daily or weekly backups for critical
data;
more frequent for high‑transaction systems.
Recommended user onboarding/training plan when company
moves to creatio?
+
Role‑based training, sandbox exploration, hands‑on tasks, documentation,
support,
phased adoption and feedback loop.
Reporting and analytics in creatio?
+
Customizable dashboards and reports to track KPIs — sales performance,
marketing
campaign ROI, service metrics, team performance, etc.
:contentReference[oaicite:40]{index=40}
Role of metadata/schema management in creatio custom
apps?
+
Define custom entities/tables, fields, relationships, data types — maintain
schema
for custom business needs without coding.
Role‑based access control (rbac) in creatio?
+
You can define roles and permissions to control which users or teams access
which
data/modules/features in CRM — ensuring security and proper access.
:contentReference[oaicite:20]{index=20}
Rollback plan when automated workflows produce
unintended consequences (e.g. wrong data update)?
+
Use backups, audit logs to identify changes, revert changes or re‑process
via
scripts or manual corrections, notify stakeholders.
Rollback strategy for a failed workflow or
customization
in creatio?
+
Restore from backup, revert to previous workflow version, run data
correction
scripts, notify users and audit changes.
Sales forecasting in creatio crm?
+
Based on pipeline data and past history, predicting future sales, revenue
and
chances of deal closure using built‑in analytics/AI tools.
:contentReference[oaicite:32]{index=32}
Sandbox or test environment in creatio before
production
deployment?
+
A separate instance or environment where you can test workflows,
customizations, and
integrations before applying to live data.
Sandbox testing best practices before deploying
workflows in enterprise creatio?
+
Test all branches, edge cases, user roles, data flows; verify security;
backup data;
get stakeholder sign-off.
Sandbox vs production environment in creatio
implementation?
+
Sandbox used for testing customizations and workflows; production is live
environment — helps avoid disrupting live data.
Scalability concern when many custom workflows and
integrations are added to creatio?
+
Ensure optimized workflows, limit heavy triggers, archive old data, monitor
performance — avoid overloading instance.
Scalability of creatio for large enterprises?
+
With cloud/no‑code + modular architecture, Creatio supports large datasets,
many
users, and complex workflows across departments.
:contentReference[oaicite:42]{index=42}
Security and permissions model in creatio?
+
Role‑based permissions, access control on modules/data, record-level
permissions to
ensure data security and compliance. :contentReference[oaicite:36]{index=36}
Separation of environments (development, staging,
production) in creatio deployment?
+
Maintain separate environments to develop/test customizations, test
integrations,
then deploy to production safely.
Sla configuration for service tickets in creatio?
+
Ability to define service‑level agreements, monitor response
times/resolution
deadlines, automate reminders/escalations when SLAs are near breach.
:contentReference[oaicite:37]{index=37}
Soft delete vs hard delete of records in creatio?
+
Soft delete marks record inactive (kept for history/audit); hard delete
removes
record permanently (used carefully to avoid data loss).
Strategy for managing multi‑region compliance &
localization when using creatio globally?
+
Use localized fields, regional data storage policies, consent management,
region‑specific workflows and permissions per region.
Support and maintenance requirement after creatio
deployment?
+
Monitor system performance, update workflows, backup data, manage
permissions,
handle upgrades and user support.
Support for gdpr / data privacy enforcement in creatio
workflows?
+
Configure consent fields, access permissions, data retention policies,
anonymization
procedures where applicable.
Support for multiple currencies and multi‑region data
in
creatio?
+
Configure fields and entities to support currencies, localization,
region‑specific
workflows for global businesses.
Support for multiple languages in ui and data in
creatio?
+
Locales and language packs — ability to configure UI labels, messages, data
format
for global teams/customers.
Support for role-based dashboards and views in
creatio?
+
Managers, sales reps, support agents can have tailored dashboards showing
data
relevant to their role.
Testing strategy for new workflows or custom apps in
creatio?
+
Use sandbox environment, simulate all scenarios, test edge cases, verify
data
integrity, run performance tests, get user sign‑off before production.
To build a customer feedback survey workflow within
creatio?
+
Create survey entity, send survey via email/workflow after service/ticket
resolution, collect responses, store data, trigger follow‑ups based on
feedback.
To design backup & disaster recovery for medium /
large
creatio deployments?
+
Define backup schedule, off‑site storage, redundant servers/cloud, periodic
recovery
drills, documentation of restore procedures.
To ensure performance when running large bulk data
imports into creatio?
+
Use batch imports, disable triggers if needed, split data into chunks,
validate
beforehand, monitor system load.
To evaluate whether to use out‑of‑box features vs
build
custom workflows in creatio?
+
Compare business requirements vs built-in features, consider complexity,
maintenance
cost, performance, ease of use before customizing.
To handle duplicates and data quality issues during
migration to creatio?
+
Use deduplication logic, validation rules, manual review for conflicts,
maintain
audit logs of merges/cleanup.
To handle feature-request backlog and maintain roadmap
when using low‑code platform like creatio?
+
Prioritise based on impact, maintain documentation, version workflows,
schedule
releases, gather user feedback, test before deployment.
To implement audit‑ready workflow logging and
reporting
in creatio for compliance audits?
+
Enable audit logs, track user actions and changes, store history, provide
exportable
reports for compliance reviews.
To implement cross‑department workflow (e.g. sales →
service → billing) in creatio?
+
Define entities and relationships, build multi-step workflows, set
permissions per
department, use shared customer data, notifications and handoffs.
To implement lead scoring and prioritisation using
creatio built‑in ai features?
+
Configure lead attributes, enable AI lead scoring, define
thresholds/triggers,
auto‑assign or notify sales reps for high‑value leads.
To implement time‑based or scheduled workflows (e.g.
follow‑ups after 30 days) in creatio?
+
Use scheduling features or time‑based triggers to automatically perform
actions
after specified intervals.
To integrate creatio with external analytics/bi
platform
for advanced reporting?
+
Use API/data export, build ETL pipelines or direct DB connections, schedule
data
sync, design reports as per business needs.
To manage data privacy and user consent (for
marketing)
inside creatio?
+
Add consent fields, track opt‑in/opt‑out, restrict data access, implement
data
retention policies, maintain audit logs.
To manage version control and deployment of
customizations across multiple environments (dev, test, prod) in creatio?
+
Use sandbox for dev/testing, version workflows, document changes, test
thoroughly,
smooth promotion to production, track differences.
To migrate crm data and business logic from legacy
system to creatio with minimal downtime?
+
Plan extraction, mapping, pilot import/test, validate data, run parallel
systems
during cut-over, communicate with users, backup data.
To monitor and handle performance issues when many
automations and workflows are active in creatio?
+
Use logs and analytics, identify heavy workflows, optimize them, archive
inactive
items, scale resources, apply caching where possible.
To prepare for creatio crm implementation project?
+
Define business processes clearly, map data schema, prepare migration plan,
define
roles/permissions, set up sandbox, schedule training, plan rollout phases.
To set up role‑based dashboards and permission‑based
record visibility in creatio?
+
Define roles, assign permissions per module/entity, configure dashboards per
role to
show only relevant data.
Training and onboarding support for new creatio users?
+
Use sandbox/demo environment, tutorials, documentation, role‑based
permissions, and
phased rollout to help adoption.
Typical migration scenario when moving to creatio from
legacy crm?
+
Mapping legacy data fields to Creatio schema, cleaning data, importing
contacts/leads, configuring workflows, roles, custom fields, and training
users.
Typical steps for data migration into creatio from
legacy systems?
+
Data extraction → cleansing → mapping to Creatio schema → import →
validation →
testing → go‑live.
Ui localization / multiple languages support in
creatio?
+
Creatio supports multi‑language UI configuration to support global teams and
clients
in different regions.
Use of version history / audit trail for compliance or
internal audits in creatio?
+
Track data changes, user actions, workflow executions to provide
transparency,
accountability and support audits.
Use‑case: building a custom internal project
management
tool inside creatio?
+
Define Projects, Tasks entities; set relationships; build task assignment
and
tracking workflows, notifications, dashboards — custom app built on low‑code
platform.
Use‑case: building customer self‑service portal
through
creatio?
+
Expose case/ticket submission, status tracking, knowledge base, chat/email
support —
allowing customers to self-serve while CRM tracks interactions.
Use‑case: complaint resolution and feedback loop
automation?
+
Customer complaint entered → auto‑assign → send acknowledgement → schedule
resolution → send feedback / survey after resolution — tracked in CRM.
Use‑case: custom compliance workflow for regulated
industries (approvals, audits, documentation) in creatio?
+
Design approval workflows, audit logging, document storage, permissions,
version
history to meet compliance requirements.
Use‑case: customer onboarding workflow (for saas)
using
creatio?
+
Lead → contact → contract → onboarding tasks → welcome email → user training
— all
steps managed via workflow automation.
Use‑case: customizing dashboards for executive
leadership to shigh-level kpis?
+
Create dashboard combining sales pipeline, revenue forecast, service
metrics,
marketing ROI, customer satisfaction — for strategic decisions.
Use‑case: data archive and retention policies for old
records in creatio for compliance / performance reasons?
+
Archive old data, soft‑delete records, purge logs after retention period —
maintain
performance and compliance.
Use‑case: event management (seminars, webinars) using
creatio crm?
+
Registrations (leads), automated reminders, post-event follow‑ups, lead
scoring,
conversion to opportunity — full workflow in CRM.
Use‑case: globalization and multi‑region sales process
with localisation (currency, language) in creatio?
+
Configure multi-currency fields, localization settings, region-based
workflows, and
assign regional teams — manage global operations.
Use‑case: handling subscription renewals and recurring
billing pipelines in creatio?
+
Use workflows to send renewal reminders, generate invoices/contracts, update
statuses, notify account managers — automating subscription lifecycle.
Use‑case: hr onboarding/offboarding and employee
record
management in creatio?
+
Employee entity, onboarding workflow, access assignment, role-based
permissions,
offboarding tasks — manageable via low‑code workflows.
Use‑case: integrating creatio with erp for
order-to-cash
process?
+
Sync customer/order data, invoices, inventory, payment status — ensure full
order
lifecycle from lead to cash in coordinated systems.
Use‑case: integrating telephony or pbx into creatio
for
call logging and click-to-call?
+
Use built‑in connectors or APIs to log calls, record interaction history,
trigger
follow-up tasks — unified communication tracking.
:contentReference[oaicite:46]{index=46}
Use‑case: marketing nurture + re‑engagement workflows
for dormant clients?
+
Segment old clients, run email/social campaigns, schedule follow-up tasks,
track
engagement, convert to opportunity if interest resumes.
Use‑case: marketing‑to‑sales handoff automation in
creatio?
+
Marketing captures lead → nurtures → scores lead → when qualified,
auto‑assign to
sales rep → create opportunity → notify sales team — handoff automated.
Use‑case: multi‑team collaboration (sales + support +
finance) for order & invoice process in creatio?
+
Shared data (customer, orders, invoices), workflows for approval,
notifications
across departments, status tracking — unified operations.
Use‑case: role-based dashboards and permissions for
different teams in creatio?
+
Sales dashboard for sales team; support dashboard for service team; finance
dashboard for billing — each with restricted access per role.
Use‑case: subscription‑based service lifecycle and
renewal tracking using creatio?
+
Contracts entity, renewal dates, reminder workflows, invoice generation,
customer
communication — automate renewals and billing.
Use‑case: support ticket escalation and sla
enforcement
using creatio service module?
+
Ticket created → auto‑assign → SLA timer & reminder → if SLA breach,
auto‑escalate
or alert manager → resolution tracking.
Use‑case: vendor/supplier management (b2b) using
creatio
custom entities?
+
Define Vendor entity, track interactions, purchase orders, contracts,
approvals —
manage vendor lifecycle inside CRM.
User activity / task management within creatio?
+
Users/teams can create tasks, assign to others, track progress; integrated
with CRM
workflow and customer data.
User activity monitoring and analytics in creatio for
management?
+
Track login history, record edits, workflow execution stats, error rates —
use
dashboards to monitor productivity, compliance and usage patterns.
User adoption strategy when switching to creatio crm
in
a company?
+
Communicate benefits, involve key users early, provide training, create
incentives,
gather feedback and iterate workflows.
User roles and permission hierarchy in large
organizations using creatio?
+
Define roles (admin, sales rep, support agent, manager), assign permissions
by
module/record/field to enforce security and privacy.
User training approach when adopting creatio in an
organization?
+
Role-based training, sandbox practice, documentation, mentorship, phased
rollout,
and gathering user feedback to refine workflows.
Version control for customizations in creatio?
+
Track changes to custom apps/workflows, manage versions or rollback if
needed
(depends on deployment/config).
Vertical‑specific (industry‑specific) workflow
template
in creatio?
+
Pre-built process templates for industries (finance, telecom, services)
tailored to
standard operations in that industry.
:contentReference[oaicite:41]{index=41}
Webhook or external trigger support in creatio (for
integrations)?
+
Creatio can integrate external triggers or webhooks to react to external
events
(e.g. from other systems) to start workflows.
Workflow automation in creatio?
+
Automated workflows that trigger actions (notifications, updates,
assignments) based
on events or conditions to reduce manual tasks.
:contentReference[oaicite:9]{index=9}
Workflow trigger’ in creatio?
+
An event or condition (e.g. lead status change, new ticket, date/time event)
that
initiates an automated workflow. :contentReference[oaicite:22]{index=22}
Workflow versioning or change history in creatio?
+
Changes to workflows can be versioned or logged to allow rollback or audit
of
modifications.
Would you build a custom app (e.g. invoice management)
in creatio without coding?
+
Define entities (Invoice/Payment), fields, relationships, UI layouts,
workflows for
invoice generation, approval, payment tracking — all via low‑code tools.
Would you ensure data integrity and avoid duplicates
in
creatio when many integrations feed data?
+
Use validation rules, deduplication logic, unique fields, audit logs,
regular data
cleanup, and possibly API‑side checks.
Would you implement a custom reporting module
combining
data from sales, service, and marketing in creatio?
+
Use cross‑entity queries or custom entities, aggregations, define filters,
build
dashboards, schedule report generation and export.
Would you implement data backup & disaster recovery
for
a creatio deployment?
+
Schedule regular backups, store off‑site, export critical data, plan
failover,
document restoration process and test periodically.
Would you implement sla‑driven customer service
workflow
in creatio?
+
Design SLA rules, assign case priorities, set timers/triggers, escalate
cases on
breach, send notifications, track resolution and compliance.
Would you integrate creatio with a third‑party billing
or invoicing system?
+
Use REST API or built‑in connectors, map invoice/order data, design
synchronization
workflows, handle errors and updates.
Would you integrate creatio with an erp for order
fulfillment?
+
Use Creatio APIs or connectors to sync orders, customer data, statuses; set
up
workflows to push/pull data, manage order lifecycle and inventory.
Would you manage user roles and permissions for a
global
company using creatio?
+
Define hierarchical roles, restrict data by region or business unit,
implement
least‑privilege principle, audit permissions regularly.
Would you migrate 100,000 leads into creatio from
legacy
system?
+
Perform data cleaning, mapping, batch import via CSV/API, validate imported
data,
test workflows, use sandbox first, then go live in phases.
Would you onboard non‑technical users to use creatio
effectively?
+
Provide role‑based training, use step‑by‑step guides, give sandbox access,
deliver
mentorship, keep UI simple, and provide support documentation.
Would you plan disaster recovery and backup strategy
for
a global creatio deployment?
+
Define backup frequency, off‑site storage, restore procedures, failover
servers,
periodic DR drills.
You document crm customizations, workflows, data model
for future maintenance when using creatio?
+
Maintain documentation repositories, version control of workflows, schema
diagrams,
change logs, and periodic reviews.
You ensure data consistency when multiple external
systems sync to creatio?
+
Implement validation rules, transactional updates, conflict resolution
logic,
logging and monitoring for integration actions.
You ensure high availability for a critical creatio
deployment (global enterprise)?
+
Use cloud hosting with redundancy, regular backups, failover setup,
monitoring,
scaling resources as needed, and disaster recovery planning.
You ensure performance and scalability when many
workflows run simultaneously in creatio?
+
Optimize workflows, avoid heavy loops, batch operations, archive old data,
monitor
performance metrics, and scale resources as needed.
You handle data migration when business structure
changes (e.g. reorganization of departments) in creatio?
+
Map old data to new structure, update entities/relationships, preserve
history, test
workflows, update permissions, inform users.
You handle gdpr / data‑privacy compliance when using
creatio for eu customers?
+
Implement consent tracking, data retention policies, role‑based access,
audit logs,
anonymization, and document data handling procedures.
You handle multi‑tenant or multi‑subsidiary business
using single creatio instance?
+
Use role & access isolation, custom entities for subsidiaries, partition
data
logically, implement permissions per tenant.
You handle subscription billing and renewals using
creatio plus external billing module?
+
Use workflows for renewal reminder, integrate with billing system via API,
create
orders/invoices, track status — ensure data sync.
You handle version control and change management for
workflows and customisations in creatio?
+
Maintain version history, use sandbox for testing, document changes, get
approvals,
deploy in stages, keep rollback plan.
You integrate external web forms/landing pages with
creatio lead capture?
+
Use REST API or webhooks, map form fields to Creatio entities, validate
input,
create lead record automatically, trigger follow‑up workflows.
You manage data archive, cleanup of old records to
maintain performance in creatio?
+
Define retention policies, archive or delete old data, purge logs, use
separate
storage/archival, monitor DB size/performance.
You manage security and access control for sensitive
data (e.g. customer financials) in creatio?
+
Use field‑level permissions, role‑based access, encryption (if supported),
audit
logging, and restrict export options.
You merge records and manage duplicates in large
datasets inside creatio?
+
Use deduplication tools, merge function, validation rules, manual review for
ambiguous cases, and audit trail of merges.
You monitor system health, workflow execution metrics,
and usage analytics in creatio?
+
Use built-in analytics, custom dashboards, logs for errors/performance, user
activity reports, alerting on failures or heavy loads.
You onboard new teams or departments into existing
creatio instance with minimal disruption?
+
Use phased rollout, training sessions, permission management, custom
dashboards per
department, and pilot user feedback.
You plan for system maintenance and upgrades in
creatio
used heavily with custom workflows and integrations?
+
Schedule maintenance windows, backup data, test upgrades in sandbox, update
integrations, communicate with users, rollback plan if needed.
You support multi‑currency and global sales operations
in creatio?
+
Configure currency fields, exchange rates, localizations, regional
permissions, and
adapt workflows per region.
‘actions’ in a creatio workflow?
+
Tasks executed automatically: sending email, assigning owner, updating
records,
creating tasks, notifications, etc. :contentReference[oaicite:24]{index=24}
‘conditions and rules’ in a creatio workflow?
+
Logical criteria used inside workflows to branch paths: e.g. if amount > X
then
route to manager; else proceed to next step.
:contentReference[oaicite:23]{index=23}
360‑degree customer view in creatio?
+
A unified profile that stores contact info, interaction history,
orders/cases/contracts — giving full visibility across departments.
:contentReference[oaicite:4]{index=4}
Advantages of using workflow automation vs manual
processes?
+
Consistency, reduced errors, speed, auditability, scalability, and freeing
up human
resources for strategic work. :contentReference[oaicite:25]{index=25}
Ai‑native crm in creatio?
+
AI is embedded at the core: predictive, generative, and agentic AI features
(lead
scoring, automated actions, email generation, insights) to support CRM
tasks.
:contentReference[oaicite:12]{index=12}
Ai‑powered lead scoring in creatio?
+
AI analyzes lead data/history to assign scores to leads — helping
sales/marketing
prioritize high‑potential leads automatically.
Api integrations in creatio crm?
+
REST / API endpoints provided by Creatio to integrate with external systems
(ERP,
e‑commerce platform, telephony, webhooks, etc.).
:contentReference[oaicite:35]{index=35}
Api rate‑limiting and performance considerations for
integrations in creatio?
+
When using APIs for integrations, pay attention to request rates, data
volume, and
trigger load to avoid performance issues.
Approach for a business continuity plan involving
creatio crm (downtime, disaster)?
+
Have backups, redundancy, plan for failover, offline data access if
supported, data
export strategy, manual process fallback.
Approach for auditing user permissions and data access
regularly in creatio?
+
Run audit logs, review roles, validate access levels, revoke unused
permissions,
enforce least privilege principle.
Approach for customizing creatio ui for
brand/organization requirements?
+
Configure layouts, themes, labels, custom fields, modules, and optionally
custom
code/extensions if needed.
Approach for gdpr / data‑privacy compliance with
creatio
in eu or regulated regions?
+
Implement consent fields, data access controls, data retention / purge
policies,
audit logs, role‑based permissions.
Approach for handling data migration during major
schema
changes in creatio?
+
Export existing data, map to new schema, transform as needed, import to new
model,
validate data integrity, test workflows.
Approach for integrating creatio with e‑commerce or
web‑forms (lead capture)?
+
Use APIs/webhooks to push form data to Creatio, auto-create leads or
contacts,
trigger workflows for follow-up or assignment.
Approach for long‑term scalability and maintainability
of custom apps built on creatio?
+
Document schema and workflows, follow naming and versioning standards,
modular
design, regular review and cleanup.
Approach for migration from another crm to creatio
without losing history and data relationships?
+
Extract full data including history, map entities/relationships, import in
correct
order (e.g. accounts before opportunities), maintain IDs or references, test
thoroughly.
Approach for multi‑department collaboration using
creatio across sales, service, marketing?
+
Define shared workflows, permissions, data model; ensure proper assignment
and
notifications; use unified customer profile.
Approach for testing performance under load with many
concurrent workflows/users in creatio?
+
Simulate load, monitor response times, optimize workflows, scale resources,
archive
old data, avoid heavy triggers.
Approach for user feedback and continuous improvement
after rollout of creatio?
+
Collect user feedback, analyze issues, refine workflows/UI, conduct periodic
training, and update documentation.
Approach to ensure data integrity when multiple
integrations write to creatio?
+
Implement validation rules, transaction checks, error handling,
deduplication logic
and monitoring to prevent data corruption.
Approach to incremental rollout of creatio to large
organization?
+
Pilot with small user group, gather feedback, refine workflows, train next
group,
gradually expand — reduce risk and ensure adoption.
Approach to integrate creatio with external analytics
tool (bi)?
+
Use APIs to export CRM data or connect BI tool to database; schedule regular
exports; maintain data integrity and mapping.
Approach to retire or archive old/unused data or
workflows in creatio?
+
Identify deprecated records/processes, archive or delete, update workflows
to avoid
referencing removed data, backup before cleaning.
Audit & compliance readiness when using creatio for
regulated industries (finance, healthcare)?
+
Use access controls, audit logs, encryption, data retention/archival
policies,
strict permissions and workflow approvals.
Audit compliance (e.g. gdpr, iso) support in creatio?
+
Use audit logs, permissions, role‑based access, data retention policies,
secure
integrations to comply with regulatory requirements.
Audit log for user actions in creatio?
+
Records user activities — login, data modifications, workflow executions —
useful
for security, compliance, and tracking.
Audit logging frequency and storage management when
many
user activities logged in creatio?
+
Define retention policies, purge or archive older logs, store securely —
avoid
excessive storage while maintaining compliance.
Audit trail / history tracking in creatio?
+
Record changes to data — who changed what and when — useful for compliance,
tracking
updates, accountability.
Backup and disaster recovery planning with creatio
crm?
+
Regular backups, off‑site storage, redundancy, version control to ensure
data safety
in case of failures or data corruption.
Benefit of crm + bpm (business process management)
combined, as with creatio, compared to standard crm?
+
Allows not only managing customer data but automating operational, internal
and
industry‑specific business processes — increases efficiency and flexibility.
Benefit of modular licensing model for growing
businesses?
+
They can add modules/users as needed, scale gradually without paying for
unneeded
features upfront.
Benefits of low‑code crm for businesses, as offered by
creatio?
+
Faster deployment, lower dependence on developers, reduced costs, and
flexible
adaptation to changing business needs.
:contentReference[oaicite:10]{index=10}
Best practice for naming conventions (entities,
fields,
workflows) in creatio customisation?
+
Use meaningful names, consistent prefixes/suffixes, document definitions —
helps
maintain clarity and avoid conflicts.
Best practice for testing custom workflows in creatio
before production?
+
Use sandbox, test for all edge cases, verify permissions, simulate data
inputs, run
load tests, backup data.
Best way to manage schema changes (entities, fields)
in
creatio over time?
+
Define change log, version workflows, document changes, backup data,
communicate to
stakeholders, test in sandbox.
Bulk data import/export in creatio?
+
Supports bulk import/export operations (CSV/Excel) for contacts, leads, data
migration, backups, and mass updates.
Can creatio be used beyond crm — e.g. for hr, project
management, internal workflows?
+
Use its low‑code BPM / workflow engine and custom entities to model internal
processes (onboarding, approvals, project tracking).
Can creatio help a service/support team improve
customer
resolution time?
+
By automating ticket routing, SLA enforcement, case assignment, and using AI
agents
to suggest responses or prioritize cases.
:contentReference[oaicite:26]{index=26}
Can non‑technical users customise creatio crm?
+
Yes — business users (sales/marketing/service) can use visual designers to
build
workflows, layouts, dashboards, etc., without coding.
:contentReference[oaicite:11]{index=11}
Can you customize ui layouts and dashboards in creatio
without coding?
+
Using visual designers in Creatio’s studio — drag‑and‑drop fields, panels,
dashboards; rearrange layouts as per business needs.
:contentReference[oaicite:21]{index=21}
Can you extend creatio with custom code when no‑code
tools are not enough?
+
Use provided SDK/API, write custom scripts/integrations, use REST endpoints
or
external services — while keeping core no‑code logic separate.
Can you implement marketing roi tracking in creatio?
+
Use campaign and lead‑to‑sale tracking, assign leads to campaigns, track
conversions, revenue, attribution and generate reports/dashboards.
Change management best practice when implementing
creatio?
+
Define business processes clearly, plan roles/permissions, test workflows in
sandbox, migrate data carefully, train users, and roll out incrementally.
Change management when business processes evolve — to
update creatio workflows?
+
Use versioning, test updated workflows in sandbox, communicate changes,
train users
— avoid breaking active business flows.
Changelog or release management in creatio when you
update workflows?
+
Track and manage workflow changes; test in sandbox; deploy to production
safely;
rollback if needed.
Common challenges when implementing creatio crm?
+
Data migration complexity, initial learning curve for
customisation/workflows,
planning roles/permissions properly, defining business processes before
building.
Common use‑cases for workflow automation in creatio?
+
Lead → opportunity process, ticket/case management, loan/credit application,
onboarding workflows, approvals, order‑to‑invoice flows, etc.
:contentReference[oaicite:18]{index=18}
Configuration vs customization in creatio?
+
Configuration = using interface/tools to set up CRM without coding;
customization =
writing scripts or using advanced settings where needed.
Contact and lead management in creatio?
+
It enables capturing leads/contacts, managing their data, tracking
communications
and statuses until conversion. :contentReference[oaicite:6]{index=6}
Contract/invoice/order management inside creatio?
+
CREATIO allows creation/tracking of orders, generating invoices/contracts,
tracking
status — integrating financial/business transactions within CRM.
:contentReference[oaicite:33]{index=33}
Core modules available in creatio crm?
+
Sales, Marketing, Service (customer support), plus a studio/platform for
custom apps
& workflows. :contentReference[oaicite:3]{index=3}
Creatio crm?
+
Creatio CRM is a cloud‑based CRM and business‑process automation platform
that
unifies Sales, Marketing, Service, and workflow automation on a
low‑code/no‑code +
AI‑native platform. :contentReference[oaicite:1]{index=1}
Creatio marketplace?
+
A repository of 700+ applications/integrations/templates to extend
functionality and
adapt CRM to different industries or needs.
:contentReference[oaicite:13]{index=13}
Custom app in creatio?
+
An application built on Creatio’s platform (using low‑code tools) tailored
for
specific business processes beyond standard CRM (e.g. HR, project
management,
vertical‑specific flows).
Custom entity / object in creatio?
+
Users can define new entities (tables) beyond standard CRM ones to map to
business‑specific data (e.g. Projects, Vendors).
Custom field in creatio?
+
Extra field added to existing entity (contact, account, opportunity etc.) to
store
business‑specific data (like tax ID, region code, etc.).
Custom report building for cross‑module analytics in
creatio (e.g. sales + service + marketing)?
+
Define queries combining multiple entities, set filters/aggregations,
schedule
reports/dashboards — useful for overall business insights.
Custom reporting vs standard reporting in creatio?
+
Standard reports are pre‑built for common needs; custom reports are built by
users
to meet specific data/metric requirements (fields, filters, aggregations).
Customer life‑cycle management in creatio?
+
Tracking from first contact (lead) to long-term relationship — including
sales,
service, upsell, renewals, support — unified under CRM.
Customer portal capability in creatio for external
users?
+
Option for customers to access portal to submit tickets, check status, view
history
(where supported by configuration). :contentReference[oaicite:38]{index=38}
Customer service (support) automation in creatio?
+
Support teams can manage tickets/cases, SLAs, communication across channels
—
streamlining service workflows. :contentReference[oaicite:8]{index=8}
Customizable workflow for onboarding new employees
inside creatio (hr use‑case)?
+
Define process: create employee record → assign manager → set tasks →
approvals →
activation — all via CRM workflows.
Customization of workflows per geography or business
unit in creatio?
+
Define different workflows per region/business unit using the flexible
low‑code
platform configuration.
Customization vs out‑of‑box use in creatio?
+
Out‑of‑box means using standard modules with minimal config; customization
involves
building custom fields, workflows, layouts or apps to tailor to specific
needs.
Customizing creatio for project management instead of
pure crm?
+
Use custom entities (Projects, Tasks, Milestones), relationships, workflows
to
manage projects and collaboration inside Creatio.
Data backup and restore in creatio?
+
Ability (or need) to backup CRM data periodically and restore if needed —
ensuring
data safety (depending on deployment model).
Data deduplication and duplicate detection in creatio?
+
Mechanism to detect duplicate contacts/leads, merging duplicates, and
ensuring data
integrity.
Data export from creatio?
+
Export contacts, leads, reports, analytics or any list to CSV/Excel to allow
sharing
or offline analysis.
Data import in creatio?
+
Ability to import existing data (contacts, leads, accounts) from external
sources
(CSV, Excel, other CRMs) into Creatio CRM.
Data privacy and gdpr / region‑compliance support in
creatio?
+
Controls over personal data storage, permissions, access logs, ability to
anonymize
or delete personal data as per compliance needs.
Data transformation during import in creatio?
+
Mapping legacy fields to new schema, cleaning data, applying rules to
convert/validate data before import — helps ensure data quality.
Describe you’d implement lead-to-cash process in
creatio?
+
Explain mapping of entities (Lead → Opportunity → Order → Contract/Invoice),
workflows (lead scoring, assignment, approval), and integration with
billing/ERP.
Diffbet cloud deployment vs on‑premise deployment (if
offered) for creatio?
+
Cloud: easier scaling, maintenance; on-premise: more control over data,
possibly
required for compliance or data‑sensitive businesses.
Diffbet synchronous and asynchronous tasks in workflow
processing (in principle)?
+
Synchronous executes immediately; asynchronous can be scheduled/delayed or
run in
background — helps avoid blocking and allows scalable processing.
Diffbet using creatio for only crm vs full bpm + crm
use-case?
+
CRM-only: sales/marketing/service. Full BPM: includes internal operations,
HR,
procurement, approvals, custom workflows.
Does 'composable architecture' mean in creatio?
+
You can mix and match modules, workflows, custom apps as building blocks —
composing
CRM to business‑specific workflows without writing new code.
:contentReference[oaicite:14]{index=14}
Does creatio help in reducing total cost of ownership
compared to traditional crm systems?
+
Because of its low‑code nature and pre-built modules/integrations,
businesses can
avoid heavy development costs and still get customizable CRM.
:contentReference[oaicite:19]{index=19}
Does creatio help in regulatory compliance or audit
readiness?
+
Through audit trails, role‑based access, record‑history, SLA tracking, and
permissions/configuration to secure data and processes.
Does creatio support collaboration across teams?
+
Shared database, unified UI, communication and task‑assignment workflows,
role‑based
permissions, cross‑team visibility. :contentReference[oaicite:29]{index=29}
Does creatio support mobile access?
+
Yes — there is mobile access so users can manage CRM data and tasks on the
go.
:contentReference[oaicite:17]{index=17}
Does creatio support order / invoice / contract
management?
+
Yes — in addition to CRM, it supports orders, invoices and contract
workflows
(order/contract management via CRM modules).
:contentReference[oaicite:16]{index=16}
Does low-code / no-code mean in creatio?
+
It means you can design workflows, applications, UI layouts and business
logic via
visual designers (drag‑and‑drop, configuration) instead of writing code.
:contentReference[oaicite:2]{index=2}
Effort estimation when migrating legacy crm/data to
creatio?
+
Depends on data volume, number of modules, custom workflows; small CRM
migration may
take days, complex might take weeks with cleaning/mapping.
Error handling and retry logic in automated workflows
in
creatio?
+
Define fallback steps, alerts/notifications on failure, retrials or
escalations to
avoid data loss or stuck workflows.
Fallback/backup workflow when primary automation fails
in creatio?
+
Design error-handling steps: notifications, manual task creation, retries,
logging —
ensure no data/process loss.
Feature request and custom extension process for
creatio
when built-in features are insufficient?
+
Use Creatio’s platform to build custom fields/ entities; optionally develop
custom
code or use external services integrated via API.
Global query in creatio (search across crm)?
+
Search across contacts, leads, accounts, cases, opportunities etc — unified
search
to find any record quickly across modules.
Help‑desk / ticketing workflow in creatio service
module?
+
Automated case creation, assignment, SLA monitoring, escalation rules,
status
tracking, notifications, and case history management.
:contentReference[oaicite:31]{index=31}
Integration capabilities does creatio support?
+
APIs and pre-built connectors to integrate with external systems (ERP,
email,
telephony, third‑party tools) for seamless data flow.
:contentReference[oaicite:15]{index=15}
Integration testing when creatio interacts with
external
systems (erp, e‑commerce)?
+
Test data exchange, error handling, latency, API limits, conflict resolution
— in
sandbox before go-live.
Integration with external systems (erp, e‑commerce,
telephony) via creatio apis?
+
Use built‑in connectors or REST APIs to sync data between Creatio and
external
systems (orders, inventory, customer data) for unified operations.
:contentReference[oaicite:44]{index=44}
Kind of businesses benefit most from creatio?
+
Mid‑size to large enterprises with complex sales/service/marketing processes
needing
flexibility, automation, and scalability.
:contentReference[oaicite:30]{index=30}
Knowledge base management in creatio service module?
+
Store FAQs, manuals, service guides — searchable knowledge base to help
agents and
customers resolve issues quickly. :contentReference[oaicite:39]{index=39}
Lead nurturing in creatio?
+
Automated sequence of interactions (emails, reminders, tasks) to gradually
engage
leads until they are sales-ready (qualified).
Lead-to-order process in creatio?
+
Flow from lead capture → qualification → opportunity → order →
contract/invoice
generation — all managed through CRM workflows.
License & pricing model for creatio (user‑based,
module‑based)?
+
Creatio uses modular licensing — clients pay per user per module(s) —
flexibility to
subscribe only to needed modules. :contentReference[oaicite:45]{index=45}
Marketing automation in creatio?
+
Tools to run campaigns, nurture leads, segment contacts, automate
email/social
campaigns, measure results — all within CRM.
:contentReference[oaicite:7]{index=7}
Marketing campaign workflow in creatio?
+
Lead segmentation → campaign initiation → email/social outreach → track
responses →
scoring → follow‑ups or nurture → convert to opportunity.
Monitoring & alerting setup for sla / ticketing
workflows in creatio?
+
Configure alerts/notifications on SLA breach, escalation rules, dashboards
for SLA
compliance tracking.
Multi‑channel customer communication in creatio?
+
Support for email, phone calls, chat, social media — all interactions logged
and
managed centrally. :contentReference[oaicite:43]{index=43}
Multitenancy support in creatio (for agencies)?
+
Ability to manage separate organizations/business units under same instance
with
segregated data and permissions.
No-code agent builder in creatio?
+
A visual tool where users can assemble AI agents (with skills, workflows,
knowledge
bases) without writing code — enabling automation, content generation,
notifications, etc. :contentReference[oaicite:27]{index=27}
Omnichannel communication support in creatio?
+
Handling customer interactions across multiple channels (email, phone, chat,
social)
unified under CRM to track history and response.
:contentReference[oaicite:34]{index=34}
Performance monitoring / logging in creatio for
workflows and system usage?
+
Track execution times, error rates, user activity, data volume — helps
identify
bottlenecks or abuse.
Performance optimization in creatio?
+
Use As‑needed workflows, limit heavy triggers, archive old data, optimize
reports,
and use no‑tracking dashboards for speed.
Pipeline (sales pipeline) management in creatio?
+
Visual pipeline tools that let you track deals across stages, forecast
revenue, and
manage opportunities from lead through closure.
:contentReference[oaicite:5]{index=5}
Pre‑built industry‑specific workflows in creatio?
+
Templates and predefined workflows tailored to verticals (finance, telecom,
services, etc.) for common business processes — reducing need to build from
scratch.
:contentReference[oaicite:28]{index=28}
Process to add a new module or functionality in
creatio
after initial implementation?
+
Use studio to configure module, define entities/fields/workflows, set
permissions,
test, and enable for users — without major downtime.
Real-time analytics vs scheduled reports in creatio?
+
Real-time analytics updates with data changes; scheduled reports are
generated at
intervals (daily/weekly/monthly) for review or export.
Recommended backup frequency for crm system like
creatio?
+
Depends on volume and business needs — daily or weekly backups for critical
data;
more frequent for high‑transaction systems.
Recommended user onboarding/training plan when company
moves to creatio?
+
Role‑based training, sandbox exploration, hands‑on tasks, documentation,
support,
phased adoption and feedback loop.
Reporting and analytics in creatio?
+
Customizable dashboards and reports to track KPIs — sales performance,
marketing
campaign ROI, service metrics, team performance, etc.
:contentReference[oaicite:40]{index=40}
Role of metadata/schema management in creatio custom
apps?
+
Define custom entities/tables, fields, relationships, data types — maintain
schema
for custom business needs without coding.
Role‑based access control (rbac) in creatio?
+
You can define roles and permissions to control which users or teams access
which
data/modules/features in CRM — ensuring security and proper access.
:contentReference[oaicite:20]{index=20}
Rollback plan when automated workflows produce
unintended consequences (e.g. wrong data update)?
+
Use backups, audit logs to identify changes, revert changes or re‑process
via
scripts or manual corrections, notify stakeholders.
Rollback strategy for a failed workflow or
customization
in creatio?
+
Restore from backup, revert to previous workflow version, run data
correction
scripts, notify users and audit changes.
Sales forecasting in creatio crm?
+
Based on pipeline data and past history, predicting future sales, revenue
and
chances of deal closure using built‑in analytics/AI tools.
:contentReference[oaicite:32]{index=32}
Sandbox or test environment in creatio before
production
deployment?
+
A separate instance or environment where you can test workflows,
customizations, and
integrations before applying to live data.
Sandbox testing best practices before deploying
workflows in enterprise creatio?
+
Test all branches, edge cases, user roles, data flows; verify security;
backup data;
get stakeholder sign-off.
Sandbox vs production environment in creatio
implementation?
+
Sandbox used for testing customizations and workflows; production is live
environment — helps avoid disrupting live data.
Scalability concern when many custom workflows and
integrations are added to creatio?
+
Ensure optimized workflows, limit heavy triggers, archive old data, monitor
performance — avoid overloading instance.
Scalability of creatio for large enterprises?
+
With cloud/no‑code + modular architecture, Creatio supports large datasets,
many
users, and complex workflows across departments.
:contentReference[oaicite:42]{index=42}
Security and permissions model in creatio?
+
Role‑based permissions, access control on modules/data, record-level
permissions to
ensure data security and compliance. :contentReference[oaicite:36]{index=36}
Separation of environments (development, staging,
production) in creatio deployment?
+
Maintain separate environments to develop/test customizations, test
integrations,
then deploy to production safely.
Sla configuration for service tickets in creatio?
+
Ability to define service‑level agreements, monitor response
times/resolution
deadlines, automate reminders/escalations when SLAs are near breach.
:contentReference[oaicite:37]{index=37}
Soft delete vs hard delete of records in creatio?
+
Soft delete marks record inactive (kept for history/audit); hard delete
removes
record permanently (used carefully to avoid data loss).
Strategy for managing multi‑region compliance &
localization when using creatio globally?
+
Use localized fields, regional data storage policies, consent management,
region‑specific workflows and permissions per region.
Support and maintenance requirement after creatio
deployment?
+
Monitor system performance, update workflows, backup data, manage
permissions,
handle upgrades and user support.
Support for gdpr / data privacy enforcement in creatio
workflows?
+
Configure consent fields, access permissions, data retention policies,
anonymization
procedures where applicable.
Support for multiple currencies and multi‑region data
in
creatio?
+
Configure fields and entities to support currencies, localization,
region‑specific
workflows for global businesses.
Support for multiple languages in ui and data in
creatio?
+
Locales and language packs — ability to configure UI labels, messages, data
format
for global teams/customers.
Support for role-based dashboards and views in
creatio?
+
Managers, sales reps, support agents can have tailored dashboards showing
data
relevant to their role.
Testing strategy for new workflows or custom apps in
creatio?
+
Use sandbox environment, simulate all scenarios, test edge cases, verify
data
integrity, run performance tests, get user sign‑off before production.
To build a customer feedback survey workflow within
creatio?
+
Create survey entity, send survey via email/workflow after service/ticket
resolution, collect responses, store data, trigger follow‑ups based on
feedback.
To design backup & disaster recovery for medium /
large
creatio deployments?
+
Define backup schedule, off‑site storage, redundant servers/cloud, periodic
recovery
drills, documentation of restore procedures.
To ensure performance when running large bulk data
imports into creatio?
+
Use batch imports, disable triggers if needed, split data into chunks,
validate
beforehand, monitor system load.
To evaluate whether to use out‑of‑box features vs
build
custom workflows in creatio?
+
Compare business requirements vs built-in features, consider complexity,
maintenance
cost, performance, ease of use before customizing.
To handle duplicates and data quality issues during
migration to creatio?
+
Use deduplication logic, validation rules, manual review for conflicts,
maintain
audit logs of merges/cleanup.
To handle feature-request backlog and maintain roadmap
when using low‑code platform like creatio?
+
Prioritise based on impact, maintain documentation, version workflows,
schedule
releases, gather user feedback, test before deployment.
To implement audit‑ready workflow logging and
reporting
in creatio for compliance audits?
+
Enable audit logs, track user actions and changes, store history, provide
exportable
reports for compliance reviews.
To implement cross‑department workflow (e.g. sales →
service → billing) in creatio?
+
Define entities and relationships, build multi-step workflows, set
permissions per
department, use shared customer data, notifications and handoffs.
To implement lead scoring and prioritisation using
creatio built‑in ai features?
+
Configure lead attributes, enable AI lead scoring, define
thresholds/triggers,
auto‑assign or notify sales reps for high‑value leads.
To implement time‑based or scheduled workflows (e.g.
follow‑ups after 30 days) in creatio?
+
Use scheduling features or time‑based triggers to automatically perform
actions
after specified intervals.
To integrate creatio with external analytics/bi
platform
for advanced reporting?
+
Use API/data export, build ETL pipelines or direct DB connections, schedule
data
sync, design reports as per business needs.
To manage data privacy and user consent (for
marketing)
inside creatio?
+
Add consent fields, track opt‑in/opt‑out, restrict data access, implement
data
retention policies, maintain audit logs.
To manage version control and deployment of
customizations across multiple environments (dev, test, prod) in creatio?
+
Use sandbox for dev/testing, version workflows, document changes, test
thoroughly,
smooth promotion to production, track differences.
To migrate crm data and business logic from legacy
system to creatio with minimal downtime?
+
Plan extraction, mapping, pilot import/test, validate data, run parallel
systems
during cut-over, communicate with users, backup data.
To monitor and handle performance issues when many
automations and workflows are active in creatio?
+
Use logs and analytics, identify heavy workflows, optimize them, archive
inactive
items, scale resources, apply caching where possible.
To prepare for creatio crm implementation project?
+
Define business processes clearly, map data schema, prepare migration plan,
define
roles/permissions, set up sandbox, schedule training, plan rollout phases.
To set up role‑based dashboards and permission‑based
record visibility in creatio?
+
Define roles, assign permissions per module/entity, configure dashboards per
role to
show only relevant data.
Training and onboarding support for new creatio users?
+
Use sandbox/demo environment, tutorials, documentation, role‑based
permissions, and
phased rollout to help adoption.
Typical migration scenario when moving to creatio from
legacy crm?
+
Mapping legacy data fields to Creatio schema, cleaning data, importing
contacts/leads, configuring workflows, roles, custom fields, and training
users.
Typical steps for data migration into creatio from
legacy systems?
+
Data extraction → cleansing → mapping to Creatio schema → import →
validation →
testing → go‑live.
Ui localization / multiple languages support in
creatio?
+
Creatio supports multi‑language UI configuration to support global teams and
clients
in different regions.
Use of version history / audit trail for compliance or
internal audits in creatio?
+
Track data changes, user actions, workflow executions to provide
transparency,
accountability and support audits.
Use‑case: building a custom internal project
management
tool inside creatio?
+
Define Projects, Tasks entities; set relationships; build task assignment
and
tracking workflows, notifications, dashboards — custom app built on low‑code
platform.
Use‑case: building customer self‑service portal
through
creatio?
+
Expose case/ticket submission, status tracking, knowledge base, chat/email
support —
allowing customers to self-serve while CRM tracks interactions.
Use‑case: complaint resolution and feedback loop
automation?
+
Customer complaint entered → auto‑assign → send acknowledgement → schedule
resolution → send feedback / survey after resolution — tracked in CRM.
Use‑case: custom compliance workflow for regulated
industries (approvals, audits, documentation) in creatio?
+
Design approval workflows, audit logging, document storage, permissions,
version
history to meet compliance requirements.
Use‑case: customer onboarding workflow (for saas)
using
creatio?
+
Lead → contact → contract → onboarding tasks → welcome email → user training
— all
steps managed via workflow automation.
Use‑case: customizing dashboards for executive
leadership to shigh-level kpis?
+
Create dashboard combining sales pipeline, revenue forecast, service
metrics,
marketing ROI, customer satisfaction — for strategic decisions.
Use‑case: data archive and retention policies for old
records in creatio for compliance / performance reasons?
+
Archive old data, soft‑delete records, purge logs after retention period —
maintain
performance and compliance.
Use‑case: event management (seminars, webinars) using
creatio crm?
+
Registrations (leads), automated reminders, post-event follow‑ups, lead
scoring,
conversion to opportunity — full workflow in CRM.
Use‑case: globalization and multi‑region sales process
with localisation (currency, language) in creatio?
+
Configure multi-currency fields, localization settings, region-based
workflows, and
assign regional teams — manage global operations.
Use‑case: handling subscription renewals and recurring
billing pipelines in creatio?
+
Use workflows to send renewal reminders, generate invoices/contracts, update
statuses, notify account managers — automating subscription lifecycle.
Use‑case: hr onboarding/offboarding and employee
record
management in creatio?
+
Employee entity, onboarding workflow, access assignment, role-based
permissions,
offboarding tasks — manageable via low‑code workflows.
Use‑case: integrating creatio with erp for
order-to-cash
process?
+
Sync customer/order data, invoices, inventory, payment status — ensure full
order
lifecycle from lead to cash in coordinated systems.
Use‑case: integrating telephony or pbx into creatio
for
call logging and click-to-call?
+
Use built‑in connectors or APIs to log calls, record interaction history,
trigger
follow-up tasks — unified communication tracking.
:contentReference[oaicite:46]{index=46}
Use‑case: marketing nurture + re‑engagement workflows
for dormant clients?
+
Segment old clients, run email/social campaigns, schedule follow-up tasks,
track
engagement, convert to opportunity if interest resumes.
Use‑case: marketing‑to‑sales handoff automation in
creatio?
+
Marketing captures lead → nurtures → scores lead → when qualified,
auto‑assign to
sales rep → create opportunity → notify sales team — handoff automated.
Use‑case: multi‑team collaboration (sales + support +
finance) for order & invoice process in creatio?
+
Shared data (customer, orders, invoices), workflows for approval,
notifications
across departments, status tracking — unified operations.
Use‑case: role-based dashboards and permissions for
different teams in creatio?
+
Sales dashboard for sales team; support dashboard for service team; finance
dashboard for billing — each with restricted access per role.
Use‑case: subscription‑based service lifecycle and
renewal tracking using creatio?
+
Contracts entity, renewal dates, reminder workflows, invoice generation,
customer
communication — automate renewals and billing.
Use‑case: support ticket escalation and sla
enforcement
using creatio service module?
+
Ticket created → auto‑assign → SLA timer & reminder → if SLA breach,
auto‑escalate
or alert manager → resolution tracking.
Use‑case: vendor/supplier management (b2b) using
creatio
custom entities?
+
Define Vendor entity, track interactions, purchase orders, contracts,
approvals —
manage vendor lifecycle inside CRM.
User activity / task management within creatio?
+
Users/teams can create tasks, assign to others, track progress; integrated
with CRM
workflow and customer data.
User activity monitoring and analytics in creatio for
management?
+
Track login history, record edits, workflow execution stats, error rates —
use
dashboards to monitor productivity, compliance and usage patterns.
User adoption strategy when switching to creatio crm
in
a company?
+
Communicate benefits, involve key users early, provide training, create
incentives,
gather feedback and iterate workflows.
User roles and permission hierarchy in large
organizations using creatio?
+
Define roles (admin, sales rep, support agent, manager), assign permissions
by
module/record/field to enforce security and privacy.
User training approach when adopting creatio in an
organization?
+
Role-based training, sandbox practice, documentation, mentorship, phased
rollout,
and gathering user feedback to refine workflows.
Version control for customizations in creatio?
+
Track changes to custom apps/workflows, manage versions or rollback if
needed
(depends on deployment/config).
Vertical‑specific (industry‑specific) workflow
template
in creatio?
+
Pre-built process templates for industries (finance, telecom, services)
tailored to
standard operations in that industry.
:contentReference[oaicite:41]{index=41}
Webhook or external trigger support in creatio (for
integrations)?
+
Creatio can integrate external triggers or webhooks to react to external
events
(e.g. from other systems) to start workflows.
Workflow automation in creatio?
+
Automated workflows that trigger actions (notifications, updates,
assignments) based
on events or conditions to reduce manual tasks.
:contentReference[oaicite:9]{index=9}
Workflow trigger’ in creatio?
+
An event or condition (e.g. lead status change, new ticket, date/time event)
that
initiates an automated workflow. :contentReference[oaicite:22]{index=22}
Workflow versioning or change history in creatio?
+
Changes to workflows can be versioned or logged to allow rollback or audit
of
modifications.
Would you build a custom app (e.g. invoice management)
in creatio without coding?
+
Define entities (Invoice/Payment), fields, relationships, UI layouts,
workflows for
invoice generation, approval, payment tracking — all via low‑code tools.
Would you ensure data integrity and avoid duplicates
in
creatio when many integrations feed data?
+
Use validation rules, deduplication logic, unique fields, audit logs,
regular data
cleanup, and possibly API‑side checks.
Would you implement a custom reporting module
combining
data from sales, service, and marketing in creatio?
+
Use cross‑entity queries or custom entities, aggregations, define filters,
build
dashboards, schedule report generation and export.
Would you implement data backup & disaster recovery
for
a creatio deployment?
+
Schedule regular backups, store off‑site, export critical data, plan
failover,
document restoration process and test periodically.
Would you implement sla‑driven customer service
workflow
in creatio?
+
Design SLA rules, assign case priorities, set timers/triggers, escalate
cases on
breach, send notifications, track resolution and compliance.
Would you integrate creatio with a third‑party billing
or invoicing system?
+
Use REST API or built‑in connectors, map invoice/order data, design
synchronization
workflows, handle errors and updates.
Would you integrate creatio with an erp for order
fulfillment?
+
Use Creatio APIs or connectors to sync orders, customer data, statuses; set
up
workflows to push/pull data, manage order lifecycle and inventory.
Would you manage user roles and permissions for a
global
company using creatio?
+
Define hierarchical roles, restrict data by region or business unit,
implement
least‑privilege principle, audit permissions regularly.
Would you migrate 100,000 leads into creatio from
legacy
system?
+
Perform data cleaning, mapping, batch import via CSV/API, validate imported
data,
test workflows, use sandbox first, then go live in phases.
Would you onboard non‑technical users to use creatio
effectively?
+
Provide role‑based training, use step‑by‑step guides, give sandbox access,
deliver
mentorship, keep UI simple, and provide support documentation.
Would you plan disaster recovery and backup strategy
for
a global creatio deployment?
+
Define backup frequency, off‑site storage, restore procedures, failover
servers,
periodic DR drills.
You document crm customizations, workflows, data model
for future maintenance when using creatio?
+
Maintain documentation repositories, version control of workflows, schema
diagrams,
change logs, and periodic reviews.
You ensure data consistency when multiple external
systems sync to creatio?
+
Implement validation rules, transactional updates, conflict resolution
logic,
logging and monitoring for integration actions.
You ensure high availability for a critical creatio
deployment (global enterprise)?
+
Use cloud hosting with redundancy, regular backups, failover setup,
monitoring,
scaling resources as needed, and disaster recovery planning.
You ensure performance and scalability when many
workflows run simultaneously in creatio?
+
Optimize workflows, avoid heavy loops, batch operations, archive old data,
monitor
performance metrics, and scale resources as needed.
You handle data migration when business structure
changes (e.g. reorganization of departments) in creatio?
+
Map old data to new structure, update entities/relationships, preserve
history, test
workflows, update permissions, inform users.
You handle gdpr / data‑privacy compliance when using
creatio for eu customers?
+
Implement consent tracking, data retention policies, role‑based access,
audit logs,
anonymization, and document data handling procedures.
You handle multi‑tenant or multi‑subsidiary business
using single creatio instance?
+
Use role & access isolation, custom entities for subsidiaries, partition
data
logically, implement permissions per tenant.
You handle subscription billing and renewals using
creatio plus external billing module?
+
Use workflows for renewal reminder, integrate with billing system via API,
create
orders/invoices, track status — ensure data sync.
You handle version control and change management for
workflows and customisations in creatio?
+
Maintain version history, use sandbox for testing, document changes, get
approvals,
deploy in stages, keep rollback plan.
You integrate external web forms/landing pages with
creatio lead capture?
+
Use REST API or webhooks, map form fields to Creatio entities, validate
input,
create lead record automatically, trigger follow‑up workflows.
You manage data archive, cleanup of old records to
maintain performance in creatio?
+
Define retention policies, archive or delete old data, purge logs, use
separate
storage/archival, monitor DB size/performance.
You manage security and access control for sensitive
data (e.g. customer financials) in creatio?
+
Use field‑level permissions, role‑based access, encryption (if supported),
audit
logging, and restrict export options.
You merge records and manage duplicates in large
datasets inside creatio?
+
Use deduplication tools, merge function, validation rules, manual review for
ambiguous cases, and audit trail of merges.
You monitor system health, workflow execution metrics,
and usage analytics in creatio?
+
Use built-in analytics, custom dashboards, logs for errors/performance, user
activity reports, alerting on failures or heavy loads.
You onboard new teams or departments into existing
creatio instance with minimal disruption?
+
Use phased rollout, training sessions, permission management, custom
dashboards per
department, and pilot user feedback.
You plan for system maintenance and upgrades in
creatio
used heavily with custom workflows and integrations?
+
Schedule maintenance windows, backup data, test upgrades in sandbox, update
integrations, communicate with users, rollback plan if needed.
You support multi‑currency and global sales operations
in creatio?
+
Configure currency fields, exchange rates, localizations, regional
permissions, and
adapt workflows per region.
JKM DDD (Domain-Driven Design)
Advantage of ddd?
+
Aligns software design with business rules, improves maintainability, and
supports
complex domains effectively.
Aggregate?
+
A cluster of related entities and value objects treated as a single unit for
consistency.
Bounded context?
+
A boundary defining where a specific domain model applies. Prevents
ambiguity in
large systems with multiple models.
Ddd supports microservices?
+
By defining bounded contexts, each microservice can own its domain model and
database, reducing coupling.
Ddd?
+
DDD is an approach to software design focusing on core domain logic,
modeling
real-world business processes, and aligning software structure with business
needs.
Diffbet ddd and traditional layered architecture?
+
DDD emphasizes domain and business logic first, while traditional layers
often
prioritize technical layers like UI, DB, and service.
Domain event?
+
An event representing something significant that happens in the domain,
triggering
reactions in other parts of the system.
Entity in ddd?
+
An object with a unique identity that persists over time, e.g., Customer
with a
unique ID.
Repository in ddd?
+
A pattern for persisting and retrieving aggregates while abstracting data
storage
details.
Value object?
+
An object defined by attributes rather than identity. Immutable and used to
describe
aspects of entities, e.g., Address.
Advantage of ddd?
+
Aligns software design with business rules, improves maintainability, and
supports
complex domains effectively.
Aggregate?
+
A cluster of related entities and value objects treated as a single unit for
consistency.
Bounded context?
+
A boundary defining where a specific domain model applies. Prevents
ambiguity in
large systems with multiple models.
Ddd supports microservices?
+
By defining bounded contexts, each microservice can own its domain model and
database, reducing coupling.
Ddd?
+
DDD is an approach to software design focusing on core domain logic,
modeling
real-world business processes, and aligning software structure with business
needs.
Diffbet ddd and traditional layered architecture?
+
DDD emphasizes domain and business logic first, while traditional layers
often
prioritize technical layers like UI, DB, and service.
Domain event?
+
An event representing something significant that happens in the domain,
triggering
reactions in other parts of the system.
Entity in ddd?
+
An object with a unique identity that persists over time, e.g., Customer
with a
unique ID.
Repository in ddd?
+
A pattern for persisting and retrieving aggregates while abstracting data
storage
details.
Value object?
+
An object defined by attributes rather than identity. Immutable and used to
describe
aspects of entities, e.g., Address.
Advantage of ddd?
+
Aligns software design with business rules, improves maintainability, and
supports
complex domains effectively.
Aggregate?
+
A cluster of related entities and value objects treated as a single unit for
consistency.
Bounded context?
+
A boundary defining where a specific domain model applies. Prevents
ambiguity in
large systems with multiple models.
Ddd supports microservices?
+
By defining bounded contexts, each microservice can own its domain model and
database, reducing coupling.
Ddd?
+
DDD is an approach to software design focusing on core domain logic,
modeling
real-world business processes, and aligning software structure with business
needs.
Diffbet ddd and traditional layered architecture?
+
DDD emphasizes domain and business logic first, while traditional layers
often
prioritize technical layers like UI, DB, and service.
Domain event?
+
An event representing something significant that happens in the domain,
triggering
reactions in other parts of the system.
Entity in ddd?
+
An object with a unique identity that persists over time, e.g., Customer
with a
unique ID.
Repository in ddd?
+
A pattern for persisting and retrieving aggregates while abstracting data
storage
details.
Value object?
+
An object defined by attributes rather than identity. Immutable and used to
describe
aspects of entities, e.g., Address.
Advantage of ddd?
+
Aligns software design with business rules, improves maintainability, and
supports
complex domains effectively.
Aggregate?
+
A cluster of related entities and value objects treated as a single unit for
consistency.
Bounded context?
+
A boundary defining where a specific domain model applies. Prevents
ambiguity in
large systems with multiple models.
Ddd supports microservices?
+
By defining bounded contexts, each microservice can own its domain model and
database, reducing coupling.
Ddd?
+
DDD is an approach to software design focusing on core domain logic,
modeling
real-world business processes, and aligning software structure with business
needs.
Diffbet ddd and traditional layered architecture?
+
DDD emphasizes domain and business logic first, while traditional layers
often
prioritize technical layers like UI, DB, and service.
Domain event?
+
An event representing something significant that happens in the domain,
triggering
reactions in other parts of the system.
Entity in ddd?
+
An object with a unique identity that persists over time, e.g., Customer
with a
unique ID.
Repository in ddd?
+
A pattern for persisting and retrieving aggregates while abstracting data
storage
details.
Value object?
+
An object defined by attributes rather than identity. Immutable and used to
describe
aspects of entities, e.g., Address.
Advantage of ddd?
+
Aligns software design with business rules, improves maintainability, and
supports
complex domains effectively.
Aggregate?
+
A cluster of related entities and value objects treated as a single unit for
consistency.
Bounded context?
+
A boundary defining where a specific domain model applies. Prevents
ambiguity in
large systems with multiple models.
Ddd supports microservices?
+
By defining bounded contexts, each microservice can own its domain model and
database, reducing coupling.
Ddd?
+
DDD is an approach to software design focusing on core domain logic,
modeling
real-world business processes, and aligning software structure with business
needs.
Diffbet ddd and traditional layered architecture?
+
DDD emphasizes domain and business logic first, while traditional layers
often
prioritize technical layers like UI, DB, and service.
Domain event?
+
An event representing something significant that happens in the domain,
triggering
reactions in other parts of the system.
Entity in ddd?
+
An object with a unique identity that persists over time, e.g., Customer
with a
unique ID.
Repository in ddd?
+
A pattern for persisting and retrieving aggregates while abstracting data
storage
details.
Value object?
+
An object defined by attributes rather than identity. Immutable and used to
describe
aspects of entities, e.g., Address.
JKM Design Pattern
Adapter pattern example
+
Adapter converts one interface to another that clients expect. Example:
converting a
legacy XML service to JSON API format.
Advantages of design patterns
+
Improve reusability, maintainability, readability, and communication between
developers.
Avoid design patterns
+
Avoid them when they add unnecessary complexity. Overuse may make simple
code overly
abstract or harder to understand.
Behavioral patterns
+
Observer, Strategy, Iterator, Command, Mediator, Template Method, Chain of
Responsibility.
Bridge vs adapter pattern
+
Adapter works with existing code to make incompatible interfaces work
together,
while Bridge separates abstraction from implementation to scale systems.
Command pattern in ui
+
Command objects encapsulate UI actions like Copy, Paste, Undo. They can be
queued,
logged, or undone.
Creational patterns
+
Singleton, Factory, Abstract Factory, Prototype, Builder.
Decorator pattern example
+
Adding features like encryption or compression to a file stream dynamically
without
modifying the original class.
Dependency inversion principle
+
High-level modules should depend on abstractions, not concrete classes. DI
containers and patterns like Factory and Strategy help achieve loose
coupling.
Design pattern?
+
A reusable solution to a common programming problem. It provides best
practices for
structuring code.
Design patterns are used in java’s jdk?
+
JDK uses several patterns such as Singleton (Runtime), Factory
(Calendar.getInstance()), Strategy (Comparator), Iterator (Iterator
interface), and
Observer (Listener model in Swing). These patterns solve reusable design
challenges
in library features.
Design patterns vs algorithms
+
Algorithms solve computational tasks while design patterns solve
architectural
design problems. Algorithms have fixed steps; patterns are flexible
templates.
Design principles vs patterns
+
Principles guide how to write good code (SOLID), while patterns provide
reusable
proven solutions.
Factory method pattern example
+
Factory Method creates objects without exposing creation logic. Example:
Calendar.getInstance() or creating different document types based on input.
Gang of four?
+
Gang of Four (GoF) refers to four authors who wrote the book "Design
Patterns:
Elements of Reusable Object-Oriented Software" in 1994. They introduced 23
standard
design patterns widely used in software development.
Inversion of control?
+
IoC means the framework controls object creation and lifecycle rather than
the
programmer. Commonly implemented via Dependency Injection.
Observer pattern
+
Observer allows objects (observers) to get notified automatically when the
subject
changes state. Used in event-driven systems like Java Swing listeners.
Open/closed principle
+
Classes should be open for extension but closed for modification. Design
patterns
like Strategy, Decorator, and Template enforce this principle.
Patterns help in refactoring
+
Patterns reduce duplication, simplify logic, improve scalability, and make
code
modular when refactoring legacy systems.
Prevent over-engineering
+
Use patterns only when they solve a real problem. Follow YAGNI ("You Aren’t
Gonna
Need It") and refactor gradually.
Purpose of uml in design patterns
+
UML diagrams visualize relationships, responsibilities, and structure of
design
patterns, aiding understanding and implementation.
Real-world singleton example
+
java.lang.Runtime and logging frameworks like Log4j use Singleton to manage
shared
resources across the application.
Role of design patterns
+
They provide reusable solutions to common software problems and promote
flexibility,
maintainability, and scalability.
Scenario: command vs strategy pattern
+
Command is better when you need undo/redo, queueing actions, or macro
commands in
UI. Strategy is better when switching between interchangeable algorithms.
Single responsibility principle
+
SRP states that a class should have only one reason to change. It improves
maintainability, readability, and testing in software design.
Singleton pattern & when to use?
+
Singleton ensures only one instance of a class exists and provides a global
point of
access. Used in logging, configuration settings, caching, or database
connection
management.
Solid principles?
+
SOLID stands for Single Responsibility, Open/Closed, Liskov Substitution,
Interface
Segregation, and Dependency Inversion. These principles help make code
maintainable,
extendable, and loosely coupled.
Strategy pattern example
+
Sorting algorithms (QuickSort, MergeSort, BubbleSort) can be swapped at
runtime
based on input size or performance needs.
Structural patterns
+
Adapter, Decorator, Composite, Proxy, Facade, Bridge, Flyweight.
Types of design patterns
+
Creational, Structural, and Behavioral.
Adapter pattern example
+
Adapter converts one interface to another that clients expect. Example:
converting a
legacy XML service to JSON API format.
Advantages of design patterns
+
Improve reusability, maintainability, readability, and communication between
developers.
Avoid design patterns
+
Avoid them when they add unnecessary complexity. Overuse may make simple
code overly
abstract or harder to understand.
Behavioral patterns
+
Observer, Strategy, Iterator, Command, Mediator, Template Method, Chain of
Responsibility.
Bridge vs adapter pattern
+
Adapter works with existing code to make incompatible interfaces work
together,
while Bridge separates abstraction from implementation to scale systems.
Command pattern in ui
+
Command objects encapsulate UI actions like Copy, Paste, Undo. They can be
queued,
logged, or undone.
Creational patterns
+
Singleton, Factory, Abstract Factory, Prototype, Builder.
Decorator pattern example
+
Adding features like encryption or compression to a file stream dynamically
without
modifying the original class.
Dependency inversion principle
+
High-level modules should depend on abstractions, not concrete classes. DI
containers and patterns like Factory and Strategy help achieve loose
coupling.
Design pattern?
+
A reusable solution to a common programming problem. It provides best
practices for
structuring code.
Design patterns are used in java’s jdk?
+
JDK uses several patterns such as Singleton (Runtime), Factory
(Calendar.getInstance()), Strategy (Comparator), Iterator (Iterator
interface), and
Observer (Listener model in Swing). These patterns solve reusable design
challenges
in library features.
Design patterns vs algorithms
+
Algorithms solve computational tasks while design patterns solve
architectural
design problems. Algorithms have fixed steps; patterns are flexible
templates.
Design principles vs patterns
+
Principles guide how to write good code (SOLID), while patterns provide
reusable
proven solutions.
Factory method pattern example
+
Factory Method creates objects without exposing creation logic. Example:
Calendar.getInstance() or creating different document types based on input.
Gang of four?
+
Gang of Four (GoF) refers to four authors who wrote the book "Design
Patterns:
Elements of Reusable Object-Oriented Software" in 1994. They introduced 23
standard
design patterns widely used in software development.
Inversion of control?
+
IoC means the framework controls object creation and lifecycle rather than
the
programmer. Commonly implemented via Dependency Injection.
Observer pattern
+
Observer allows objects (observers) to get notified automatically when the
subject
changes state. Used in event-driven systems like Java Swing listeners.
Open/closed principle
+
Classes should be open for extension but closed for modification. Design
patterns
like Strategy, Decorator, and Template enforce this principle.
Patterns help in refactoring
+
Patterns reduce duplication, simplify logic, improve scalability, and make
code
modular when refactoring legacy systems.
Prevent over-engineering
+
Use patterns only when they solve a real problem. Follow YAGNI ("You Aren’t
Gonna
Need It") and refactor gradually.
Purpose of uml in design patterns
+
UML diagrams visualize relationships, responsibilities, and structure of
design
patterns, aiding understanding and implementation.
Real-world singleton example
+
java.lang.Runtime and logging frameworks like Log4j use Singleton to manage
shared
resources across the application.
Role of design patterns
+
They provide reusable solutions to common software problems and promote
flexibility,
maintainability, and scalability.
Scenario: command vs strategy pattern
+
Command is better when you need undo/redo, queueing actions, or macro
commands in
UI. Strategy is better when switching between interchangeable algorithms.
Single responsibility principle
+
SRP states that a class should have only one reason to change. It improves
maintainability, readability, and testing in software design.
Singleton pattern & when to use?
+
Singleton ensures only one instance of a class exists and provides a global
point of
access. Used in logging, configuration settings, caching, or database
connection
management.
Solid principles?
+
SOLID stands for Single Responsibility, Open/Closed, Liskov Substitution,
Interface
Segregation, and Dependency Inversion. These principles help make code
maintainable,
extendable, and loosely coupled.
Strategy pattern example
+
Sorting algorithms (QuickSort, MergeSort, BubbleSort) can be swapped at
runtime
based on input size or performance needs.
Structural patterns
+
Adapter, Decorator, Composite, Proxy, Facade, Bridge, Flyweight.
Types of design patterns
+
Creational, Structural, and Behavioral.
Adapter pattern example
+
Adapter converts one interface to another that clients expect. Example:
converting a
legacy XML service to JSON API format.
Advantages of design patterns
+
Improve reusability, maintainability, readability, and communication between
developers.
Avoid design patterns
+
Avoid them when they add unnecessary complexity. Overuse may make simple
code overly
abstract or harder to understand.
Behavioral patterns
+
Observer, Strategy, Iterator, Command, Mediator, Template Method, Chain of
Responsibility.
Bridge vs adapter pattern
+
Adapter works with existing code to make incompatible interfaces work
together,
while Bridge separates abstraction from implementation to scale systems.
Command pattern in ui
+
Command objects encapsulate UI actions like Copy, Paste, Undo. They can be
queued,
logged, or undone.
Creational patterns
+
Singleton, Factory, Abstract Factory, Prototype, Builder.
Decorator pattern example
+
Adding features like encryption or compression to a file stream dynamically
without
modifying the original class.
Dependency inversion principle
+
High-level modules should depend on abstractions, not concrete classes. DI
containers and patterns like Factory and Strategy help achieve loose
coupling.
Design pattern?
+
A reusable solution to a common programming problem. It provides best
practices for
structuring code.
Design patterns are used in java’s jdk?
+
JDK uses several patterns such as Singleton (Runtime), Factory
(Calendar.getInstance()), Strategy (Comparator), Iterator (Iterator
interface), and
Observer (Listener model in Swing). These patterns solve reusable design
challenges
in library features.
Design patterns vs algorithms
+
Algorithms solve computational tasks while design patterns solve
architectural
design problems. Algorithms have fixed steps; patterns are flexible
templates.
Design principles vs patterns
+
Principles guide how to write good code (SOLID), while patterns provide
reusable
proven solutions.
Factory method pattern example
+
Factory Method creates objects without exposing creation logic. Example:
Calendar.getInstance() or creating different document types based on input.
Gang of four?
+
Gang of Four (GoF) refers to four authors who wrote the book "Design
Patterns:
Elements of Reusable Object-Oriented Software" in 1994. They introduced 23
standard
design patterns widely used in software development.
Inversion of control?
+
IoC means the framework controls object creation and lifecycle rather than
the
programmer. Commonly implemented via Dependency Injection.
Observer pattern
+
Observer allows objects (observers) to get notified automatically when the
subject
changes state. Used in event-driven systems like Java Swing listeners.
Open/closed principle
+
Classes should be open for extension but closed for modification. Design
patterns
like Strategy, Decorator, and Template enforce this principle.
Patterns help in refactoring
+
Patterns reduce duplication, simplify logic, improve scalability, and make
code
modular when refactoring legacy systems.
Prevent over-engineering
+
Use patterns only when they solve a real problem. Follow YAGNI ("You Aren’t
Gonna
Need It") and refactor gradually.
Purpose of uml in design patterns
+
UML diagrams visualize relationships, responsibilities, and structure of
design
patterns, aiding understanding and implementation.
Real-world singleton example
+
java.lang.Runtime and logging frameworks like Log4j use Singleton to manage
shared
resources across the application.
Role of design patterns
+
They provide reusable solutions to common software problems and promote
flexibility,
maintainability, and scalability.
Scenario: command vs strategy pattern
+
Command is better when you need undo/redo, queueing actions, or macro
commands in
UI. Strategy is better when switching between interchangeable algorithms.
Single responsibility principle
+
SRP states that a class should have only one reason to change. It improves
maintainability, readability, and testing in software design.
Singleton pattern & when to use?
+
Singleton ensures only one instance of a class exists and provides a global
point of
access. Used in logging, configuration settings, caching, or database
connection
management.
Solid principles?
+
SOLID stands for Single Responsibility, Open/Closed, Liskov Substitution,
Interface
Segregation, and Dependency Inversion. These principles help make code
maintainable,
extendable, and loosely coupled.
Strategy pattern example
+
Sorting algorithms (QuickSort, MergeSort, BubbleSort) can be swapped at
runtime
based on input size or performance needs.
Structural patterns
+
Adapter, Decorator, Composite, Proxy, Facade, Bridge, Flyweight.
Types of design patterns
+
Creational, Structural, and Behavioral.
Adapter pattern example
+
Adapter converts one interface to another that clients expect. Example:
converting a
legacy XML service to JSON API format.
Advantages of design patterns
+
Improve reusability, maintainability, readability, and communication between
developers.
Avoid design patterns
+
Avoid them when they add unnecessary complexity. Overuse may make simple
code overly
abstract or harder to understand.
Behavioral patterns
+
Observer, Strategy, Iterator, Command, Mediator, Template Method, Chain of
Responsibility.
Bridge vs adapter pattern
+
Adapter works with existing code to make incompatible interfaces work
together,
while Bridge separates abstraction from implementation to scale systems.
Command pattern in ui
+
Command objects encapsulate UI actions like Copy, Paste, Undo. They can be
queued,
logged, or undone.
Creational patterns
+
Singleton, Factory, Abstract Factory, Prototype, Builder.
Decorator pattern example
+
Adding features like encryption or compression to a file stream dynamically
without
modifying the original class.
Dependency inversion principle
+
High-level modules should depend on abstractions, not concrete classes. DI
containers and patterns like Factory and Strategy help achieve loose
coupling.
Design pattern?
+
A reusable solution to a common programming problem. It provides best
practices for
structuring code.
Design patterns are used in java’s jdk?
+
JDK uses several patterns such as Singleton (Runtime), Factory
(Calendar.getInstance()), Strategy (Comparator), Iterator (Iterator
interface), and
Observer (Listener model in Swing). These patterns solve reusable design
challenges
in library features.
Design patterns vs algorithms
+
Algorithms solve computational tasks while design patterns solve
architectural
design problems. Algorithms have fixed steps; patterns are flexible
templates.
Design principles vs patterns
+
Principles guide how to write good code (SOLID), while patterns provide
reusable
proven solutions.
Factory method pattern example
+
Factory Method creates objects without exposing creation logic. Example:
Calendar.getInstance() or creating different document types based on input.
Gang of four?
+
Gang of Four (GoF) refers to four authors who wrote the book "Design
Patterns:
Elements of Reusable Object-Oriented Software" in 1994. They introduced 23
standard
design patterns widely used in software development.
Inversion of control?
+
IoC means the framework controls object creation and lifecycle rather than
the
programmer. Commonly implemented via Dependency Injection.
Observer pattern
+
Observer allows objects (observers) to get notified automatically when the
subject
changes state. Used in event-driven systems like Java Swing listeners.
Open/closed principle
+
Classes should be open for extension but closed for modification. Design
patterns
like Strategy, Decorator, and Template enforce this principle.
Patterns help in refactoring
+
Patterns reduce duplication, simplify logic, improve scalability, and make
code
modular when refactoring legacy systems.
Prevent over-engineering
+
Use patterns only when they solve a real problem. Follow YAGNI ("You Aren’t
Gonna
Need It") and refactor gradually.
Purpose of uml in design patterns
+
UML diagrams visualize relationships, responsibilities, and structure of
design
patterns, aiding understanding and implementation.
Real-world singleton example
+
java.lang.Runtime and logging frameworks like Log4j use Singleton to manage
shared
resources across the application.
Role of design patterns
+
They provide reusable solutions to common software problems and promote
flexibility,
maintainability, and scalability.
Scenario: command vs strategy pattern
+
Command is better when you need undo/redo, queueing actions, or macro
commands in
UI. Strategy is better when switching between interchangeable algorithms.
Single responsibility principle
+
SRP states that a class should have only one reason to change. It improves
maintainability, readability, and testing in software design.
Singleton pattern & when to use?
+
Singleton ensures only one instance of a class exists and provides a global
point of
access. Used in logging, configuration settings, caching, or database
connection
management.
Solid principles?
+
SOLID stands for Single Responsibility, Open/Closed, Liskov Substitution,
Interface
Segregation, and Dependency Inversion. These principles help make code
maintainable,
extendable, and loosely coupled.
Strategy pattern example
+
Sorting algorithms (QuickSort, MergeSort, BubbleSort) can be swapped at
runtime
based on input size or performance needs.
Structural patterns
+
Adapter, Decorator, Composite, Proxy, Facade, Bridge, Flyweight.
Types of design patterns
+
Creational, Structural, and Behavioral.
Adapter pattern example
+
Adapter converts one interface to another that clients expect. Example:
converting a
legacy XML service to JSON API format.
Advantages of design patterns
+
Improve reusability, maintainability, readability, and communication between
developers.
Avoid design patterns
+
Avoid them when they add unnecessary complexity. Overuse may make simple
code overly
abstract or harder to understand.
Behavioral patterns
+
Observer, Strategy, Iterator, Command, Mediator, Template Method, Chain of
Responsibility.
Bridge vs adapter pattern
+
Adapter works with existing code to make incompatible interfaces work
together,
while Bridge separates abstraction from implementation to scale systems.
Command pattern in ui
+
Command objects encapsulate UI actions like Copy, Paste, Undo. They can be
queued,
logged, or undone.
Creational patterns
+
Singleton, Factory, Abstract Factory, Prototype, Builder.
Decorator pattern example
+
Adding features like encryption or compression to a file stream dynamically
without
modifying the original class.
Dependency inversion principle
+
High-level modules should depend on abstractions, not concrete classes. DI
containers and patterns like Factory and Strategy help achieve loose
coupling.
Design pattern?
+
A reusable solution to a common programming problem. It provides best
practices for
structuring code.
Design patterns are used in java’s jdk?
+
JDK uses several patterns such as Singleton (Runtime), Factory
(Calendar.getInstance()), Strategy (Comparator), Iterator (Iterator
interface), and
Observer (Listener model in Swing). These patterns solve reusable design
challenges
in library features.
Design patterns vs algorithms
+
Algorithms solve computational tasks while design patterns solve
architectural
design problems. Algorithms have fixed steps; patterns are flexible
templates.
Design principles vs patterns
+
Principles guide how to write good code (SOLID), while patterns provide
reusable
proven solutions.
Factory method pattern example
+
Factory Method creates objects without exposing creation logic. Example:
Calendar.getInstance() or creating different document types based on input.
Gang of four?
+
Gang of Four (GoF) refers to four authors who wrote the book "Design
Patterns:
Elements of Reusable Object-Oriented Software" in 1994. They introduced 23
standard
design patterns widely used in software development.
Inversion of control?
+
IoC means the framework controls object creation and lifecycle rather than
the
programmer. Commonly implemented via Dependency Injection.
Observer pattern
+
Observer allows objects (observers) to get notified automatically when the
subject
changes state. Used in event-driven systems like Java Swing listeners.
Open/closed principle
+
Classes should be open for extension but closed for modification. Design
patterns
like Strategy, Decorator, and Template enforce this principle.
Patterns help in refactoring
+
Patterns reduce duplication, simplify logic, improve scalability, and make
code
modular when refactoring legacy systems.
Prevent over-engineering
+
Use patterns only when they solve a real problem. Follow YAGNI ("You Aren’t
Gonna
Need It") and refactor gradually.
Purpose of uml in design patterns
+
UML diagrams visualize relationships, responsibilities, and structure of
design
patterns, aiding understanding and implementation.
Real-world singleton example
+
java.lang.Runtime and logging frameworks like Log4j use Singleton to manage
shared
resources across the application.
Role of design patterns
+
They provide reusable solutions to common software problems and promote
flexibility,
maintainability, and scalability.
Scenario: command vs strategy pattern
+
Command is better when you need undo/redo, queueing actions, or macro
commands in
UI. Strategy is better when switching between interchangeable algorithms.
Single responsibility principle
+
SRP states that a class should have only one reason to change. It improves
maintainability, readability, and testing in software design.
Singleton pattern & when to use?
+
Singleton ensures only one instance of a class exists and provides a global
point of
access. Used in logging, configuration settings, caching, or database
connection
management.
Solid principles?
+
SOLID stands for Single Responsibility, Open/Closed, Liskov Substitution,
Interface
Segregation, and Dependency Inversion. These principles help make code
maintainable,
extendable, and loosely coupled.
Strategy pattern example
+
Sorting algorithms (QuickSort, MergeSort, BubbleSort) can be swapped at
runtime
based on input size or performance needs.
Structural patterns
+
Adapter, Decorator, Composite, Proxy, Facade, Bridge, Flyweight.
Types of design patterns
+
Creational, Structural, and Behavioral.
JKM DevOps Commands Cheat Sheet
Basic Linux Commands -
+
Linux is the foundation of DevOps operations - it's like a Swiss Army knife
for
servers. These commands help you navigate systems, manage files, configure
permissions, and automate tasks in terminal environments. 1. pwd - Print the
current
working directory. 2. ls - List files and directories. 3. cd - Change
directory. 4.
touch - Create an empty file. 5. mkdir - Create a new directory. 6. rm -
Remove
files or directories. 7. rmdir - Remove empty directories. 8. cp - Copy
files or
directories. 9. mv - Move or rename files and directories. 10. cat - Display
the
content of a file. 11. echo - Display a line of text. 12. clear - Clear the
terminal
screen.
Intermediate Linux Commands
+
13. chmod - Change file permissions. 14. chown - Change file ownership. 15.
find -
Search for files and directories. 16. grep - Search for text in a file. 17.
wc -
Count lines, words, and characters in a file. 18. head - Display the first
few lines
of a file. 19. tail - Display the last few lines of a file. 20. sort - Sort
the
contents of a file. 21. uniq - Remove duplicate lines from a file. 22. diff
-
Compare two files line by line. 23. tar - Archive files into a tarball. 24.
zip/unzip - Compress and extract ZIP files. 25. df - Display disk space
usage. 26.
du - Display directory size. 27. top - Monitor system processes in real
time. 28. ps
- Display active processes. 29. kill - Terminate a process by its PID. 30.
ping -
Check network connectivity. 31. wget - Download files from the internet. 32.
curl -
Transfer data from or to a server. 33. scp - Securely copy files between
systems.
34. rsync - Synchronize files and directories.
Advanced Linux Commands
+
35. awk - Text processing and pattern scanning. 36. sed - Stream editor for
filtering and transforming text. 37. cut - Remove sections from each line of
a file.
38. tr - Translate or delete characters. 39. xargs - Build and execute
command lines
from standard input. 40. ln - Create symbolic or hard links. 41. df -h -
Display
disk usage in human-readable format. 42. free - Display memory usage. 43.
iostat -
Display CPU and I/O statistics. 44. netstat - Network statistics (use ss as
modern
alternative). 45. ifconfig/ip - Configure network interfaces (use ip as
modern
alternative). 46. iptables - Configure firewall rules. 47. systemctl -
Control the
systemd system and service manager. 48. journalctl - View system logs. 49.
crontab -
Schedule recurring tasks. 50. at - Schedule tasks for a specific time. 51.
uptime -
Display system uptime. 52. whoami - Display the current user. 53. users -
List all
users currently logged in. 54. hostname - Display or set the system
hostname. 55.
env - Display environment variables. 56. export - Set environment variables.
Networking Commands
+
57. ip addr - Display or configure IP addresses. 58. ip route - Show or
manipulate
routing tables. 59. traceroute - Trace the route packets take to a host. 60.
nslookup - Query DNS records. 61. dig - Query DNS servers. 62. ssh - Connect
to a
remote server via SSH. 63. ftp - Transfer files using the FTP protocol. 64.
nmap -
Network scanning and discovery. 65. telnet - Communicate with remote hosts.
66.
netcat (nc) - Read/write data over networks.
File Management and Search
+
67. locate - Find files quickly using a database. 68. stat - Display
detailed
information about a file. 69. tree - Display directories as a tree. 70. file
-
Determine a file’s type. 71. basename - Extract the filename from a path.
72.
dirname - Extract the directory part of a path.
System Monitoring
+
73. vmstat - Display virtual memory statistics. 74. htop - Interactive
process
viewer (alternative to top). 75. lsof - List open files. 76. dmesg - Print
kernel
ring buffer messages. 77. uptime - Show how long the system has been
running. 78.
iotop - Display real-time disk I/O by processes.
Package Management
+
79. apt - Package manager for Debian-based distributions. 80. yum/dnf -
Package
manager for RHEL-based distributions. 81. snap - Manage snap packages. 82.
rpm -
Manage RPM packages.
Disk and Filesystem
+
83. mount/umount - Mount or unmount filesystems. 84. fsck - Check and repair
filesystems. 85. mkfs - Create a new filesystem. 86. blkid - Display
information
about block devices. 87. lsblk - List information about block devices. 88.
parted -
Manage partitions interactively.
Scripting and Automation
+
89. bash - Command interpreter and scripting shell. 90. sh - Legacy shell
interpreter. 91. cron - Automate tasks. 92. alias - Create shortcuts for
commands.
93. source - Execute commands from a file in the current shell.
Development and Debugging
+
94. gcc - Compile C programs. 95. make - Build and manage projects. 96.
strace -
Trace system calls and signals. 97. gdb - Debug programs. 98. git - Version
control
system. 99. vim/nano - Text editors for scripting and editing.
Other Useful Commands
+
100. uptime - Display system uptime. 101. date - Display or set the system
date and
time. 102. cal - Display a calendar. 103. man - Display the manual for a
command.
104. history - Show previously executed commands. 105. alias - Create custom
shortcuts for commands.
Basic Git Commands
+
Git is your code time machine. It tracks every change, enables team
collaboration
without conflicts, and lets you undo mistakes. These commands help manage
source
code versions like a professional developer. 1. git init Initializes a new
Git
repository in the current directory. Example: git init 2. git clone Copies a
remote
repository to the local machine. Example: git clone
https://github.com/user/repo.git
3. git status Displays the state of the working directory and staging area.
Example:
git status 4. git add Adds changes to the staging area. Example: git add
file.txt 5.
git commit Records changes to the repository. Example: git commit -m
"Initial
commit" 6. git config Configures user settings, such as name and email.
Example: git
config --global user.name "Your Name" 7. git log Shows the commit history.
Example:
git log 8. git show Displays detailed information about a specific commit.
Example:
git show 9. git diff Shows changes between commits, the working directory,
and the
staging area. Example: git diff 10. git reset Unstages changes or resets
commits.
Example: git reset HEAD file.txt
Branching and Merging
+
11. git branch Lists branches or creates a new branch. Example: git branch
feature-branch 12. git checkout Switches between branches or restores files.
Example: git checkout feature-branch 13. git switch Switches branches
(modern
alternative to git checkout). Example: git switch feature-branch 14. git
merge
Combines changes from one branch into another. Example: git merge
feature-branch 15.
git rebase Moves or combines commits from one branch onto another. Example:
git
rebase main 16. git cherry-pick Applies specific commits from one branch to
another.
Example: git cherry-pick
Remote Repositories
+
17. git remote Manages remote repository connections. Example: git remote
add origin
https://github.com/user/repo.git 18. git push Sends changes to a remote
repository.
Example: git push origin main 19. git pull Fetches and merges changes from a
remote
repository. Example: git pull origin main 20. git fetch Downloads changes
from a
remote repository without merging. Example: git fetch origin 21. git remote
-v Lists
the URLs of remote repositories. Example: git remote -v
Stashing and Cleaning
+
22. git stash Temporarily saves changes not yet committed. Example: git
stash 23.
git stash pop Applies stashed changes and removes them from the stash list.
Example:
git stash pop 24. git stash list Lists all stashes. Example: git stash list
25. git
clean Removes untracked files from the working directory. Example: git clean
-f
Tagging
+
26. git tag Creates a tag for a specific commit. Example: git tag -a v1.0 -m
"Version 1.0" 27. git tag -d Deletes a tag. Example: git tag -d v1.0 28. git
push
--tags Pushes tags to a remote repository. Example: git push origin --tags
Advanced Commands
+
29. git bisect Finds the commit that introduced a bug. Example: git bisect
start 30.
git blame Shows which commit and author modified each line of a file.
Example: git
blame file.txt 31. git reflog Shows a log of changes to the tip of branches.
Example: git reflog 32. git submodule Manages external repositories as
submodules.
Example: git submodule add https://github.com/user/repo.git 33. git archive
Creates
an archive of the repository files. Example: git archive --format=zip HEAD >
archive.zip 34. git gc Cleans up unnecessary files and optimizes the
repository.
Example: git gc
GitHub-Specific Commands
+
35. gh auth login Logs into GitHub via the command line. Example: gh auth
login 36.
gh repo clone Clones a GitHub repository. Example: gh repo clone user/repo
37. gh
issue list Lists issues in a GitHub repository. Example: gh issue list 38.
gh pr
create Creates a pull request on GitHub. Example: gh pr create --title "New
Feature"
--body "Description of the feature" 39. gh repo create Creates a new GitHub
repository. Example: gh repo create my-repo
Basic Docker Commands -
+
Docker packages applications into portable containers - like shipping
containers for
software. These commands help build, ship, and run applications consistently
across
any environment. 1. docker --version Displays the installed Docker version.
Example:
docker --version 2. docker info Shows system-wide information about Docker,
such as
the number of containers and images. Example: docker info 3. docker pull
Downloads
an image from a Docker registry (default: Docker Hub). Example: docker pull
ubuntu:latest 4. docker images Lists all downloaded images. Example: docker
images
5. docker run Creates and starts a new container from an image. Example:
docker run
-it ubuntu bash 6. docker ps Lists running containers. Example: docker ps 7.
docker
ps -a Lists all containers, including stopped ones. Example: docker ps -a 8.
docker
stop Stops a running container. Example: docker stop container_name 9.
docker start
Starts a stopped container. Example: docker start container_name 10. docker
rm
Removes a container. Example: docker rm container_name 11. docker rmi
Removes an
image. Example: docker rmi image_name 12. docker exec Runs a command inside
a
running container. Example: docker exec -it container_name bash
Intermediate Docker Commands
+
13. docker build Builds an image from a Dockerfile. Example: docker build -t
my_image . 14. docker commit Creates a new image from a container’s changes.
Example: docker commit container_name my_image:tag 15. docker logs Fetches
logs from
a container. Example: docker logs container_name 16. docker inspect Returns
detailed
information about an object (container or image). Example: docker inspect
container_name 17. docker stats Displays live resource usage statistics of
running
containers. Example: docker stats 18. docker cp Copies files between a
container and
the host. Example: docker cp container_name:/path/in/container /path/on/host
19.
docker rename Renames a container. Example: docker rename old_name new_name
20.
docker network ls Lists all Docker networks. Example: docker network ls 21.
docker
network create Creates a new Docker network. Example: docker network create
my_network 22. docker network inspect Shows details about a Docker network.
Example:
docker network inspect my_network 23. docker network connect Connects a
container to
a network. Example: docker network connect my_network container_name 24.
docker
volume ls Lists all Docker volumes. Example: docker volume ls 25. docker
volume
create Creates a new Docker volume. Example: docker volume create my_volume
26.
docker volume inspect Provides details about a volume. Example: docker
volume
inspect my_volume 27. docker volume rm Removes a Docker volume. Example:
docker
volume rm my_volume
Advanced Docker Commands
+
28. docker-compose up Starts services defined in a docker-compose.yml file.
Example:
docker-compose up 29. docker-compose down Stops and removes services defined
in a
docker-compose.yml file. Example: docker-compose down 30. docker-compose
logs
Displays logs for services managed by Docker Compose. Example:
docker-compose logs
31. docker-compose exec Runs a command in a service’s container. Example:
docker-compose exec service_name bash 32. docker save Exports an image to a
tar
file. Example: docker save -o my_image.tar my_image:tag 33. docker load
Imports an
image from a tar file. Example: docker load < my_image.tar 34. docker export
Exports a container’s filesystem as a tar file. Example: docker export
container_name>
container.tar 35. docker import Creates an image from an exported
container.
Example: docker import container.tar my_new_image 36. docker system df
Displays
disk usage by Docker objects. Example: docker system df 37. docker
system prune
Cleans up unused Docker resources (images, containers, volumes,
networks).
Example: docker system prune 38. docker tag Assigns a new tag to an
image.
Example: docker tag old_image_name new_image_name 39. docker push
Uploads an
image to a Docker registry. Example: docker push my_image:tag 40. docker
login
Logs into a Docker registry. Example: docker login 41. docker logout
Logs out of
a Docker registry. Example: docker logout 42. docker swarm init
Initializes a
Docker Swarm mode cluster. Example: docker swarm init 43. docker service
create
Creates a new service in Swarm mode. Example: docker service create
--name
my_service nginx 44. docker stack deploy Deploys a stack using a Compose
file in
Swarm mode. Example: docker stack deploy -c docker-compose.yml my_stack
45.
docker stack rm Removes a stack in Swarm mode. Example: docker stack rm
my_stack
46. docker checkpoint create Creates a checkpoint for a container.
Example:
docker checkpoint create container_name checkpoint_name 47. docker
checkpoint ls
Lists checkpoints for a container. Example: docker checkpoint ls
container_name
48. docker checkpoint rm Removes a checkpoint. Example: docker
checkpoint rm
container_name checkpoint_name
Basic Kubernetes Commands -
+
Kubernetes is the conductor of your container orchestra. It automates
deployment,
scaling, and management of containerized applications across server
clusters. 1.
kubectl version Displays the Kubernetes client and server version. Example:
kubectl
version --short 2. kubectl cluster-info Shows information about the
Kubernetes
cluster. Example: kubectl cluster-info 3. kubectl get nodes Lists all nodes
in the
cluster. Example: kubectl get nodes 4. kubectl get pods Lists all pods in
the
default namespace. Example: kubectl get pods 5. kubectl get services Lists
all
services in the default namespace. Example: kubectl get services 6. kubectl
get
namespaces Lists all namespaces in the cluster. Example: kubectl get
namespaces 7.
kubectl describe pod Shows detailed information about a specific pod.
Example:
kubectl describe pod pod-name 8. kubectl logs Displays logs for a specific
pod.
Example: kubectl logs pod-name 9. kubectl create namespace Creates a new
namespace.
Example: kubectl create namespace my-namespace 10. kubectl delete pod
Deletes a
specific pod. Example: kubectl delete pod pod-name
Intermediate Kubernetes Commands
+
11. kubectl apply Applies changes defined in a YAML file. Example: kubectl
apply -f
deployment.yaml 12. kubectl delete Deletes resources defined in a YAML file.
Example: kubectl delete -f deployment.yaml 13. kubectl scale Scales a
deployment to
the desired number of replicas. Example: kubectl scale deployment
my-deployment
--replicas=3 14. kubectl expose Exposes a pod or deployment as a service.
Example:
kubectl expose deployment my-deployment --type=LoadBalancer --port=80 15.
kubectl
exec Executes a command in a running pod. Example: kubectl exec -it pod-name
--
/bin/bash 16. kubectl port-forward Forwards a local port to a port in a pod.
Example: kubectl port-forward pod-name 8080:80 17. kubectl get configmaps
Lists all
ConfigMaps in the namespace. Example: kubectl get configmaps 18. kubectl get
secrets
Lists all Secrets in the namespace. Example: kubectl get secrets 19. kubectl
edit
Edits a resource definition directly in the editor. Example: kubectl edit
deployment
my-deployment 20. kubectl rollout status Displays the status of a deployment
rollout. Example: kubectl rollout status deployment/my-deployment
Advanced Kubernetes Commands
+
21. kubectl rollout undo Rolls back a deployment to a previous revision.
Example:
kubectl rollout undo deployment/my-deployment 22. kubectl top nodes Shows
resource
usage for nodes. Example: kubectl top nodes 23. kubectl top pods Displays
resource
usage for pods. Example: kubectl top pods 24. kubectl cordon Marks a node as
unschedulable. Example: kubectl cordon node-name 25. kubectl uncordon Marks
a node
as schedulable. Example: kubectl uncordon node-name 26. kubectl drain Safely
evicts
all pods from a node. Example: kubectl drain node-name --ignore-daemonsets
27.
kubectl taint Adds a taint to a node to control pod placement. Example:
kubectl
taint nodes node-name key=value:NoSchedule 28. kubectl get events Lists all
events
in the cluster. Example: kubectl get events 29. kubectl apply -k Applies
resources
from a kustomization directory. Example: kubectl apply -k
./kustomization-dir/ 30.
kubectl config view Displays the kubeconfig file. Example: kubectl config
view 31.
kubectl config use-context Switches the active context in kubeconfig.
Example:
kubectl config use-context my-cluster 32. kubectl debug Creates a debugging
session
for a pod. Example: kubectl debug pod-name 33. kubectl delete namespace
Deletes a
namespace and its resources. Example: kubectl delete namespace my-namespace
34.
kubectl patch Updates a resource using a patch. Example: kubectl patch
deployment
my-deployment -p '{"spec": {"replicas": 2}}' 35. kubectl rollout history
Shows the
rollout history of a deployment. Example: kubectl rollout history deployment
my-deployment 36. kubectl autoscale Automatically scales a deployment based
on
resource usage. Example: kubectl autoscale deployment my-deployment
--cpu-percent=50
--min=1 --max=10 37. kubectl label Adds or modifies a label on a resource.
Example:
kubectl label pod pod-name environment=production 38. kubectl annotate Adds
or
modifies an annotation on a resource. Example: kubectl annotate pod pod-name
description="My app pod" 39. kubectl delete pv Deletes a PersistentVolume
(PV).
Example: kubectl delete pv my-pv 40. kubectl get ingress Lists all Ingress
resources
in the namespace. Example: kubectl get ingress 41. kubectl create configmap
Creates
a ConfigMap from a file or literal values. Example: kubectl create configmap
my-config --from-literal=key1=value1 42. kubectl create secret Creates a
Secret from
a file or literal values. Example: kubectl create secret generic my-secret
--from-literal=password=myPassword 43. kubectl api-resources Lists all
available API
resources in the cluster. Example: kubectl api-resources 44. kubectl
api-versions
Lists all API versions supported by the cluster. Example: kubectl
api-versions 45.
kubectl get crds Lists all CustomResourceDefinitions (CRDs). Example:
kubectl get
crds
Basic Helm Commands -
+
Helm is the app store for Kubernetes. It simplifies installing and managing
complex
applications using pre-packaged "charts" - think of it like apt-get for
Kubernetes.
1. helm help Displays help for the Helm CLI or a specific command. Example:
helm
help 2. helm version Shows the Helm client and server version. Example: helm
version
3. helm repo add Adds a new chart repository. Example: helm repo add stable
https://charts.helm.sh/stable 4. helm repo update Updates all Helm chart
repositories to the latest version. Example: helm repo update 5. helm repo
list
Lists all the repositories added to Helm. Example: helm repo list 6. helm
search hub
Searches for charts on Helm Hub. Example: helm search hub nginx 7. helm
search repo
Searches for charts in the repositories. Example: helm search repo
stable/nginx 8.
helm show chart Displays information about a chart, including metadata and
dependencies. Example: helm show chart stable/nginx
Installing and Upgrading Charts
+
9. helm install Installs a chart into a Kubernetes cluster. Example: helm
install
my-release stable/nginx 10. helm upgrade Upgrades an existing release with a
new
version of the chart. Example: helm upgrade my-release stable/nginx 11. helm
upgrade
--install Installs a chart if it isn’t installed or upgrades it if it
exists.
Example: helm upgrade --install my-release stable/nginx 12. helm uninstall
Uninstalls a release. Example: helm uninstall my-release 13. helm list Lists
all the
releases installed on the Kubernetes cluster. Example: helm list 14. helm
status
Displays the status of a release. Example: helm status my-release
Working with Helm Charts
+
15. helm create Creates a new Helm chart in a specified directory. Example:
helm
create my-chart 16. helm lint Lints a chart to check for common errors.
Example:
helm lint ./my-chart 17. helm package Packages a chart into a .tgz file.
Example:
helm package ./my-chart 18. helm template Renders the Kubernetes YAML files
from a
chart without installing it. Example: helm template my-release ./my-chart
19. helm
dependency update Updates the dependencies in the Chart.yaml file. Example:
helm
dependency update ./my-chart
Advanced Helm Commands
+
20. helm rollback Rolls back a release to a previous version. Example: helm
rollback
my-release 1 21. helm history Displays the history of a release. Example:
helm
history my-release 22. helm get all Gets all information (including values
and
templates) for a release. Example: helm get all my-release 23. helm get
values
Displays the values used in a release. Example: helm get values my-release
24. helm
test Runs tests defined in a chart. Example: helm test my-release
Helm Chart Repositories
+
25. helm repo remove Removes a chart repository. Example: helm repo remove
stable
26. helm repo update Updates the local cache of chart repositories. Example:
helm
repo update 27. helm repo index Creates or updates the index file for a
chart
repository. Example: helm repo index ./charts
Helm Values and Customization
+
28. helm install --values Installs a chart with custom values. Example: helm
install
my-release stable/nginx --values values.yaml 29. helm upgrade --values
Upgrades a
release with custom values. Example: helm upgrade my-release stable/nginx
--values
values.yaml 30. helm install --set Installs a chart with a custom value set
directly
in the command. Example: helm install my-release stable/nginx --set
replicaCount=3
31. helm upgrade --set Upgrades a release with a custom value set. Example:
helm
upgrade my-release stable/nginx --set replicaCount=5 32. helm uninstall
--purge
Removes a release and deletes associated resources, including the release
history.
Example: helm uninstall my-release --purge
Helm Template and Debugging
+
33. helm template --debug Renders Kubernetes manifests and includes debug
output.
Example: helm template my-release ./my-chart --debug 34. helm install
--dry-run
Simulates the installation process to show what will happen without actually
installing. Example: helm install my-release stable/nginx --dry-run 35. helm
upgrade
--dry-run Simulates an upgrade process without actually applying it.
Example: helm
upgrade my-release stable/nginx --dry-run
Helm and Kubernetes Integration
+
36. helm list --namespace Lists releases in a specific Kubernetes namespace.
Example: helm list --namespace kube-system 37. helm uninstall --namespace
Uninstalls
a release from a specific namespace. Example: helm uninstall my-release
--namespace
kube-system 38. helm install --namespace Installs a chart into a specific
namespace.
Example: helm install my-release stable/nginx --namespace mynamespace 39.
helm
upgrade --namespace Upgrades a release in a specific namespace. Example:
helm
upgrade my-release stable/nginx --namespace mynamespace
Helm Chart Development
+
40. helm package --sign Packages a chart and signs it using a GPG key.
Example: helm
package ./my-chart --sign --key my-key-id 41. helm create --starter Creates
a new
Helm chart based on a starter template. Example: helm create --starter
https://github.com/helm/charts.git 42. helm push Pushes a chart to a Helm
chart
repository. Example: helm push ./my-chart my-repo
Helm with Kubernetes CLI
+
43. helm list -n Lists releases in a specific Kubernetes namespace. Example:
helm
list -n kube-system 44. helm install --kube-context Installs a chart to a
Kubernetes
cluster defined in a specific kubeconfig context. Example: helm install
my-release
stable/nginx --kube-context my-cluster 45. helm upgrade --kube-context
Upgrades a
release in a specific Kubernetes context. Example: helm upgrade my-release
stable/nginx --kube-context my-cluster
Helm Chart Dependencies
+
46. helm dependency build Builds dependencies for a Helm chart. Example:
helm
dependency build ./my-chart 47. helm dependency list Lists all dependencies
for a
chart. Example: helm dependency list ./my-chart
Helm History and Rollbacks
+
48. helm rollback --recreate-pods Rolls back to a previous version and
recreates
pods. Example: helm rollback my-release 2 --recreate-pods 49. helm history
--max
Limits the number of versions shown in the release history. Example: helm
history
my-release --max 5
Basic Terraform Commands -
+
Terraform lets you build cloud infrastructure with code. Instead of clicking
buttons
in AWS/GCP/Azure consoles, you define servers and services in configuration
files.
50. terraform --help = Displays general help for Terraform CLI commands. 51.
terraform init = Initializes the working directory containing Terraform
configuration files. It downloads the necessary provider plugins. 52.
terraform
validate = Validates the Terraform configuration files for syntax errors or
issues.
53. terraform plan - Creates an execution plan, showing what actions
Terraform will
perform to make the infrastructure match the desired configuration. 54.
terraform
apply = Applies the changes required to reach the desired state of the
configuration. It will prompt for approval before making changes. 55.
terraform show
= Displays the Terraform state or a plan in a human-readable format. 56.
terraform
output = Displays the output values defined in the Terraform configuration
after an
apply. 57. terraform destroy = Destroys the infrastructure defined in the
Terraform
configuration. It prompts for confirmation before destroying resources. 58.
terraform refresh = Updates the state file with the real infrastructure's
current
state without applying changes. 59. terraform taint = Marks a resource for
recreation on the next apply. Useful for forcing a resource to be recreated
even if
it hasn't been changed. 60. terraform untaint = Removes the "tainted" status
from a
resource. 61. terraform state = Manages Terraform state files, such as
moving
resources between modules or manually 62. terraform import = Imports
existing
infrastructure into Terraform management. 63. terraform graph = Generates a
graphical representation of Terraform's resources and their relationships.
64.
terraform providers = Lists the providers available for the current
Terraform
configuration. 65. terraform state list = Lists all resources tracked in the
Terraform state file. 66. terraform backend = Configures the backend for
storing
Terraform state remotely (e.g., in S3, Azure Blob Storage, etc.). 67.
terraform
state mv = Moves an item in the state from one location to another. 68.
terraform
state rm = Removes an item from the Terraform state file. 69. terraform
workspace =
Manages Terraform workspaces, which allow for creating separate environments
within
a single configuration. 70. terraform workspace new = Creates a new
workspace. 71.
terraform module = Manages and updates Terraform modules, which are reusable
configurations. 72. terraform init -get-plugins=true = Ensures that required
plugins
are fetched and available for modules. 73. TF_LOG = Sets the logging level
for
Terraform debug output (e.g., TRACE, DEBUG, INFO, WARN, ERROR). 74.
TF_LOG_PATH =
Directs Terraform logs to a specified file. 75. terraform login = Logs into
Terraform Cloud or Terraform Enterprise for managing remote backends and
workspaces.
76. terraform remote = Manages remote backends and remote state storage for
Terraform configurations. terraform push = Pushes Terraform modules to a
remote
module registry.
Basic Linux Commands -
+
Linux is the foundation of DevOps operations - it's like a Swiss Army knife
for
servers. These commands help you navigate systems, manage files, configure
permissions, and automate tasks in terminal environments. 1. pwd - Print the
current
working directory. 2. ls - List files and directories. 3. cd - Change
directory. 4.
touch - Create an empty file. 5. mkdir - Create a new directory. 6. rm -
Remove
files or directories. 7. rmdir - Remove empty directories. 8. cp - Copy
files or
directories. 9. mv - Move or rename files and directories. 10. cat - Display
the
content of a file. 11. echo - Display a line of text. 12. clear - Clear the
terminal
screen.
Intermediate Linux Commands
+
13. chmod - Change file permissions. 14. chown - Change file ownership. 15.
find -
Search for files and directories. 16. grep - Search for text in a file. 17.
wc -
Count lines, words, and characters in a file. 18. head - Display the first
few lines
of a file. 19. tail - Display the last few lines of a file. 20. sort - Sort
the
contents of a file. 21. uniq - Remove duplicate lines from a file. 22. diff
-
Compare two files line by line. 23. tar - Archive files into a tarball. 24.
zip/unzip - Compress and extract ZIP files. 25. df - Display disk space
usage. 26.
du - Display directory size. 27. top - Monitor system processes in real
time. 28. ps
- Display active processes. 29. kill - Terminate a process by its PID. 30.
ping -
Check network connectivity. 31. wget - Download files from the internet. 32.
curl -
Transfer data from or to a server. 33. scp - Securely copy files between
systems.
34. rsync - Synchronize files and directories.
Advanced Linux Commands
+
35. awk - Text processing and pattern scanning. 36. sed - Stream editor for
filtering and transforming text. 37. cut - Remove sections from each line of
a file.
38. tr - Translate or delete characters. 39. xargs - Build and execute
command lines
from standard input. 40. ln - Create symbolic or hard links. 41. df -h -
Display
disk usage in human-readable format. 42. free - Display memory usage. 43.
iostat -
Display CPU and I/O statistics. 44. netstat - Network statistics (use ss as
modern
alternative). 45. ifconfig/ip - Configure network interfaces (use ip as
modern
alternative). 46. iptables - Configure firewall rules. 47. systemctl -
Control the
systemd system and service manager. 48. journalctl - View system logs. 49.
crontab -
Schedule recurring tasks. 50. at - Schedule tasks for a specific time. 51.
uptime -
Display system uptime. 52. whoami - Display the current user. 53. users -
List all
users currently logged in. 54. hostname - Display or set the system
hostname. 55.
env - Display environment variables. 56. export - Set environment variables.
Networking Commands
+
57. ip addr - Display or configure IP addresses. 58. ip route - Show or
manipulate
routing tables. 59. traceroute - Trace the route packets take to a host. 60.
nslookup - Query DNS records. 61. dig - Query DNS servers. 62. ssh - Connect
to a
remote server via SSH. 63. ftp - Transfer files using the FTP protocol. 64.
nmap -
Network scanning and discovery. 65. telnet - Communicate with remote hosts.
66.
netcat (nc) - Read/write data over networks.
File Management and Search
+
67. locate - Find files quickly using a database. 68. stat - Display
detailed
information about a file. 69. tree - Display directories as a tree. 70. file
-
Determine a file’s type. 71. basename - Extract the filename from a path.
72.
dirname - Extract the directory part of a path.
System Monitoring
+
73. vmstat - Display virtual memory statistics. 74. htop - Interactive
process
viewer (alternative to top). 75. lsof - List open files. 76. dmesg - Print
kernel
ring buffer messages. 77. uptime - Show how long the system has been
running. 78.
iotop - Display real-time disk I/O by processes.
Package Management
+
79. apt - Package manager for Debian-based distributions. 80. yum/dnf -
Package
manager for RHEL-based distributions. 81. snap - Manage snap packages. 82.
rpm -
Manage RPM packages.
Disk and Filesystem
+
83. mount/umount - Mount or unmount filesystems. 84. fsck - Check and repair
filesystems. 85. mkfs - Create a new filesystem. 86. blkid - Display
information
about block devices. 87. lsblk - List information about block devices. 88.
parted -
Manage partitions interactively.
Scripting and Automation
+
89. bash - Command interpreter and scripting shell. 90. sh - Legacy shell
interpreter. 91. cron - Automate tasks. 92. alias - Create shortcuts for
commands.
93. source - Execute commands from a file in the current shell.
Development and Debugging
+
94. gcc - Compile C programs. 95. make - Build and manage projects. 96.
strace -
Trace system calls and signals. 97. gdb - Debug programs. 98. git - Version
control
system. 99. vim/nano - Text editors for scripting and editing.
Other Useful Commands
+
100. uptime - Display system uptime. 101. date - Display or set the system
date and
time. 102. cal - Display a calendar. 103. man - Display the manual for a
command.
104. history - Show previously executed commands. 105. alias - Create custom
shortcuts for commands.
Basic Git Commands
+
Git is your code time machine. It tracks every change, enables team
collaboration
without conflicts, and lets you undo mistakes. These commands help manage
source
code versions like a professional developer. 1. git init Initializes a new
Git
repository in the current directory. Example: git init 2. git clone Copies a
remote
repository to the local machine. Example: git clone
https://github.com/user/repo.git
3. git status Displays the state of the working directory and staging area.
Example:
git status 4. git add Adds changes to the staging area. Example: git add
file.txt 5.
git commit Records changes to the repository. Example: git commit -m
"Initial
commit" 6. git config Configures user settings, such as name and email.
Example: git
config --global user.name "Your Name" 7. git log Shows the commit history.
Example:
git log 8. git show Displays detailed information about a specific commit.
Example:
git show 9. git diff Shows changes between commits, the working directory,
and the
staging area. Example: git diff 10. git reset Unstages changes or resets
commits.
Example: git reset HEAD file.txt
Branching and Merging
+
11. git branch Lists branches or creates a new branch. Example: git branch
feature-branch 12. git checkout Switches between branches or restores files.
Example: git checkout feature-branch 13. git switch Switches branches
(modern
alternative to git checkout). Example: git switch feature-branch 14. git
merge
Combines changes from one branch into another. Example: git merge
feature-branch 15.
git rebase Moves or combines commits from one branch onto another. Example:
git
rebase main 16. git cherry-pick Applies specific commits from one branch to
another.
Example: git cherry-pick
Remote Repositories
+
17. git remote Manages remote repository connections. Example: git remote
add origin
https://github.com/user/repo.git 18. git push Sends changes to a remote
repository.
Example: git push origin main 19. git pull Fetches and merges changes from a
remote
repository. Example: git pull origin main 20. git fetch Downloads changes
from a
remote repository without merging. Example: git fetch origin 21. git remote
-v Lists
the URLs of remote repositories. Example: git remote -v
Stashing and Cleaning
+
22. git stash Temporarily saves changes not yet committed. Example: git
stash 23.
git stash pop Applies stashed changes and removes them from the stash list.
Example:
git stash pop 24. git stash list Lists all stashes. Example: git stash list
25. git
clean Removes untracked files from the working directory. Example: git clean
-f
Tagging
+
26. git tag Creates a tag for a specific commit. Example: git tag -a v1.0 -m
"Version 1.0" 27. git tag -d Deletes a tag. Example: git tag -d v1.0 28. git
push
--tags Pushes tags to a remote repository. Example: git push origin --tags
Advanced Commands
+
29. git bisect Finds the commit that introduced a bug. Example: git bisect
start 30.
git blame Shows which commit and author modified each line of a file.
Example: git
blame file.txt 31. git reflog Shows a log of changes to the tip of branches.
Example: git reflog 32. git submodule Manages external repositories as
submodules.
Example: git submodule add https://github.com/user/repo.git 33. git archive
Creates
an archive of the repository files. Example: git archive --format=zip HEAD >
archive.zip 34. git gc Cleans up unnecessary files and optimizes the
repository.
Example: git gc
GitHub-Specific Commands
+
35. gh auth login Logs into GitHub via the command line. Example: gh auth
login 36.
gh repo clone Clones a GitHub repository. Example: gh repo clone user/repo
37. gh
issue list Lists issues in a GitHub repository. Example: gh issue list 38.
gh pr
create Creates a pull request on GitHub. Example: gh pr create --title "New
Feature"
--body "Description of the feature" 39. gh repo create Creates a new GitHub
repository. Example: gh repo create my-repo
Basic Docker Commands -
+
Docker packages applications into portable containers - like shipping
containers for
software. These commands help build, ship, and run applications consistently
across
any environment. 1. docker --version Displays the installed Docker version.
Example:
docker --version 2. docker info Shows system-wide information about Docker,
such as
the number of containers and images. Example: docker info 3. docker pull
Downloads
an image from a Docker registry (default: Docker Hub). Example: docker pull
ubuntu:latest 4. docker images Lists all downloaded images. Example: docker
images
5. docker run Creates and starts a new container from an image. Example:
docker run
-it ubuntu bash 6. docker ps Lists running containers. Example: docker ps 7.
docker
ps -a Lists all containers, including stopped ones. Example: docker ps -a 8.
docker
stop Stops a running container. Example: docker stop container_name 9.
docker start
Starts a stopped container. Example: docker start container_name 10. docker
rm
Removes a container. Example: docker rm container_name 11. docker rmi
Removes an
image. Example: docker rmi image_name 12. docker exec Runs a command inside
a
running container. Example: docker exec -it container_name bash
Intermediate Docker Commands
+
13. docker build Builds an image from a Dockerfile. Example: docker build -t
my_image . 14. docker commit Creates a new image from a container’s changes.
Example: docker commit container_name my_image:tag 15. docker logs Fetches
logs from
a container. Example: docker logs container_name 16. docker inspect Returns
detailed
information about an object (container or image). Example: docker inspect
container_name 17. docker stats Displays live resource usage statistics of
running
containers. Example: docker stats 18. docker cp Copies files between a
container and
the host. Example: docker cp container_name:/path/in/container /path/on/host
19.
docker rename Renames a container. Example: docker rename old_name new_name
20.
docker network ls Lists all Docker networks. Example: docker network ls 21.
docker
network create Creates a new Docker network. Example: docker network create
my_network 22. docker network inspect Shows details about a Docker network.
Example:
docker network inspect my_network 23. docker network connect Connects a
container to
a network. Example: docker network connect my_network container_name 24.
docker
volume ls Lists all Docker volumes. Example: docker volume ls 25. docker
volume
create Creates a new Docker volume. Example: docker volume create my_volume
26.
docker volume inspect Provides details about a volume. Example: docker
volume
inspect my_volume 27. docker volume rm Removes a Docker volume. Example:
docker
volume rm my_volume
Advanced Docker Commands
+
28. docker-compose up Starts services defined in a docker-compose.yml file.
Example:
docker-compose up 29. docker-compose down Stops and removes services defined
in a
docker-compose.yml file. Example: docker-compose down 30. docker-compose
logs
Displays logs for services managed by Docker Compose. Example:
docker-compose logs
31. docker-compose exec Runs a command in a service’s container. Example:
docker-compose exec service_name bash 32. docker save Exports an image to a
tar
file. Example: docker save -o my_image.tar my_image:tag 33. docker load
Imports an
image from a tar file. Example: docker load < my_image.tar 34. docker export
Exports a container’s filesystem as a tar file. Example: docker export
container_name>
container.tar 35. docker import Creates an image from an exported
container.
Example: docker import container.tar my_new_image 36. docker system df
Displays
disk usage by Docker objects. Example: docker system df 37. docker
system prune
Cleans up unused Docker resources (images, containers, volumes,
networks).
Example: docker system prune 38. docker tag Assigns a new tag to an
image.
Example: docker tag old_image_name new_image_name 39. docker push
Uploads an
image to a Docker registry. Example: docker push my_image:tag 40. docker
login
Logs into a Docker registry. Example: docker login 41. docker logout
Logs out of
a Docker registry. Example: docker logout 42. docker swarm init
Initializes a
Docker Swarm mode cluster. Example: docker swarm init 43. docker service
create
Creates a new service in Swarm mode. Example: docker service create
--name
my_service nginx 44. docker stack deploy Deploys a stack using a Compose
file in
Swarm mode. Example: docker stack deploy -c docker-compose.yml my_stack
45.
docker stack rm Removes a stack in Swarm mode. Example: docker stack rm
my_stack
46. docker checkpoint create Creates a checkpoint for a container.
Example:
docker checkpoint create container_name checkpoint_name 47. docker
checkpoint ls
Lists checkpoints for a container. Example: docker checkpoint ls
container_name
48. docker checkpoint rm Removes a checkpoint. Example: docker
checkpoint rm
container_name checkpoint_name
Basic Kubernetes Commands -
+
Kubernetes is the conductor of your container orchestra. It automates
deployment,
scaling, and management of containerized applications across server
clusters. 1.
kubectl version Displays the Kubernetes client and server version. Example:
kubectl
version --short 2. kubectl cluster-info Shows information about the
Kubernetes
cluster. Example: kubectl cluster-info 3. kubectl get nodes Lists all nodes
in the
cluster. Example: kubectl get nodes 4. kubectl get pods Lists all pods in
the
default namespace. Example: kubectl get pods 5. kubectl get services Lists
all
services in the default namespace. Example: kubectl get services 6. kubectl
get
namespaces Lists all namespaces in the cluster. Example: kubectl get
namespaces 7.
kubectl describe pod Shows detailed information about a specific pod.
Example:
kubectl describe pod pod-name 8. kubectl logs Displays logs for a specific
pod.
Example: kubectl logs pod-name 9. kubectl create namespace Creates a new
namespace.
Example: kubectl create namespace my-namespace 10. kubectl delete pod
Deletes a
specific pod. Example: kubectl delete pod pod-name
Intermediate Kubernetes Commands
+
11. kubectl apply Applies changes defined in a YAML file. Example: kubectl
apply -f
deployment.yaml 12. kubectl delete Deletes resources defined in a YAML file.
Example: kubectl delete -f deployment.yaml 13. kubectl scale Scales a
deployment to
the desired number of replicas. Example: kubectl scale deployment
my-deployment
--replicas=3 14. kubectl expose Exposes a pod or deployment as a service.
Example:
kubectl expose deployment my-deployment --type=LoadBalancer --port=80 15.
kubectl
exec Executes a command in a running pod. Example: kubectl exec -it pod-name
--
/bin/bash 16. kubectl port-forward Forwards a local port to a port in a pod.
Example: kubectl port-forward pod-name 8080:80 17. kubectl get configmaps
Lists all
ConfigMaps in the namespace. Example: kubectl get configmaps 18. kubectl get
secrets
Lists all Secrets in the namespace. Example: kubectl get secrets 19. kubectl
edit
Edits a resource definition directly in the editor. Example: kubectl edit
deployment
my-deployment 20. kubectl rollout status Displays the status of a deployment
rollout. Example: kubectl rollout status deployment/my-deployment
Advanced Kubernetes Commands
+
21. kubectl rollout undo Rolls back a deployment to a previous revision.
Example:
kubectl rollout undo deployment/my-deployment 22. kubectl top nodes Shows
resource
usage for nodes. Example: kubectl top nodes 23. kubectl top pods Displays
resource
usage for pods. Example: kubectl top pods 24. kubectl cordon Marks a node as
unschedulable. Example: kubectl cordon node-name 25. kubectl uncordon Marks
a node
as schedulable. Example: kubectl uncordon node-name 26. kubectl drain Safely
evicts
all pods from a node. Example: kubectl drain node-name --ignore-daemonsets
27.
kubectl taint Adds a taint to a node to control pod placement. Example:
kubectl
taint nodes node-name key=value:NoSchedule 28. kubectl get events Lists all
events
in the cluster. Example: kubectl get events 29. kubectl apply -k Applies
resources
from a kustomization directory. Example: kubectl apply -k
./kustomization-dir/ 30.
kubectl config view Displays the kubeconfig file. Example: kubectl config
view 31.
kubectl config use-context Switches the active context in kubeconfig.
Example:
kubectl config use-context my-cluster 32. kubectl debug Creates a debugging
session
for a pod. Example: kubectl debug pod-name 33. kubectl delete namespace
Deletes a
namespace and its resources. Example: kubectl delete namespace my-namespace
34.
kubectl patch Updates a resource using a patch. Example: kubectl patch
deployment
my-deployment -p '{"spec": {"replicas": 2}}' 35. kubectl rollout history
Shows the
rollout history of a deployment. Example: kubectl rollout history deployment
my-deployment 36. kubectl autoscale Automatically scales a deployment based
on
resource usage. Example: kubectl autoscale deployment my-deployment
--cpu-percent=50
--min=1 --max=10 37. kubectl label Adds or modifies a label on a resource.
Example:
kubectl label pod pod-name environment=production 38. kubectl annotate Adds
or
modifies an annotation on a resource. Example: kubectl annotate pod pod-name
description="My app pod" 39. kubectl delete pv Deletes a PersistentVolume
(PV).
Example: kubectl delete pv my-pv 40. kubectl get ingress Lists all Ingress
resources
in the namespace. Example: kubectl get ingress 41. kubectl create configmap
Creates
a ConfigMap from a file or literal values. Example: kubectl create configmap
my-config --from-literal=key1=value1 42. kubectl create secret Creates a
Secret from
a file or literal values. Example: kubectl create secret generic my-secret
--from-literal=password=myPassword 43. kubectl api-resources Lists all
available API
resources in the cluster. Example: kubectl api-resources 44. kubectl
api-versions
Lists all API versions supported by the cluster. Example: kubectl
api-versions 45.
kubectl get crds Lists all CustomResourceDefinitions (CRDs). Example:
kubectl get
crds
Basic Helm Commands -
+
Helm is the app store for Kubernetes. It simplifies installing and managing
complex
applications using pre-packaged "charts" - think of it like apt-get for
Kubernetes.
1. helm help Displays help for the Helm CLI or a specific command. Example:
helm
help 2. helm version Shows the Helm client and server version. Example: helm
version
3. helm repo add Adds a new chart repository. Example: helm repo add stable
https://charts.helm.sh/stable 4. helm repo update Updates all Helm chart
repositories to the latest version. Example: helm repo update 5. helm repo
list
Lists all the repositories added to Helm. Example: helm repo list 6. helm
search hub
Searches for charts on Helm Hub. Example: helm search hub nginx 7. helm
search repo
Searches for charts in the repositories. Example: helm search repo
stable/nginx 8.
helm show chart Displays information about a chart, including metadata and
dependencies. Example: helm show chart stable/nginx
Installing and Upgrading Charts
+
9. helm install Installs a chart into a Kubernetes cluster. Example: helm
install
my-release stable/nginx 10. helm upgrade Upgrades an existing release with a
new
version of the chart. Example: helm upgrade my-release stable/nginx 11. helm
upgrade
--install Installs a chart if it isn’t installed or upgrades it if it
exists.
Example: helm upgrade --install my-release stable/nginx 12. helm uninstall
Uninstalls a release. Example: helm uninstall my-release 13. helm list Lists
all the
releases installed on the Kubernetes cluster. Example: helm list 14. helm
status
Displays the status of a release. Example: helm status my-release
Working with Helm Charts
+
15. helm create Creates a new Helm chart in a specified directory. Example:
helm
create my-chart 16. helm lint Lints a chart to check for common errors.
Example:
helm lint ./my-chart 17. helm package Packages a chart into a .tgz file.
Example:
helm package ./my-chart 18. helm template Renders the Kubernetes YAML files
from a
chart without installing it. Example: helm template my-release ./my-chart
19. helm
dependency update Updates the dependencies in the Chart.yaml file. Example:
helm
dependency update ./my-chart
Advanced Helm Commands
+
20. helm rollback Rolls back a release to a previous version. Example: helm
rollback
my-release 1 21. helm history Displays the history of a release. Example:
helm
history my-release 22. helm get all Gets all information (including values
and
templates) for a release. Example: helm get all my-release 23. helm get
values
Displays the values used in a release. Example: helm get values my-release
24. helm
test Runs tests defined in a chart. Example: helm test my-release
Helm Chart Repositories
+
25. helm repo remove Removes a chart repository. Example: helm repo remove
stable
26. helm repo update Updates the local cache of chart repositories. Example:
helm
repo update 27. helm repo index Creates or updates the index file for a
chart
repository. Example: helm repo index ./charts
Helm Values and Customization
+
28. helm install --values Installs a chart with custom values. Example: helm
install
my-release stable/nginx --values values.yaml 29. helm upgrade --values
Upgrades a
release with custom values. Example: helm upgrade my-release stable/nginx
--values
values.yaml 30. helm install --set Installs a chart with a custom value set
directly
in the command. Example: helm install my-release stable/nginx --set
replicaCount=3
31. helm upgrade --set Upgrades a release with a custom value set. Example:
helm
upgrade my-release stable/nginx --set replicaCount=5 32. helm uninstall
--purge
Removes a release and deletes associated resources, including the release
history.
Example: helm uninstall my-release --purge
Helm Template and Debugging
+
33. helm template --debug Renders Kubernetes manifests and includes debug
output.
Example: helm template my-release ./my-chart --debug 34. helm install
--dry-run
Simulates the installation process to show what will happen without actually
installing. Example: helm install my-release stable/nginx --dry-run 35. helm
upgrade
--dry-run Simulates an upgrade process without actually applying it.
Example: helm
upgrade my-release stable/nginx --dry-run
Helm and Kubernetes Integration
+
36. helm list --namespace Lists releases in a specific Kubernetes namespace.
Example: helm list --namespace kube-system 37. helm uninstall --namespace
Uninstalls
a release from a specific namespace. Example: helm uninstall my-release
--namespace
kube-system 38. helm install --namespace Installs a chart into a specific
namespace.
Example: helm install my-release stable/nginx --namespace mynamespace 39.
helm
upgrade --namespace Upgrades a release in a specific namespace. Example:
helm
upgrade my-release stable/nginx --namespace mynamespace
Helm Chart Development
+
40. helm package --sign Packages a chart and signs it using a GPG key.
Example: helm
package ./my-chart --sign --key my-key-id 41. helm create --starter Creates
a new
Helm chart based on a starter template. Example: helm create --starter
https://github.com/helm/charts.git 42. helm push Pushes a chart to a Helm
chart
repository. Example: helm push ./my-chart my-repo
Helm with Kubernetes CLI
+
43. helm list -n Lists releases in a specific Kubernetes namespace. Example:
helm
list -n kube-system 44. helm install --kube-context Installs a chart to a
Kubernetes
cluster defined in a specific kubeconfig context. Example: helm install
my-release
stable/nginx --kube-context my-cluster 45. helm upgrade --kube-context
Upgrades a
release in a specific Kubernetes context. Example: helm upgrade my-release
stable/nginx --kube-context my-cluster
Helm Chart Dependencies
+
46. helm dependency build Builds dependencies for a Helm chart. Example:
helm
dependency build ./my-chart 47. helm dependency list Lists all dependencies
for a
chart. Example: helm dependency list ./my-chart
Helm History and Rollbacks
+
48. helm rollback --recreate-pods Rolls back to a previous version and
recreates
pods. Example: helm rollback my-release 2 --recreate-pods 49. helm history
--max
Limits the number of versions shown in the release history. Example: helm
history
my-release --max 5
Basic Terraform Commands -
+
Terraform lets you build cloud infrastructure with code. Instead of clicking
buttons
in AWS/GCP/Azure consoles, you define servers and services in configuration
files.
50. terraform --help = Displays general help for Terraform CLI commands. 51.
terraform init = Initializes the working directory containing Terraform
configuration files. It downloads the necessary provider plugins. 52.
terraform
validate = Validates the Terraform configuration files for syntax errors or
issues.
53. terraform plan - Creates an execution plan, showing what actions
Terraform will
perform to make the infrastructure match the desired configuration. 54.
terraform
apply = Applies the changes required to reach the desired state of the
configuration. It will prompt for approval before making changes. 55.
terraform show
= Displays the Terraform state or a plan in a human-readable format. 56.
terraform
output = Displays the output values defined in the Terraform configuration
after an
apply. 57. terraform destroy = Destroys the infrastructure defined in the
Terraform
configuration. It prompts for confirmation before destroying resources. 58.
terraform refresh = Updates the state file with the real infrastructure's
current
state without applying changes. 59. terraform taint = Marks a resource for
recreation on the next apply. Useful for forcing a resource to be recreated
even if
it hasn't been changed. 60. terraform untaint = Removes the "tainted" status
from a
resource. 61. terraform state = Manages Terraform state files, such as
moving
resources between modules or manually 62. terraform import = Imports
existing
infrastructure into Terraform management. 63. terraform graph = Generates a
graphical representation of Terraform's resources and their relationships.
64.
terraform providers = Lists the providers available for the current
Terraform
configuration. 65. terraform state list = Lists all resources tracked in the
Terraform state file. 66. terraform backend = Configures the backend for
storing
Terraform state remotely (e.g., in S3, Azure Blob Storage, etc.). 67.
terraform
state mv = Moves an item in the state from one location to another. 68.
terraform
state rm = Removes an item from the Terraform state file. 69. terraform
workspace =
Manages Terraform workspaces, which allow for creating separate environments
within
a single configuration. 70. terraform workspace new = Creates a new
workspace. 71.
terraform module = Manages and updates Terraform modules, which are reusable
configurations. 72. terraform init -get-plugins=true = Ensures that required
plugins
are fetched and available for modules. 73. TF_LOG = Sets the logging level
for
Terraform debug output (e.g., TRACE, DEBUG, INFO, WARN, ERROR). 74.
TF_LOG_PATH =
Directs Terraform logs to a specified file. 75. terraform login = Logs into
Terraform Cloud or Terraform Enterprise for managing remote backends and
workspaces.
76. terraform remote = Manages remote backends and remote state storage for
Terraform configurations. terraform push = Pushes Terraform modules to a
remote
module registry.
Basic Linux Commands -
+
Linux is the foundation of DevOps operations - it's like a Swiss Army knife
for
servers. These commands help you navigate systems, manage files, configure
permissions, and automate tasks in terminal environments. 1. pwd - Print the
current
working directory. 2. ls - List files and directories. 3. cd - Change
directory. 4.
touch - Create an empty file. 5. mkdir - Create a new directory. 6. rm -
Remove
files or directories. 7. rmdir - Remove empty directories. 8. cp - Copy
files or
directories. 9. mv - Move or rename files and directories. 10. cat - Display
the
content of a file. 11. echo - Display a line of text. 12. clear - Clear the
terminal
screen.
Intermediate Linux Commands
+
13. chmod - Change file permissions. 14. chown - Change file ownership. 15.
find -
Search for files and directories. 16. grep - Search for text in a file. 17.
wc -
Count lines, words, and characters in a file. 18. head - Display the first
few lines
of a file. 19. tail - Display the last few lines of a file. 20. sort - Sort
the
contents of a file. 21. uniq - Remove duplicate lines from a file. 22. diff
-
Compare two files line by line. 23. tar - Archive files into a tarball. 24.
zip/unzip - Compress and extract ZIP files. 25. df - Display disk space
usage. 26.
du - Display directory size. 27. top - Monitor system processes in real
time. 28. ps
- Display active processes. 29. kill - Terminate a process by its PID. 30.
ping -
Check network connectivity. 31. wget - Download files from the internet. 32.
curl -
Transfer data from or to a server. 33. scp - Securely copy files between
systems.
34. rsync - Synchronize files and directories.
Advanced Linux Commands
+
35. awk - Text processing and pattern scanning. 36. sed - Stream editor for
filtering and transforming text. 37. cut - Remove sections from each line of
a file.
38. tr - Translate or delete characters. 39. xargs - Build and execute
command lines
from standard input. 40. ln - Create symbolic or hard links. 41. df -h -
Display
disk usage in human-readable format. 42. free - Display memory usage. 43.
iostat -
Display CPU and I/O statistics. 44. netstat - Network statistics (use ss as
modern
alternative). 45. ifconfig/ip - Configure network interfaces (use ip as
modern
alternative). 46. iptables - Configure firewall rules. 47. systemctl -
Control the
systemd system and service manager. 48. journalctl - View system logs. 49.
crontab -
Schedule recurring tasks. 50. at - Schedule tasks for a specific time. 51.
uptime -
Display system uptime. 52. whoami - Display the current user. 53. users -
List all
users currently logged in. 54. hostname - Display or set the system
hostname. 55.
env - Display environment variables. 56. export - Set environment variables.
Networking Commands
+
57. ip addr - Display or configure IP addresses. 58. ip route - Show or
manipulate
routing tables. 59. traceroute - Trace the route packets take to a host. 60.
nslookup - Query DNS records. 61. dig - Query DNS servers. 62. ssh - Connect
to a
remote server via SSH. 63. ftp - Transfer files using the FTP protocol. 64.
nmap -
Network scanning and discovery. 65. telnet - Communicate with remote hosts.
66.
netcat (nc) - Read/write data over networks.
File Management and Search
+
67. locate - Find files quickly using a database. 68. stat - Display
detailed
information about a file. 69. tree - Display directories as a tree. 70. file
-
Determine a file’s type. 71. basename - Extract the filename from a path.
72.
dirname - Extract the directory part of a path.
System Monitoring
+
73. vmstat - Display virtual memory statistics. 74. htop - Interactive
process
viewer (alternative to top). 75. lsof - List open files. 76. dmesg - Print
kernel
ring buffer messages. 77. uptime - Show how long the system has been
running. 78.
iotop - Display real-time disk I/O by processes.
Package Management
+
79. apt - Package manager for Debian-based distributions. 80. yum/dnf -
Package
manager for RHEL-based distributions. 81. snap - Manage snap packages. 82.
rpm -
Manage RPM packages.
Disk and Filesystem
+
83. mount/umount - Mount or unmount filesystems. 84. fsck - Check and repair
filesystems. 85. mkfs - Create a new filesystem. 86. blkid - Display
information
about block devices. 87. lsblk - List information about block devices. 88.
parted -
Manage partitions interactively.
Scripting and Automation
+
89. bash - Command interpreter and scripting shell. 90. sh - Legacy shell
interpreter. 91. cron - Automate tasks. 92. alias - Create shortcuts for
commands.
93. source - Execute commands from a file in the current shell.
Development and Debugging
+
94. gcc - Compile C programs. 95. make - Build and manage projects. 96.
strace -
Trace system calls and signals. 97. gdb - Debug programs. 98. git - Version
control
system. 99. vim/nano - Text editors for scripting and editing.
Other Useful Commands
+
100. uptime - Display system uptime. 101. date - Display or set the system
date and
time. 102. cal - Display a calendar. 103. man - Display the manual for a
command.
104. history - Show previously executed commands. 105. alias - Create custom
shortcuts for commands.
Basic Git Commands
+
Git is your code time machine. It tracks every change, enables team
collaboration
without conflicts, and lets you undo mistakes. These commands help manage
source
code versions like a professional developer. 1. git init Initializes a new
Git
repository in the current directory. Example: git init 2. git clone Copies a
remote
repository to the local machine. Example: git clone
https://github.com/user/repo.git
3. git status Displays the state of the working directory and staging area.
Example:
git status 4. git add Adds changes to the staging area. Example: git add
file.txt 5.
git commit Records changes to the repository. Example: git commit -m
"Initial
commit" 6. git config Configures user settings, such as name and email.
Example: git
config --global user.name "Your Name" 7. git log Shows the commit history.
Example:
git log 8. git show Displays detailed information about a specific commit.
Example:
git show 9. git diff Shows changes between commits, the working directory,
and the
staging area. Example: git diff 10. git reset Unstages changes or resets
commits.
Example: git reset HEAD file.txt
Branching and Merging
+
11. git branch Lists branches or creates a new branch. Example: git branch
feature-branch 12. git checkout Switches between branches or restores files.
Example: git checkout feature-branch 13. git switch Switches branches
(modern
alternative to git checkout). Example: git switch feature-branch 14. git
merge
Combines changes from one branch into another. Example: git merge
feature-branch 15.
git rebase Moves or combines commits from one branch onto another. Example:
git
rebase main 16. git cherry-pick Applies specific commits from one branch to
another.
Example: git cherry-pick
Remote Repositories
+
17. git remote Manages remote repository connections. Example: git remote
add origin
https://github.com/user/repo.git 18. git push Sends changes to a remote
repository.
Example: git push origin main 19. git pull Fetches and merges changes from a
remote
repository. Example: git pull origin main 20. git fetch Downloads changes
from a
remote repository without merging. Example: git fetch origin 21. git remote
-v Lists
the URLs of remote repositories. Example: git remote -v
Stashing and Cleaning
+
22. git stash Temporarily saves changes not yet committed. Example: git
stash 23.
git stash pop Applies stashed changes and removes them from the stash list.
Example:
git stash pop 24. git stash list Lists all stashes. Example: git stash list
25. git
clean Removes untracked files from the working directory. Example: git clean
-f
Tagging
+
26. git tag Creates a tag for a specific commit. Example: git tag -a v1.0 -m
"Version 1.0" 27. git tag -d Deletes a tag. Example: git tag -d v1.0 28. git
push
--tags Pushes tags to a remote repository. Example: git push origin --tags
Advanced Commands
+
29. git bisect Finds the commit that introduced a bug. Example: git bisect
start 30.
git blame Shows which commit and author modified each line of a file.
Example: git
blame file.txt 31. git reflog Shows a log of changes to the tip of branches.
Example: git reflog 32. git submodule Manages external repositories as
submodules.
Example: git submodule add https://github.com/user/repo.git 33. git archive
Creates
an archive of the repository files. Example: git archive --format=zip HEAD >
archive.zip 34. git gc Cleans up unnecessary files and optimizes the
repository.
Example: git gc
GitHub-Specific Commands
+
35. gh auth login Logs into GitHub via the command line. Example: gh auth
login 36.
gh repo clone Clones a GitHub repository. Example: gh repo clone user/repo
37. gh
issue list Lists issues in a GitHub repository. Example: gh issue list 38.
gh pr
create Creates a pull request on GitHub. Example: gh pr create --title "New
Feature"
--body "Description of the feature" 39. gh repo create Creates a new GitHub
repository. Example: gh repo create my-repo
Basic Docker Commands -
+
Docker packages applications into portable containers - like shipping
containers for
software. These commands help build, ship, and run applications consistently
across
any environment. 1. docker --version Displays the installed Docker version.
Example:
docker --version 2. docker info Shows system-wide information about Docker,
such as
the number of containers and images. Example: docker info 3. docker pull
Downloads
an image from a Docker registry (default: Docker Hub). Example: docker pull
ubuntu:latest 4. docker images Lists all downloaded images. Example: docker
images
5. docker run Creates and starts a new container from an image. Example:
docker run
-it ubuntu bash 6. docker ps Lists running containers. Example: docker ps 7.
docker
ps -a Lists all containers, including stopped ones. Example: docker ps -a 8.
docker
stop Stops a running container. Example: docker stop container_name 9.
docker start
Starts a stopped container. Example: docker start container_name 10. docker
rm
Removes a container. Example: docker rm container_name 11. docker rmi
Removes an
image. Example: docker rmi image_name 12. docker exec Runs a command inside
a
running container. Example: docker exec -it container_name bash
Intermediate Docker Commands
+
13. docker build Builds an image from a Dockerfile. Example: docker build -t
my_image . 14. docker commit Creates a new image from a container’s changes.
Example: docker commit container_name my_image:tag 15. docker logs Fetches
logs from
a container. Example: docker logs container_name 16. docker inspect Returns
detailed
information about an object (container or image). Example: docker inspect
container_name 17. docker stats Displays live resource usage statistics of
running
containers. Example: docker stats 18. docker cp Copies files between a
container and
the host. Example: docker cp container_name:/path/in/container /path/on/host
19.
docker rename Renames a container. Example: docker rename old_name new_name
20.
docker network ls Lists all Docker networks. Example: docker network ls 21.
docker
network create Creates a new Docker network. Example: docker network create
my_network 22. docker network inspect Shows details about a Docker network.
Example:
docker network inspect my_network 23. docker network connect Connects a
container to
a network. Example: docker network connect my_network container_name 24.
docker
volume ls Lists all Docker volumes. Example: docker volume ls 25. docker
volume
create Creates a new Docker volume. Example: docker volume create my_volume
26.
docker volume inspect Provides details about a volume. Example: docker
volume
inspect my_volume 27. docker volume rm Removes a Docker volume. Example:
docker
volume rm my_volume
Advanced Docker Commands
+
28. docker-compose up Starts services defined in a docker-compose.yml file.
Example:
docker-compose up 29. docker-compose down Stops and removes services defined
in a
docker-compose.yml file. Example: docker-compose down 30. docker-compose
logs
Displays logs for services managed by Docker Compose. Example:
docker-compose logs
31. docker-compose exec Runs a command in a service’s container. Example:
docker-compose exec service_name bash 32. docker save Exports an image to a
tar
file. Example: docker save -o my_image.tar my_image:tag 33. docker load
Imports an
image from a tar file. Example: docker load < my_image.tar 34. docker export
Exports a container’s filesystem as a tar file. Example: docker export
container_name>
container.tar 35. docker import Creates an image from an exported
container.
Example: docker import container.tar my_new_image 36. docker system df
Displays
disk usage by Docker objects. Example: docker system df 37. docker
system prune
Cleans up unused Docker resources (images, containers, volumes,
networks).
Example: docker system prune 38. docker tag Assigns a new tag to an
image.
Example: docker tag old_image_name new_image_name 39. docker push
Uploads an
image to a Docker registry. Example: docker push my_image:tag 40. docker
login
Logs into a Docker registry. Example: docker login 41. docker logout
Logs out of
a Docker registry. Example: docker logout 42. docker swarm init
Initializes a
Docker Swarm mode cluster. Example: docker swarm init 43. docker service
create
Creates a new service in Swarm mode. Example: docker service create
--name
my_service nginx 44. docker stack deploy Deploys a stack using a Compose
file in
Swarm mode. Example: docker stack deploy -c docker-compose.yml my_stack
45.
docker stack rm Removes a stack in Swarm mode. Example: docker stack rm
my_stack
46. docker checkpoint create Creates a checkpoint for a container.
Example:
docker checkpoint create container_name checkpoint_name 47. docker
checkpoint ls
Lists checkpoints for a container. Example: docker checkpoint ls
container_name
48. docker checkpoint rm Removes a checkpoint. Example: docker
checkpoint rm
container_name checkpoint_name
Basic Kubernetes Commands -
+
Kubernetes is the conductor of your container orchestra. It automates
deployment,
scaling, and management of containerized applications across server
clusters. 1.
kubectl version Displays the Kubernetes client and server version. Example:
kubectl
version --short 2. kubectl cluster-info Shows information about the
Kubernetes
cluster. Example: kubectl cluster-info 3. kubectl get nodes Lists all nodes
in the
cluster. Example: kubectl get nodes 4. kubectl get pods Lists all pods in
the
default namespace. Example: kubectl get pods 5. kubectl get services Lists
all
services in the default namespace. Example: kubectl get services 6. kubectl
get
namespaces Lists all namespaces in the cluster. Example: kubectl get
namespaces 7.
kubectl describe pod Shows detailed information about a specific pod.
Example:
kubectl describe pod pod-name 8. kubectl logs Displays logs for a specific
pod.
Example: kubectl logs pod-name 9. kubectl create namespace Creates a new
namespace.
Example: kubectl create namespace my-namespace 10. kubectl delete pod
Deletes a
specific pod. Example: kubectl delete pod pod-name
Intermediate Kubernetes Commands
+
11. kubectl apply Applies changes defined in a YAML file. Example: kubectl
apply -f
deployment.yaml 12. kubectl delete Deletes resources defined in a YAML file.
Example: kubectl delete -f deployment.yaml 13. kubectl scale Scales a
deployment to
the desired number of replicas. Example: kubectl scale deployment
my-deployment
--replicas=3 14. kubectl expose Exposes a pod or deployment as a service.
Example:
kubectl expose deployment my-deployment --type=LoadBalancer --port=80 15.
kubectl
exec Executes a command in a running pod. Example: kubectl exec -it pod-name
--
/bin/bash 16. kubectl port-forward Forwards a local port to a port in a pod.
Example: kubectl port-forward pod-name 8080:80 17. kubectl get configmaps
Lists all
ConfigMaps in the namespace. Example: kubectl get configmaps 18. kubectl get
secrets
Lists all Secrets in the namespace. Example: kubectl get secrets 19. kubectl
edit
Edits a resource definition directly in the editor. Example: kubectl edit
deployment
my-deployment 20. kubectl rollout status Displays the status of a deployment
rollout. Example: kubectl rollout status deployment/my-deployment
Advanced Kubernetes Commands
+
21. kubectl rollout undo Rolls back a deployment to a previous revision.
Example:
kubectl rollout undo deployment/my-deployment 22. kubectl top nodes Shows
resource
usage for nodes. Example: kubectl top nodes 23. kubectl top pods Displays
resource
usage for pods. Example: kubectl top pods 24. kubectl cordon Marks a node as
unschedulable. Example: kubectl cordon node-name 25. kubectl uncordon Marks
a node
as schedulable. Example: kubectl uncordon node-name 26. kubectl drain Safely
evicts
all pods from a node. Example: kubectl drain node-name --ignore-daemonsets
27.
kubectl taint Adds a taint to a node to control pod placement. Example:
kubectl
taint nodes node-name key=value:NoSchedule 28. kubectl get events Lists all
events
in the cluster. Example: kubectl get events 29. kubectl apply -k Applies
resources
from a kustomization directory. Example: kubectl apply -k
./kustomization-dir/ 30.
kubectl config view Displays the kubeconfig file. Example: kubectl config
view 31.
kubectl config use-context Switches the active context in kubeconfig.
Example:
kubectl config use-context my-cluster 32. kubectl debug Creates a debugging
session
for a pod. Example: kubectl debug pod-name 33. kubectl delete namespace
Deletes a
namespace and its resources. Example: kubectl delete namespace my-namespace
34.
kubectl patch Updates a resource using a patch. Example: kubectl patch
deployment
my-deployment -p '{"spec": {"replicas": 2}}' 35. kubectl rollout history
Shows the
rollout history of a deployment. Example: kubectl rollout history deployment
my-deployment 36. kubectl autoscale Automatically scales a deployment based
on
resource usage. Example: kubectl autoscale deployment my-deployment
--cpu-percent=50
--min=1 --max=10 37. kubectl label Adds or modifies a label on a resource.
Example:
kubectl label pod pod-name environment=production 38. kubectl annotate Adds
or
modifies an annotation on a resource. Example: kubectl annotate pod pod-name
description="My app pod" 39. kubectl delete pv Deletes a PersistentVolume
(PV).
Example: kubectl delete pv my-pv 40. kubectl get ingress Lists all Ingress
resources
in the namespace. Example: kubectl get ingress 41. kubectl create configmap
Creates
a ConfigMap from a file or literal values. Example: kubectl create configmap
my-config --from-literal=key1=value1 42. kubectl create secret Creates a
Secret from
a file or literal values. Example: kubectl create secret generic my-secret
--from-literal=password=myPassword 43. kubectl api-resources Lists all
available API
resources in the cluster. Example: kubectl api-resources 44. kubectl
api-versions
Lists all API versions supported by the cluster. Example: kubectl
api-versions 45.
kubectl get crds Lists all CustomResourceDefinitions (CRDs). Example:
kubectl get
crds
Basic Helm Commands -
+
Helm is the app store for Kubernetes. It simplifies installing and managing
complex
applications using pre-packaged "charts" - think of it like apt-get for
Kubernetes.
1. helm help Displays help for the Helm CLI or a specific command. Example:
helm
help 2. helm version Shows the Helm client and server version. Example: helm
version
3. helm repo add Adds a new chart repository. Example: helm repo add stable
https://charts.helm.sh/stable 4. helm repo update Updates all Helm chart
repositories to the latest version. Example: helm repo update 5. helm repo
list
Lists all the repositories added to Helm. Example: helm repo list 6. helm
search hub
Searches for charts on Helm Hub. Example: helm search hub nginx 7. helm
search repo
Searches for charts in the repositories. Example: helm search repo
stable/nginx 8.
helm show chart Displays information about a chart, including metadata and
dependencies. Example: helm show chart stable/nginx
Installing and Upgrading Charts
+
9. helm install Installs a chart into a Kubernetes cluster. Example: helm
install
my-release stable/nginx 10. helm upgrade Upgrades an existing release with a
new
version of the chart. Example: helm upgrade my-release stable/nginx 11. helm
upgrade
--install Installs a chart if it isn’t installed or upgrades it if it
exists.
Example: helm upgrade --install my-release stable/nginx 12. helm uninstall
Uninstalls a release. Example: helm uninstall my-release 13. helm list Lists
all the
releases installed on the Kubernetes cluster. Example: helm list 14. helm
status
Displays the status of a release. Example: helm status my-release
Working with Helm Charts
+
15. helm create Creates a new Helm chart in a specified directory. Example:
helm
create my-chart 16. helm lint Lints a chart to check for common errors.
Example:
helm lint ./my-chart 17. helm package Packages a chart into a .tgz file.
Example:
helm package ./my-chart 18. helm template Renders the Kubernetes YAML files
from a
chart without installing it. Example: helm template my-release ./my-chart
19. helm
dependency update Updates the dependencies in the Chart.yaml file. Example:
helm
dependency update ./my-chart
Advanced Helm Commands
+
20. helm rollback Rolls back a release to a previous version. Example: helm
rollback
my-release 1 21. helm history Displays the history of a release. Example:
helm
history my-release 22. helm get all Gets all information (including values
and
templates) for a release. Example: helm get all my-release 23. helm get
values
Displays the values used in a release. Example: helm get values my-release
24. helm
test Runs tests defined in a chart. Example: helm test my-release
Helm Chart Repositories
+
25. helm repo remove Removes a chart repository. Example: helm repo remove
stable
26. helm repo update Updates the local cache of chart repositories. Example:
helm
repo update 27. helm repo index Creates or updates the index file for a
chart
repository. Example: helm repo index ./charts
Helm Values and Customization
+
28. helm install --values Installs a chart with custom values. Example: helm
install
my-release stable/nginx --values values.yaml 29. helm upgrade --values
Upgrades a
release with custom values. Example: helm upgrade my-release stable/nginx
--values
values.yaml 30. helm install --set Installs a chart with a custom value set
directly
in the command. Example: helm install my-release stable/nginx --set
replicaCount=3
31. helm upgrade --set Upgrades a release with a custom value set. Example:
helm
upgrade my-release stable/nginx --set replicaCount=5 32. helm uninstall
--purge
Removes a release and deletes associated resources, including the release
history.
Example: helm uninstall my-release --purge
Helm Template and Debugging
+
33. helm template --debug Renders Kubernetes manifests and includes debug
output.
Example: helm template my-release ./my-chart --debug 34. helm install
--dry-run
Simulates the installation process to show what will happen without actually
installing. Example: helm install my-release stable/nginx --dry-run 35. helm
upgrade
--dry-run Simulates an upgrade process without actually applying it.
Example: helm
upgrade my-release stable/nginx --dry-run
Helm and Kubernetes Integration
+
36. helm list --namespace Lists releases in a specific Kubernetes namespace.
Example: helm list --namespace kube-system 37. helm uninstall --namespace
Uninstalls
a release from a specific namespace. Example: helm uninstall my-release
--namespace
kube-system 38. helm install --namespace Installs a chart into a specific
namespace.
Example: helm install my-release stable/nginx --namespace mynamespace 39.
helm
upgrade --namespace Upgrades a release in a specific namespace. Example:
helm
upgrade my-release stable/nginx --namespace mynamespace
Helm Chart Development
+
40. helm package --sign Packages a chart and signs it using a GPG key.
Example: helm
package ./my-chart --sign --key my-key-id 41. helm create --starter Creates
a new
Helm chart based on a starter template. Example: helm create --starter
https://github.com/helm/charts.git 42. helm push Pushes a chart to a Helm
chart
repository. Example: helm push ./my-chart my-repo
Helm with Kubernetes CLI
+
43. helm list -n Lists releases in a specific Kubernetes namespace. Example:
helm
list -n kube-system 44. helm install --kube-context Installs a chart to a
Kubernetes
cluster defined in a specific kubeconfig context. Example: helm install
my-release
stable/nginx --kube-context my-cluster 45. helm upgrade --kube-context
Upgrades a
release in a specific Kubernetes context. Example: helm upgrade my-release
stable/nginx --kube-context my-cluster
Helm Chart Dependencies
+
46. helm dependency build Builds dependencies for a Helm chart. Example:
helm
dependency build ./my-chart 47. helm dependency list Lists all dependencies
for a
chart. Example: helm dependency list ./my-chart
Helm History and Rollbacks
+
48. helm rollback --recreate-pods Rolls back to a previous version and
recreates
pods. Example: helm rollback my-release 2 --recreate-pods 49. helm history
--max
Limits the number of versions shown in the release history. Example: helm
history
my-release --max 5
Basic Terraform Commands -
+
Terraform lets you build cloud infrastructure with code. Instead of clicking
buttons
in AWS/GCP/Azure consoles, you define servers and services in configuration
files.
50. terraform --help = Displays general help for Terraform CLI commands. 51.
terraform init = Initializes the working directory containing Terraform
configuration files. It downloads the necessary provider plugins. 52.
terraform
validate = Validates the Terraform configuration files for syntax errors or
issues.
53. terraform plan - Creates an execution plan, showing what actions
Terraform will
perform to make the infrastructure match the desired configuration. 54.
terraform
apply = Applies the changes required to reach the desired state of the
configuration. It will prompt for approval before making changes. 55.
terraform show
= Displays the Terraform state or a plan in a human-readable format. 56.
terraform
output = Displays the output values defined in the Terraform configuration
after an
apply. 57. terraform destroy = Destroys the infrastructure defined in the
Terraform
configuration. It prompts for confirmation before destroying resources. 58.
terraform refresh = Updates the state file with the real infrastructure's
current
state without applying changes. 59. terraform taint = Marks a resource for
recreation on the next apply. Useful for forcing a resource to be recreated
even if
it hasn't been changed. 60. terraform untaint = Removes the "tainted" status
from a
resource. 61. terraform state = Manages Terraform state files, such as
moving
resources between modules or manually 62. terraform import = Imports
existing
infrastructure into Terraform management. 63. terraform graph = Generates a
graphical representation of Terraform's resources and their relationships.
64.
terraform providers = Lists the providers available for the current
Terraform
configuration. 65. terraform state list = Lists all resources tracked in the
Terraform state file. 66. terraform backend = Configures the backend for
storing
Terraform state remotely (e.g., in S3, Azure Blob Storage, etc.). 67.
terraform
state mv = Moves an item in the state from one location to another. 68.
terraform
state rm = Removes an item from the Terraform state file. 69. terraform
workspace =
Manages Terraform workspaces, which allow for creating separate environments
within
a single configuration. 70. terraform workspace new = Creates a new
workspace. 71.
terraform module = Manages and updates Terraform modules, which are reusable
configurations. 72. terraform init -get-plugins=true = Ensures that required
plugins
are fetched and available for modules. 73. TF_LOG = Sets the logging level
for
Terraform debug output (e.g., TRACE, DEBUG, INFO, WARN, ERROR). 74.
TF_LOG_PATH =
Directs Terraform logs to a specified file. 75. terraform login = Logs into
Terraform Cloud or Terraform Enterprise for managing remote backends and
workspaces.
76. terraform remote = Manages remote backends and remote state storage for
Terraform configurations. terraform push = Pushes Terraform modules to a
remote
module registry.
Basic Linux Commands -
+
Linux is the foundation of DevOps operations - it's like a Swiss Army knife
for
servers. These commands help you navigate systems, manage files, configure
permissions, and automate tasks in terminal environments. 1. pwd - Print the
current
working directory. 2. ls - List files and directories. 3. cd - Change
directory. 4.
touch - Create an empty file. 5. mkdir - Create a new directory. 6. rm -
Remove
files or directories. 7. rmdir - Remove empty directories. 8. cp - Copy
files or
directories. 9. mv - Move or rename files and directories. 10. cat - Display
the
content of a file. 11. echo - Display a line of text. 12. clear - Clear the
terminal
screen.
Intermediate Linux Commands
+
13. chmod - Change file permissions. 14. chown - Change file ownership. 15.
find -
Search for files and directories. 16. grep - Search for text in a file. 17.
wc -
Count lines, words, and characters in a file. 18. head - Display the first
few lines
of a file. 19. tail - Display the last few lines of a file. 20. sort - Sort
the
contents of a file. 21. uniq - Remove duplicate lines from a file. 22. diff
-
Compare two files line by line. 23. tar - Archive files into a tarball. 24.
zip/unzip - Compress and extract ZIP files. 25. df - Display disk space
usage. 26.
du - Display directory size. 27. top - Monitor system processes in real
time. 28. ps
- Display active processes. 29. kill - Terminate a process by its PID. 30.
ping -
Check network connectivity. 31. wget - Download files from the internet. 32.
curl -
Transfer data from or to a server. 33. scp - Securely copy files between
systems.
34. rsync - Synchronize files and directories.
Advanced Linux Commands
+
35. awk - Text processing and pattern scanning. 36. sed - Stream editor for
filtering and transforming text. 37. cut - Remove sections from each line of
a file.
38. tr - Translate or delete characters. 39. xargs - Build and execute
command lines
from standard input. 40. ln - Create symbolic or hard links. 41. df -h -
Display
disk usage in human-readable format. 42. free - Display memory usage. 43.
iostat -
Display CPU and I/O statistics. 44. netstat - Network statistics (use ss as
modern
alternative). 45. ifconfig/ip - Configure network interfaces (use ip as
modern
alternative). 46. iptables - Configure firewall rules. 47. systemctl -
Control the
systemd system and service manager. 48. journalctl - View system logs. 49.
crontab -
Schedule recurring tasks. 50. at - Schedule tasks for a specific time. 51.
uptime -
Display system uptime. 52. whoami - Display the current user. 53. users -
List all
users currently logged in. 54. hostname - Display or set the system
hostname. 55.
env - Display environment variables. 56. export - Set environment variables.
Networking Commands
+
57. ip addr - Display or configure IP addresses. 58. ip route - Show or
manipulate
routing tables. 59. traceroute - Trace the route packets take to a host. 60.
nslookup - Query DNS records. 61. dig - Query DNS servers. 62. ssh - Connect
to a
remote server via SSH. 63. ftp - Transfer files using the FTP protocol. 64.
nmap -
Network scanning and discovery. 65. telnet - Communicate with remote hosts.
66.
netcat (nc) - Read/write data over networks.
File Management and Search
+
67. locate - Find files quickly using a database. 68. stat - Display
detailed
information about a file. 69. tree - Display directories as a tree. 70. file
-
Determine a file’s type. 71. basename - Extract the filename from a path.
72.
dirname - Extract the directory part of a path.
System Monitoring
+
73. vmstat - Display virtual memory statistics. 74. htop - Interactive
process
viewer (alternative to top). 75. lsof - List open files. 76. dmesg - Print
kernel
ring buffer messages. 77. uptime - Show how long the system has been
running. 78.
iotop - Display real-time disk I/O by processes.
Package Management
+
79. apt - Package manager for Debian-based distributions. 80. yum/dnf -
Package
manager for RHEL-based distributions. 81. snap - Manage snap packages. 82.
rpm -
Manage RPM packages.
Disk and Filesystem
+
83. mount/umount - Mount or unmount filesystems. 84. fsck - Check and repair
filesystems. 85. mkfs - Create a new filesystem. 86. blkid - Display
information
about block devices. 87. lsblk - List information about block devices. 88.
parted -
Manage partitions interactively.
Scripting and Automation
+
89. bash - Command interpreter and scripting shell. 90. sh - Legacy shell
interpreter. 91. cron - Automate tasks. 92. alias - Create shortcuts for
commands.
93. source - Execute commands from a file in the current shell.
Development and Debugging
+
94. gcc - Compile C programs. 95. make - Build and manage projects. 96.
strace -
Trace system calls and signals. 97. gdb - Debug programs. 98. git - Version
control
system. 99. vim/nano - Text editors for scripting and editing.
Other Useful Commands
+
100. uptime - Display system uptime. 101. date - Display or set the system
date and
time. 102. cal - Display a calendar. 103. man - Display the manual for a
command.
104. history - Show previously executed commands. 105. alias - Create custom
shortcuts for commands.
Basic Git Commands
+
Git is your code time machine. It tracks every change, enables team
collaboration
without conflicts, and lets you undo mistakes. These commands help manage
source
code versions like a professional developer. 1. git init Initializes a new
Git
repository in the current directory. Example: git init 2. git clone Copies a
remote
repository to the local machine. Example: git clone
https://github.com/user/repo.git
3. git status Displays the state of the working directory and staging area.
Example:
git status 4. git add Adds changes to the staging area. Example: git add
file.txt 5.
git commit Records changes to the repository. Example: git commit -m
"Initial
commit" 6. git config Configures user settings, such as name and email.
Example: git
config --global user.name "Your Name" 7. git log Shows the commit history.
Example:
git log 8. git show Displays detailed information about a specific commit.
Example:
git show 9. git diff Shows changes between commits, the working directory,
and the
staging area. Example: git diff 10. git reset Unstages changes or resets
commits.
Example: git reset HEAD file.txt
Branching and Merging
+
11. git branch Lists branches or creates a new branch. Example: git branch
feature-branch 12. git checkout Switches between branches or restores files.
Example: git checkout feature-branch 13. git switch Switches branches
(modern
alternative to git checkout). Example: git switch feature-branch 14. git
merge
Combines changes from one branch into another. Example: git merge
feature-branch 15.
git rebase Moves or combines commits from one branch onto another. Example:
git
rebase main 16. git cherry-pick Applies specific commits from one branch to
another.
Example: git cherry-pick
Remote Repositories
+
17. git remote Manages remote repository connections. Example: git remote
add origin
https://github.com/user/repo.git 18. git push Sends changes to a remote
repository.
Example: git push origin main 19. git pull Fetches and merges changes from a
remote
repository. Example: git pull origin main 20. git fetch Downloads changes
from a
remote repository without merging. Example: git fetch origin 21. git remote
-v Lists
the URLs of remote repositories. Example: git remote -v
Stashing and Cleaning
+
22. git stash Temporarily saves changes not yet committed. Example: git
stash 23.
git stash pop Applies stashed changes and removes them from the stash list.
Example:
git stash pop 24. git stash list Lists all stashes. Example: git stash list
25. git
clean Removes untracked files from the working directory. Example: git clean
-f
Tagging
+
26. git tag Creates a tag for a specific commit. Example: git tag -a v1.0 -m
"Version 1.0" 27. git tag -d Deletes a tag. Example: git tag -d v1.0 28. git
push
--tags Pushes tags to a remote repository. Example: git push origin --tags
Advanced Commands
+
29. git bisect Finds the commit that introduced a bug. Example: git bisect
start 30.
git blame Shows which commit and author modified each line of a file.
Example: git
blame file.txt 31. git reflog Shows a log of changes to the tip of branches.
Example: git reflog 32. git submodule Manages external repositories as
submodules.
Example: git submodule add https://github.com/user/repo.git 33. git archive
Creates
an archive of the repository files. Example: git archive --format=zip HEAD >
archive.zip 34. git gc Cleans up unnecessary files and optimizes the
repository.
Example: git gc
GitHub-Specific Commands
+
35. gh auth login Logs into GitHub via the command line. Example: gh auth
login 36.
gh repo clone Clones a GitHub repository. Example: gh repo clone user/repo
37. gh
issue list Lists issues in a GitHub repository. Example: gh issue list 38.
gh pr
create Creates a pull request on GitHub. Example: gh pr create --title "New
Feature"
--body "Description of the feature" 39. gh repo create Creates a new GitHub
repository. Example: gh repo create my-repo
Basic Docker Commands -
+
Docker packages applications into portable containers - like shipping
containers for
software. These commands help build, ship, and run applications consistently
across
any environment. 1. docker --version Displays the installed Docker version.
Example:
docker --version 2. docker info Shows system-wide information about Docker,
such as
the number of containers and images. Example: docker info 3. docker pull
Downloads
an image from a Docker registry (default: Docker Hub). Example: docker pull
ubuntu:latest 4. docker images Lists all downloaded images. Example: docker
images
5. docker run Creates and starts a new container from an image. Example:
docker run
-it ubuntu bash 6. docker ps Lists running containers. Example: docker ps 7.
docker
ps -a Lists all containers, including stopped ones. Example: docker ps -a 8.
docker
stop Stops a running container. Example: docker stop container_name 9.
docker start
Starts a stopped container. Example: docker start container_name 10. docker
rm
Removes a container. Example: docker rm container_name 11. docker rmi
Removes an
image. Example: docker rmi image_name 12. docker exec Runs a command inside
a
running container. Example: docker exec -it container_name bash
Intermediate Docker Commands
+
13. docker build Builds an image from a Dockerfile. Example: docker build -t
my_image . 14. docker commit Creates a new image from a container’s changes.
Example: docker commit container_name my_image:tag 15. docker logs Fetches
logs from
a container. Example: docker logs container_name 16. docker inspect Returns
detailed
information about an object (container or image). Example: docker inspect
container_name 17. docker stats Displays live resource usage statistics of
running
containers. Example: docker stats 18. docker cp Copies files between a
container and
the host. Example: docker cp container_name:/path/in/container /path/on/host
19.
docker rename Renames a container. Example: docker rename old_name new_name
20.
docker network ls Lists all Docker networks. Example: docker network ls 21.
docker
network create Creates a new Docker network. Example: docker network create
my_network 22. docker network inspect Shows details about a Docker network.
Example:
docker network inspect my_network 23. docker network connect Connects a
container to
a network. Example: docker network connect my_network container_name 24.
docker
volume ls Lists all Docker volumes. Example: docker volume ls 25. docker
volume
create Creates a new Docker volume. Example: docker volume create my_volume
26.
docker volume inspect Provides details about a volume. Example: docker
volume
inspect my_volume 27. docker volume rm Removes a Docker volume. Example:
docker
volume rm my_volume
Advanced Docker Commands
+
28. docker-compose up Starts services defined in a docker-compose.yml file.
Example:
docker-compose up 29. docker-compose down Stops and removes services defined
in a
docker-compose.yml file. Example: docker-compose down 30. docker-compose
logs
Displays logs for services managed by Docker Compose. Example:
docker-compose logs
31. docker-compose exec Runs a command in a service’s container. Example:
docker-compose exec service_name bash 32. docker save Exports an image to a
tar
file. Example: docker save -o my_image.tar my_image:tag 33. docker load
Imports an
image from a tar file. Example: docker load < my_image.tar 34. docker export
Exports a container’s filesystem as a tar file. Example: docker export
container_name>
container.tar 35. docker import Creates an image from an exported
container.
Example: docker import container.tar my_new_image 36. docker system df
Displays
disk usage by Docker objects. Example: docker system df 37. docker
system prune
Cleans up unused Docker resources (images, containers, volumes,
networks).
Example: docker system prune 38. docker tag Assigns a new tag to an
image.
Example: docker tag old_image_name new_image_name 39. docker push
Uploads an
image to a Docker registry. Example: docker push my_image:tag 40. docker
login
Logs into a Docker registry. Example: docker login 41. docker logout
Logs out of
a Docker registry. Example: docker logout 42. docker swarm init
Initializes a
Docker Swarm mode cluster. Example: docker swarm init 43. docker service
create
Creates a new service in Swarm mode. Example: docker service create
--name
my_service nginx 44. docker stack deploy Deploys a stack using a Compose
file in
Swarm mode. Example: docker stack deploy -c docker-compose.yml my_stack
45.
docker stack rm Removes a stack in Swarm mode. Example: docker stack rm
my_stack
46. docker checkpoint create Creates a checkpoint for a container.
Example:
docker checkpoint create container_name checkpoint_name 47. docker
checkpoint ls
Lists checkpoints for a container. Example: docker checkpoint ls
container_name
48. docker checkpoint rm Removes a checkpoint. Example: docker
checkpoint rm
container_name checkpoint_name
Basic Kubernetes Commands -
+
Kubernetes is the conductor of your container orchestra. It automates
deployment,
scaling, and management of containerized applications across server
clusters. 1.
kubectl version Displays the Kubernetes client and server version. Example:
kubectl
version --short 2. kubectl cluster-info Shows information about the
Kubernetes
cluster. Example: kubectl cluster-info 3. kubectl get nodes Lists all nodes
in the
cluster. Example: kubectl get nodes 4. kubectl get pods Lists all pods in
the
default namespace. Example: kubectl get pods 5. kubectl get services Lists
all
services in the default namespace. Example: kubectl get services 6. kubectl
get
namespaces Lists all namespaces in the cluster. Example: kubectl get
namespaces 7.
kubectl describe pod Shows detailed information about a specific pod.
Example:
kubectl describe pod pod-name 8. kubectl logs Displays logs for a specific
pod.
Example: kubectl logs pod-name 9. kubectl create namespace Creates a new
namespace.
Example: kubectl create namespace my-namespace 10. kubectl delete pod
Deletes a
specific pod. Example: kubectl delete pod pod-name
Intermediate Kubernetes Commands
+
11. kubectl apply Applies changes defined in a YAML file. Example: kubectl
apply -f
deployment.yaml 12. kubectl delete Deletes resources defined in a YAML file.
Example: kubectl delete -f deployment.yaml 13. kubectl scale Scales a
deployment to
the desired number of replicas. Example: kubectl scale deployment
my-deployment
--replicas=3 14. kubectl expose Exposes a pod or deployment as a service.
Example:
kubectl expose deployment my-deployment --type=LoadBalancer --port=80 15.
kubectl
exec Executes a command in a running pod. Example: kubectl exec -it pod-name
--
/bin/bash 16. kubectl port-forward Forwards a local port to a port in a pod.
Example: kubectl port-forward pod-name 8080:80 17. kubectl get configmaps
Lists all
ConfigMaps in the namespace. Example: kubectl get configmaps 18. kubectl get
secrets
Lists all Secrets in the namespace. Example: kubectl get secrets 19. kubectl
edit
Edits a resource definition directly in the editor. Example: kubectl edit
deployment
my-deployment 20. kubectl rollout status Displays the status of a deployment
rollout. Example: kubectl rollout status deployment/my-deployment
Advanced Kubernetes Commands
+
21. kubectl rollout undo Rolls back a deployment to a previous revision.
Example:
kubectl rollout undo deployment/my-deployment 22. kubectl top nodes Shows
resource
usage for nodes. Example: kubectl top nodes 23. kubectl top pods Displays
resource
usage for pods. Example: kubectl top pods 24. kubectl cordon Marks a node as
unschedulable. Example: kubectl cordon node-name 25. kubectl uncordon Marks
a node
as schedulable. Example: kubectl uncordon node-name 26. kubectl drain Safely
evicts
all pods from a node. Example: kubectl drain node-name --ignore-daemonsets
27.
kubectl taint Adds a taint to a node to control pod placement. Example:
kubectl
taint nodes node-name key=value:NoSchedule 28. kubectl get events Lists all
events
in the cluster. Example: kubectl get events 29. kubectl apply -k Applies
resources
from a kustomization directory. Example: kubectl apply -k
./kustomization-dir/ 30.
kubectl config view Displays the kubeconfig file. Example: kubectl config
view 31.
kubectl config use-context Switches the active context in kubeconfig.
Example:
kubectl config use-context my-cluster 32. kubectl debug Creates a debugging
session
for a pod. Example: kubectl debug pod-name 33. kubectl delete namespace
Deletes a
namespace and its resources. Example: kubectl delete namespace my-namespace
34.
kubectl patch Updates a resource using a patch. Example: kubectl patch
deployment
my-deployment -p '{"spec": {"replicas": 2}}' 35. kubectl rollout history
Shows the
rollout history of a deployment. Example: kubectl rollout history deployment
my-deployment 36. kubectl autoscale Automatically scales a deployment based
on
resource usage. Example: kubectl autoscale deployment my-deployment
--cpu-percent=50
--min=1 --max=10 37. kubectl label Adds or modifies a label on a resource.
Example:
kubectl label pod pod-name environment=production 38. kubectl annotate Adds
or
modifies an annotation on a resource. Example: kubectl annotate pod pod-name
description="My app pod" 39. kubectl delete pv Deletes a PersistentVolume
(PV).
Example: kubectl delete pv my-pv 40. kubectl get ingress Lists all Ingress
resources
in the namespace. Example: kubectl get ingress 41. kubectl create configmap
Creates
a ConfigMap from a file or literal values. Example: kubectl create configmap
my-config --from-literal=key1=value1 42. kubectl create secret Creates a
Secret from
a file or literal values. Example: kubectl create secret generic my-secret
--from-literal=password=myPassword 43. kubectl api-resources Lists all
available API
resources in the cluster. Example: kubectl api-resources 44. kubectl
api-versions
Lists all API versions supported by the cluster. Example: kubectl
api-versions 45.
kubectl get crds Lists all CustomResourceDefinitions (CRDs). Example:
kubectl get
crds
Basic Helm Commands -
+
Helm is the app store for Kubernetes. It simplifies installing and managing
complex
applications using pre-packaged "charts" - think of it like apt-get for
Kubernetes.
1. helm help Displays help for the Helm CLI or a specific command. Example:
helm
help 2. helm version Shows the Helm client and server version. Example: helm
version
3. helm repo add Adds a new chart repository. Example: helm repo add stable
https://charts.helm.sh/stable 4. helm repo update Updates all Helm chart
repositories to the latest version. Example: helm repo update 5. helm repo
list
Lists all the repositories added to Helm. Example: helm repo list 6. helm
search hub
Searches for charts on Helm Hub. Example: helm search hub nginx 7. helm
search repo
Searches for charts in the repositories. Example: helm search repo
stable/nginx 8.
helm show chart Displays information about a chart, including metadata and
dependencies. Example: helm show chart stable/nginx
Installing and Upgrading Charts
+
9. helm install Installs a chart into a Kubernetes cluster. Example: helm
install
my-release stable/nginx 10. helm upgrade Upgrades an existing release with a
new
version of the chart. Example: helm upgrade my-release stable/nginx 11. helm
upgrade
--install Installs a chart if it isn’t installed or upgrades it if it
exists.
Example: helm upgrade --install my-release stable/nginx 12. helm uninstall
Uninstalls a release. Example: helm uninstall my-release 13. helm list Lists
all the
releases installed on the Kubernetes cluster. Example: helm list 14. helm
status
Displays the status of a release. Example: helm status my-release
Working with Helm Charts
+
15. helm create Creates a new Helm chart in a specified directory. Example:
helm
create my-chart 16. helm lint Lints a chart to check for common errors.
Example:
helm lint ./my-chart 17. helm package Packages a chart into a .tgz file.
Example:
helm package ./my-chart 18. helm template Renders the Kubernetes YAML files
from a
chart without installing it. Example: helm template my-release ./my-chart
19. helm
dependency update Updates the dependencies in the Chart.yaml file. Example:
helm
dependency update ./my-chart
Advanced Helm Commands
+
20. helm rollback Rolls back a release to a previous version. Example: helm
rollback
my-release 1 21. helm history Displays the history of a release. Example:
helm
history my-release 22. helm get all Gets all information (including values
and
templates) for a release. Example: helm get all my-release 23. helm get
values
Displays the values used in a release. Example: helm get values my-release
24. helm
test Runs tests defined in a chart. Example: helm test my-release
Helm Chart Repositories
+
25. helm repo remove Removes a chart repository. Example: helm repo remove
stable
26. helm repo update Updates the local cache of chart repositories. Example:
helm
repo update 27. helm repo index Creates or updates the index file for a
chart
repository. Example: helm repo index ./charts
Helm Values and Customization
+
28. helm install --values Installs a chart with custom values. Example: helm
install
my-release stable/nginx --values values.yaml 29. helm upgrade --values
Upgrades a
release with custom values. Example: helm upgrade my-release stable/nginx
--values
values.yaml 30. helm install --set Installs a chart with a custom value set
directly
in the command. Example: helm install my-release stable/nginx --set
replicaCount=3
31. helm upgrade --set Upgrades a release with a custom value set. Example:
helm
upgrade my-release stable/nginx --set replicaCount=5 32. helm uninstall
--purge
Removes a release and deletes associated resources, including the release
history.
Example: helm uninstall my-release --purge
Helm Template and Debugging
+
33. helm template --debug Renders Kubernetes manifests and includes debug
output.
Example: helm template my-release ./my-chart --debug 34. helm install
--dry-run
Simulates the installation process to show what will happen without actually
installing. Example: helm install my-release stable/nginx --dry-run 35. helm
upgrade
--dry-run Simulates an upgrade process without actually applying it.
Example: helm
upgrade my-release stable/nginx --dry-run
Helm and Kubernetes Integration
+
36. helm list --namespace Lists releases in a specific Kubernetes namespace.
Example: helm list --namespace kube-system 37. helm uninstall --namespace
Uninstalls
a release from a specific namespace. Example: helm uninstall my-release
--namespace
kube-system 38. helm install --namespace Installs a chart into a specific
namespace.
Example: helm install my-release stable/nginx --namespace mynamespace 39.
helm
upgrade --namespace Upgrades a release in a specific namespace. Example:
helm
upgrade my-release stable/nginx --namespace mynamespace
Helm Chart Development
+
40. helm package --sign Packages a chart and signs it using a GPG key.
Example: helm
package ./my-chart --sign --key my-key-id 41. helm create --starter Creates
a new
Helm chart based on a starter template. Example: helm create --starter
https://github.com/helm/charts.git 42. helm push Pushes a chart to a Helm
chart
repository. Example: helm push ./my-chart my-repo
Helm with Kubernetes CLI
+
43. helm list -n Lists releases in a specific Kubernetes namespace. Example:
helm
list -n kube-system 44. helm install --kube-context Installs a chart to a
Kubernetes
cluster defined in a specific kubeconfig context. Example: helm install
my-release
stable/nginx --kube-context my-cluster 45. helm upgrade --kube-context
Upgrades a
release in a specific Kubernetes context. Example: helm upgrade my-release
stable/nginx --kube-context my-cluster
Helm Chart Dependencies
+
46. helm dependency build Builds dependencies for a Helm chart. Example:
helm
dependency build ./my-chart 47. helm dependency list Lists all dependencies
for a
chart. Example: helm dependency list ./my-chart
Helm History and Rollbacks
+
48. helm rollback --recreate-pods Rolls back to a previous version and
recreates
pods. Example: helm rollback my-release 2 --recreate-pods 49. helm history
--max
Limits the number of versions shown in the release history. Example: helm
history
my-release --max 5
Basic Terraform Commands -
+
Terraform lets you build cloud infrastructure with code. Instead of clicking
buttons
in AWS/GCP/Azure consoles, you define servers and services in configuration
files.
50. terraform --help = Displays general help for Terraform CLI commands. 51.
terraform init = Initializes the working directory containing Terraform
configuration files. It downloads the necessary provider plugins. 52.
terraform
validate = Validates the Terraform configuration files for syntax errors or
issues.
53. terraform plan - Creates an execution plan, showing what actions
Terraform will
perform to make the infrastructure match the desired configuration. 54.
terraform
apply = Applies the changes required to reach the desired state of the
configuration. It will prompt for approval before making changes. 55.
terraform show
= Displays the Terraform state or a plan in a human-readable format. 56.
terraform
output = Displays the output values defined in the Terraform configuration
after an
apply. 57. terraform destroy = Destroys the infrastructure defined in the
Terraform
configuration. It prompts for confirmation before destroying resources. 58.
terraform refresh = Updates the state file with the real infrastructure's
current
state without applying changes. 59. terraform taint = Marks a resource for
recreation on the next apply. Useful for forcing a resource to be recreated
even if
it hasn't been changed. 60. terraform untaint = Removes the "tainted" status
from a
resource. 61. terraform state = Manages Terraform state files, such as
moving
resources between modules or manually 62. terraform import = Imports
existing
infrastructure into Terraform management. 63. terraform graph = Generates a
graphical representation of Terraform's resources and their relationships.
64.
terraform providers = Lists the providers available for the current
Terraform
configuration. 65. terraform state list = Lists all resources tracked in the
Terraform state file. 66. terraform backend = Configures the backend for
storing
Terraform state remotely (e.g., in S3, Azure Blob Storage, etc.). 67.
terraform
state mv = Moves an item in the state from one location to another. 68.
terraform
state rm = Removes an item from the Terraform state file. 69. terraform
workspace =
Manages Terraform workspaces, which allow for creating separate environments
within
a single configuration. 70. terraform workspace new = Creates a new
workspace. 71.
terraform module = Manages and updates Terraform modules, which are reusable
configurations. 72. terraform init -get-plugins=true = Ensures that required
plugins
are fetched and available for modules. 73. TF_LOG = Sets the logging level
for
Terraform debug output (e.g., TRACE, DEBUG, INFO, WARN, ERROR). 74.
TF_LOG_PATH =
Directs Terraform logs to a specified file. 75. terraform login = Logs into
Terraform Cloud or Terraform Enterprise for managing remote backends and
workspaces.
76. terraform remote = Manages remote backends and remote state storage for
Terraform configurations. terraform push = Pushes Terraform modules to a
remote
module registry.
Basic Linux Commands -
+
Linux is the foundation of DevOps operations - it's like a Swiss Army knife
for
servers. These commands help you navigate systems, manage files, configure
permissions, and automate tasks in terminal environments. 1. pwd - Print the
current
working directory. 2. ls - List files and directories. 3. cd - Change
directory. 4.
touch - Create an empty file. 5. mkdir - Create a new directory. 6. rm -
Remove
files or directories. 7. rmdir - Remove empty directories. 8. cp - Copy
files or
directories. 9. mv - Move or rename files and directories. 10. cat - Display
the
content of a file. 11. echo - Display a line of text. 12. clear - Clear the
terminal
screen.
Intermediate Linux Commands
+
13. chmod - Change file permissions. 14. chown - Change file ownership. 15.
find -
Search for files and directories. 16. grep - Search for text in a file. 17.
wc -
Count lines, words, and characters in a file. 18. head - Display the first
few lines
of a file. 19. tail - Display the last few lines of a file. 20. sort - Sort
the
contents of a file. 21. uniq - Remove duplicate lines from a file. 22. diff
-
Compare two files line by line. 23. tar - Archive files into a tarball. 24.
zip/unzip - Compress and extract ZIP files. 25. df - Display disk space
usage. 26.
du - Display directory size. 27. top - Monitor system processes in real
time. 28. ps
- Display active processes. 29. kill - Terminate a process by its PID. 30.
ping -
Check network connectivity. 31. wget - Download files from the internet. 32.
curl -
Transfer data from or to a server. 33. scp - Securely copy files between
systems.
34. rsync - Synchronize files and directories.
Advanced Linux Commands
+
35. awk - Text processing and pattern scanning. 36. sed - Stream editor for
filtering and transforming text. 37. cut - Remove sections from each line of
a file.
38. tr - Translate or delete characters. 39. xargs - Build and execute
command lines
from standard input. 40. ln - Create symbolic or hard links. 41. df -h -
Display
disk usage in human-readable format. 42. free - Display memory usage. 43.
iostat -
Display CPU and I/O statistics. 44. netstat - Network statistics (use ss as
modern
alternative). 45. ifconfig/ip - Configure network interfaces (use ip as
modern
alternative). 46. iptables - Configure firewall rules. 47. systemctl -
Control the
systemd system and service manager. 48. journalctl - View system logs. 49.
crontab -
Schedule recurring tasks. 50. at - Schedule tasks for a specific time. 51.
uptime -
Display system uptime. 52. whoami - Display the current user. 53. users -
List all
users currently logged in. 54. hostname - Display or set the system
hostname. 55.
env - Display environment variables. 56. export - Set environment variables.
Networking Commands
+
57. ip addr - Display or configure IP addresses. 58. ip route - Show or
manipulate
routing tables. 59. traceroute - Trace the route packets take to a host. 60.
nslookup - Query DNS records. 61. dig - Query DNS servers. 62. ssh - Connect
to a
remote server via SSH. 63. ftp - Transfer files using the FTP protocol. 64.
nmap -
Network scanning and discovery. 65. telnet - Communicate with remote hosts.
66.
netcat (nc) - Read/write data over networks.
File Management and Search
+
67. locate - Find files quickly using a database. 68. stat - Display
detailed
information about a file. 69. tree - Display directories as a tree. 70. file
-
Determine a file’s type. 71. basename - Extract the filename from a path.
72.
dirname - Extract the directory part of a path.
System Monitoring
+
73. vmstat - Display virtual memory statistics. 74. htop - Interactive
process
viewer (alternative to top). 75. lsof - List open files. 76. dmesg - Print
kernel
ring buffer messages. 77. uptime - Show how long the system has been
running. 78.
iotop - Display real-time disk I/O by processes.
Package Management
+
79. apt - Package manager for Debian-based distributions. 80. yum/dnf -
Package
manager for RHEL-based distributions. 81. snap - Manage snap packages. 82.
rpm -
Manage RPM packages.
Disk and Filesystem
+
83. mount/umount - Mount or unmount filesystems. 84. fsck - Check and repair
filesystems. 85. mkfs - Create a new filesystem. 86. blkid - Display
information
about block devices. 87. lsblk - List information about block devices. 88.
parted -
Manage partitions interactively.
Scripting and Automation
+
89. bash - Command interpreter and scripting shell. 90. sh - Legacy shell
interpreter. 91. cron - Automate tasks. 92. alias - Create shortcuts for
commands.
93. source - Execute commands from a file in the current shell.
Development and Debugging
+
94. gcc - Compile C programs. 95. make - Build and manage projects. 96.
strace -
Trace system calls and signals. 97. gdb - Debug programs. 98. git - Version
control
system. 99. vim/nano - Text editors for scripting and editing.
Other Useful Commands
+
100. uptime - Display system uptime. 101. date - Display or set the system
date and
time. 102. cal - Display a calendar. 103. man - Display the manual for a
command.
104. history - Show previously executed commands. 105. alias - Create custom
shortcuts for commands.
Basic Git Commands
+
Git is your code time machine. It tracks every change, enables team
collaboration
without conflicts, and lets you undo mistakes. These commands help manage
source
code versions like a professional developer. 1. git init Initializes a new
Git
repository in the current directory. Example: git init 2. git clone Copies a
remote
repository to the local machine. Example: git clone
https://github.com/user/repo.git
3. git status Displays the state of the working directory and staging area.
Example:
git status 4. git add Adds changes to the staging area. Example: git add
file.txt 5.
git commit Records changes to the repository. Example: git commit -m
"Initial
commit" 6. git config Configures user settings, such as name and email.
Example: git
config --global user.name "Your Name" 7. git log Shows the commit history.
Example:
git log 8. git show Displays detailed information about a specific commit.
Example:
git show 9. git diff Shows changes between commits, the working directory,
and the
staging area. Example: git diff 10. git reset Unstages changes or resets
commits.
Example: git reset HEAD file.txt
Branching and Merging
+
11. git branch Lists branches or creates a new branch. Example: git branch
feature-branch 12. git checkout Switches between branches or restores files.
Example: git checkout feature-branch 13. git switch Switches branches
(modern
alternative to git checkout). Example: git switch feature-branch 14. git
merge
Combines changes from one branch into another. Example: git merge
feature-branch 15.
git rebase Moves or combines commits from one branch onto another. Example:
git
rebase main 16. git cherry-pick Applies specific commits from one branch to
another.
Example: git cherry-pick
Remote Repositories
+
17. git remote Manages remote repository connections. Example: git remote
add origin
https://github.com/user/repo.git 18. git push Sends changes to a remote
repository.
Example: git push origin main 19. git pull Fetches and merges changes from a
remote
repository. Example: git pull origin main 20. git fetch Downloads changes
from a
remote repository without merging. Example: git fetch origin 21. git remote
-v Lists
the URLs of remote repositories. Example: git remote -v
Stashing and Cleaning
+
22. git stash Temporarily saves changes not yet committed. Example: git
stash 23.
git stash pop Applies stashed changes and removes them from the stash list.
Example:
git stash pop 24. git stash list Lists all stashes. Example: git stash list
25. git
clean Removes untracked files from the working directory. Example: git clean
-f
Tagging
+
26. git tag Creates a tag for a specific commit. Example: git tag -a v1.0 -m
"Version 1.0" 27. git tag -d Deletes a tag. Example: git tag -d v1.0 28. git
push
--tags Pushes tags to a remote repository. Example: git push origin --tags
Advanced Commands
+
29. git bisect Finds the commit that introduced a bug. Example: git bisect
start 30.
git blame Shows which commit and author modified each line of a file.
Example: git
blame file.txt 31. git reflog Shows a log of changes to the tip of branches.
Example: git reflog 32. git submodule Manages external repositories as
submodules.
Example: git submodule add https://github.com/user/repo.git 33. git archive
Creates
an archive of the repository files. Example: git archive --format=zip HEAD >
archive.zip 34. git gc Cleans up unnecessary files and optimizes the
repository.
Example: git gc
GitHub-Specific Commands
+
35. gh auth login Logs into GitHub via the command line. Example: gh auth
login 36.
gh repo clone Clones a GitHub repository. Example: gh repo clone user/repo
37. gh
issue list Lists issues in a GitHub repository. Example: gh issue list 38.
gh pr
create Creates a pull request on GitHub. Example: gh pr create --title "New
Feature"
--body "Description of the feature" 39. gh repo create Creates a new GitHub
repository. Example: gh repo create my-repo
Basic Docker Commands -
+
Docker packages applications into portable containers - like shipping
containers for
software. These commands help build, ship, and run applications consistently
across
any environment. 1. docker --version Displays the installed Docker version.
Example:
docker --version 2. docker info Shows system-wide information about Docker,
such as
the number of containers and images. Example: docker info 3. docker pull
Downloads
an image from a Docker registry (default: Docker Hub). Example: docker pull
ubuntu:latest 4. docker images Lists all downloaded images. Example: docker
images
5. docker run Creates and starts a new container from an image. Example:
docker run
-it ubuntu bash 6. docker ps Lists running containers. Example: docker ps 7.
docker
ps -a Lists all containers, including stopped ones. Example: docker ps -a 8.
docker
stop Stops a running container. Example: docker stop container_name 9.
docker start
Starts a stopped container. Example: docker start container_name 10. docker
rm
Removes a container. Example: docker rm container_name 11. docker rmi
Removes an
image. Example: docker rmi image_name 12. docker exec Runs a command inside
a
running container. Example: docker exec -it container_name bash
Intermediate Docker Commands
+
13. docker build Builds an image from a Dockerfile. Example: docker build -t
my_image . 14. docker commit Creates a new image from a container’s changes.
Example: docker commit container_name my_image:tag 15. docker logs Fetches
logs from
a container. Example: docker logs container_name 16. docker inspect Returns
detailed
information about an object (container or image). Example: docker inspect
container_name 17. docker stats Displays live resource usage statistics of
running
containers. Example: docker stats 18. docker cp Copies files between a
container and
the host. Example: docker cp container_name:/path/in/container /path/on/host
19.
docker rename Renames a container. Example: docker rename old_name new_name
20.
docker network ls Lists all Docker networks. Example: docker network ls 21.
docker
network create Creates a new Docker network. Example: docker network create
my_network 22. docker network inspect Shows details about a Docker network.
Example:
docker network inspect my_network 23. docker network connect Connects a
container to
a network. Example: docker network connect my_network container_name 24.
docker
volume ls Lists all Docker volumes. Example: docker volume ls 25. docker
volume
create Creates a new Docker volume. Example: docker volume create my_volume
26.
docker volume inspect Provides details about a volume. Example: docker
volume
inspect my_volume 27. docker volume rm Removes a Docker volume. Example:
docker
volume rm my_volume
Advanced Docker Commands
+
28. docker-compose up Starts services defined in a docker-compose.yml file.
Example:
docker-compose up 29. docker-compose down Stops and removes services defined
in a
docker-compose.yml file. Example: docker-compose down 30. docker-compose
logs
Displays logs for services managed by Docker Compose. Example:
docker-compose logs
31. docker-compose exec Runs a command in a service’s container. Example:
docker-compose exec service_name bash 32. docker save Exports an image to a
tar
file. Example: docker save -o my_image.tar my_image:tag 33. docker load
Imports an
image from a tar file. Example: docker load < my_image.tar 34. docker export
Exports a container’s filesystem as a tar file. Example: docker export
container_name>
container.tar 35. docker import Creates an image from an exported
container.
Example: docker import container.tar my_new_image 36. docker system df
Displays
disk usage by Docker objects. Example: docker system df 37. docker
system prune
Cleans up unused Docker resources (images, containers, volumes,
networks).
Example: docker system prune 38. docker tag Assigns a new tag to an
image.
Example: docker tag old_image_name new_image_name 39. docker push
Uploads an
image to a Docker registry. Example: docker push my_image:tag 40. docker
login
Logs into a Docker registry. Example: docker login 41. docker logout
Logs out of
a Docker registry. Example: docker logout 42. docker swarm init
Initializes a
Docker Swarm mode cluster. Example: docker swarm init 43. docker service
create
Creates a new service in Swarm mode. Example: docker service create
--name
my_service nginx 44. docker stack deploy Deploys a stack using a Compose
file in
Swarm mode. Example: docker stack deploy -c docker-compose.yml my_stack
45.
docker stack rm Removes a stack in Swarm mode. Example: docker stack rm
my_stack
46. docker checkpoint create Creates a checkpoint for a container.
Example:
docker checkpoint create container_name checkpoint_name 47. docker
checkpoint ls
Lists checkpoints for a container. Example: docker checkpoint ls
container_name
48. docker checkpoint rm Removes a checkpoint. Example: docker
checkpoint rm
container_name checkpoint_name
Basic Kubernetes Commands -
+
Kubernetes is the conductor of your container orchestra. It automates
deployment,
scaling, and management of containerized applications across server
clusters. 1.
kubectl version Displays the Kubernetes client and server version. Example:
kubectl
version --short 2. kubectl cluster-info Shows information about the
Kubernetes
cluster. Example: kubectl cluster-info 3. kubectl get nodes Lists all nodes
in the
cluster. Example: kubectl get nodes 4. kubectl get pods Lists all pods in
the
default namespace. Example: kubectl get pods 5. kubectl get services Lists
all
services in the default namespace. Example: kubectl get services 6. kubectl
get
namespaces Lists all namespaces in the cluster. Example: kubectl get
namespaces 7.
kubectl describe pod Shows detailed information about a specific pod.
Example:
kubectl describe pod pod-name 8. kubectl logs Displays logs for a specific
pod.
Example: kubectl logs pod-name 9. kubectl create namespace Creates a new
namespace.
Example: kubectl create namespace my-namespace 10. kubectl delete pod
Deletes a
specific pod. Example: kubectl delete pod pod-name
Intermediate Kubernetes Commands
+
11. kubectl apply Applies changes defined in a YAML file. Example: kubectl
apply -f
deployment.yaml 12. kubectl delete Deletes resources defined in a YAML file.
Example: kubectl delete -f deployment.yaml 13. kubectl scale Scales a
deployment to
the desired number of replicas. Example: kubectl scale deployment
my-deployment
--replicas=3 14. kubectl expose Exposes a pod or deployment as a service.
Example:
kubectl expose deployment my-deployment --type=LoadBalancer --port=80 15.
kubectl
exec Executes a command in a running pod. Example: kubectl exec -it pod-name
--
/bin/bash 16. kubectl port-forward Forwards a local port to a port in a pod.
Example: kubectl port-forward pod-name 8080:80 17. kubectl get configmaps
Lists all
ConfigMaps in the namespace. Example: kubectl get configmaps 18. kubectl get
secrets
Lists all Secrets in the namespace. Example: kubectl get secrets 19. kubectl
edit
Edits a resource definition directly in the editor. Example: kubectl edit
deployment
my-deployment 20. kubectl rollout status Displays the status of a deployment
rollout. Example: kubectl rollout status deployment/my-deployment
Advanced Kubernetes Commands
+
21. kubectl rollout undo Rolls back a deployment to a previous revision.
Example:
kubectl rollout undo deployment/my-deployment 22. kubectl top nodes Shows
resource
usage for nodes. Example: kubectl top nodes 23. kubectl top pods Displays
resource
usage for pods. Example: kubectl top pods 24. kubectl cordon Marks a node as
unschedulable. Example: kubectl cordon node-name 25. kubectl uncordon Marks
a node
as schedulable. Example: kubectl uncordon node-name 26. kubectl drain Safely
evicts
all pods from a node. Example: kubectl drain node-name --ignore-daemonsets
27.
kubectl taint Adds a taint to a node to control pod placement. Example:
kubectl
taint nodes node-name key=value:NoSchedule 28. kubectl get events Lists all
events
in the cluster. Example: kubectl get events 29. kubectl apply -k Applies
resources
from a kustomization directory. Example: kubectl apply -k
./kustomization-dir/ 30.
kubectl config view Displays the kubeconfig file. Example: kubectl config
view 31.
kubectl config use-context Switches the active context in kubeconfig.
Example:
kubectl config use-context my-cluster 32. kubectl debug Creates a debugging
session
for a pod. Example: kubectl debug pod-name 33. kubectl delete namespace
Deletes a
namespace and its resources. Example: kubectl delete namespace my-namespace
34.
kubectl patch Updates a resource using a patch. Example: kubectl patch
deployment
my-deployment -p '{"spec": {"replicas": 2}}' 35. kubectl rollout history
Shows the
rollout history of a deployment. Example: kubectl rollout history deployment
my-deployment 36. kubectl autoscale Automatically scales a deployment based
on
resource usage. Example: kubectl autoscale deployment my-deployment
--cpu-percent=50
--min=1 --max=10 37. kubectl label Adds or modifies a label on a resource.
Example:
kubectl label pod pod-name environment=production 38. kubectl annotate Adds
or
modifies an annotation on a resource. Example: kubectl annotate pod pod-name
description="My app pod" 39. kubectl delete pv Deletes a PersistentVolume
(PV).
Example: kubectl delete pv my-pv 40. kubectl get ingress Lists all Ingress
resources
in the namespace. Example: kubectl get ingress 41. kubectl create configmap
Creates
a ConfigMap from a file or literal values. Example: kubectl create configmap
my-config --from-literal=key1=value1 42. kubectl create secret Creates a
Secret from
a file or literal values. Example: kubectl create secret generic my-secret
--from-literal=password=myPassword 43. kubectl api-resources Lists all
available API
resources in the cluster. Example: kubectl api-resources 44. kubectl
api-versions
Lists all API versions supported by the cluster. Example: kubectl
api-versions 45.
kubectl get crds Lists all CustomResourceDefinitions (CRDs). Example:
kubectl get
crds
Basic Helm Commands -
+
Helm is the app store for Kubernetes. It simplifies installing and managing
complex
applications using pre-packaged "charts" - think of it like apt-get for
Kubernetes.
1. helm help Displays help for the Helm CLI or a specific command. Example:
helm
help 2. helm version Shows the Helm client and server version. Example: helm
version
3. helm repo add Adds a new chart repository. Example: helm repo add stable
https://charts.helm.sh/stable 4. helm repo update Updates all Helm chart
repositories to the latest version. Example: helm repo update 5. helm repo
list
Lists all the repositories added to Helm. Example: helm repo list 6. helm
search hub
Searches for charts on Helm Hub. Example: helm search hub nginx 7. helm
search repo
Searches for charts in the repositories. Example: helm search repo
stable/nginx 8.
helm show chart Displays information about a chart, including metadata and
dependencies. Example: helm show chart stable/nginx
Installing and Upgrading Charts
+
9. helm install Installs a chart into a Kubernetes cluster. Example: helm
install
my-release stable/nginx 10. helm upgrade Upgrades an existing release with a
new
version of the chart. Example: helm upgrade my-release stable/nginx 11. helm
upgrade
--install Installs a chart if it isn’t installed or upgrades it if it
exists.
Example: helm upgrade --install my-release stable/nginx 12. helm uninstall
Uninstalls a release. Example: helm uninstall my-release 13. helm list Lists
all the
releases installed on the Kubernetes cluster. Example: helm list 14. helm
status
Displays the status of a release. Example: helm status my-release
Working with Helm Charts
+
15. helm create Creates a new Helm chart in a specified directory. Example:
helm
create my-chart 16. helm lint Lints a chart to check for common errors.
Example:
helm lint ./my-chart 17. helm package Packages a chart into a .tgz file.
Example:
helm package ./my-chart 18. helm template Renders the Kubernetes YAML files
from a
chart without installing it. Example: helm template my-release ./my-chart
19. helm
dependency update Updates the dependencies in the Chart.yaml file. Example:
helm
dependency update ./my-chart
Advanced Helm Commands
+
20. helm rollback Rolls back a release to a previous version. Example: helm
rollback
my-release 1 21. helm history Displays the history of a release. Example:
helm
history my-release 22. helm get all Gets all information (including values
and
templates) for a release. Example: helm get all my-release 23. helm get
values
Displays the values used in a release. Example: helm get values my-release
24. helm
test Runs tests defined in a chart. Example: helm test my-release
Helm Chart Repositories
+
25. helm repo remove Removes a chart repository. Example: helm repo remove
stable
26. helm repo update Updates the local cache of chart repositories. Example:
helm
repo update 27. helm repo index Creates or updates the index file for a
chart
repository. Example: helm repo index ./charts
Helm Values and Customization
+
28. helm install --values Installs a chart with custom values. Example: helm
install
my-release stable/nginx --values values.yaml 29. helm upgrade --values
Upgrades a
release with custom values. Example: helm upgrade my-release stable/nginx
--values
values.yaml 30. helm install --set Installs a chart with a custom value set
directly
in the command. Example: helm install my-release stable/nginx --set
replicaCount=3
31. helm upgrade --set Upgrades a release with a custom value set. Example:
helm
upgrade my-release stable/nginx --set replicaCount=5 32. helm uninstall
--purge
Removes a release and deletes associated resources, including the release
history.
Example: helm uninstall my-release --purge
Helm Template and Debugging
+
33. helm template --debug Renders Kubernetes manifests and includes debug
output.
Example: helm template my-release ./my-chart --debug 34. helm install
--dry-run
Simulates the installation process to show what will happen without actually
installing. Example: helm install my-release stable/nginx --dry-run 35. helm
upgrade
--dry-run Simulates an upgrade process without actually applying it.
Example: helm
upgrade my-release stable/nginx --dry-run
Helm and Kubernetes Integration
+
36. helm list --namespace Lists releases in a specific Kubernetes namespace.
Example: helm list --namespace kube-system 37. helm uninstall --namespace
Uninstalls
a release from a specific namespace. Example: helm uninstall my-release
--namespace
kube-system 38. helm install --namespace Installs a chart into a specific
namespace.
Example: helm install my-release stable/nginx --namespace mynamespace 39.
helm
upgrade --namespace Upgrades a release in a specific namespace. Example:
helm
upgrade my-release stable/nginx --namespace mynamespace
Helm Chart Development
+
40. helm package --sign Packages a chart and signs it using a GPG key.
Example: helm
package ./my-chart --sign --key my-key-id 41. helm create --starter Creates
a new
Helm chart based on a starter template. Example: helm create --starter
https://github.com/helm/charts.git 42. helm push Pushes a chart to a Helm
chart
repository. Example: helm push ./my-chart my-repo
Helm with Kubernetes CLI
+
43. helm list -n Lists releases in a specific Kubernetes namespace. Example:
helm
list -n kube-system 44. helm install --kube-context Installs a chart to a
Kubernetes
cluster defined in a specific kubeconfig context. Example: helm install
my-release
stable/nginx --kube-context my-cluster 45. helm upgrade --kube-context
Upgrades a
release in a specific Kubernetes context. Example: helm upgrade my-release
stable/nginx --kube-context my-cluster
Helm Chart Dependencies
+
46. helm dependency build Builds dependencies for a Helm chart. Example:
helm
dependency build ./my-chart 47. helm dependency list Lists all dependencies
for a
chart. Example: helm dependency list ./my-chart
Helm History and Rollbacks
+
48. helm rollback --recreate-pods Rolls back to a previous version and
recreates
pods. Example: helm rollback my-release 2 --recreate-pods 49. helm history
--max
Limits the number of versions shown in the release history. Example: helm
history
my-release --max 5
Basic Terraform Commands -
+
Terraform lets you build cloud infrastructure with code. Instead of clicking
buttons
in AWS/GCP/Azure consoles, you define servers and services in configuration
files.
50. terraform --help = Displays general help for Terraform CLI commands. 51.
terraform init = Initializes the working directory containing Terraform
configuration files. It downloads the necessary provider plugins. 52.
terraform
validate = Validates the Terraform configuration files for syntax errors or
issues.
53. terraform plan - Creates an execution plan, showing what actions
Terraform will
perform to make the infrastructure match the desired configuration. 54.
terraform
apply = Applies the changes required to reach the desired state of the
configuration. It will prompt for approval before making changes. 55.
terraform show
= Displays the Terraform state or a plan in a human-readable format. 56.
terraform
output = Displays the output values defined in the Terraform configuration
after an
apply. 57. terraform destroy = Destroys the infrastructure defined in the
Terraform
configuration. It prompts for confirmation before destroying resources. 58.
terraform refresh = Updates the state file with the real infrastructure's
current
state without applying changes. 59. terraform taint = Marks a resource for
recreation on the next apply. Useful for forcing a resource to be recreated
even if
it hasn't been changed. 60. terraform untaint = Removes the "tainted" status
from a
resource. 61. terraform state = Manages Terraform state files, such as
moving
resources between modules or manually 62. terraform import = Imports
existing
infrastructure into Terraform management. 63. terraform graph = Generates a
graphical representation of Terraform's resources and their relationships.
64.
terraform providers = Lists the providers available for the current
Terraform
configuration. 65. terraform state list = Lists all resources tracked in the
Terraform state file. 66. terraform backend = Configures the backend for
storing
Terraform state remotely (e.g., in S3, Azure Blob Storage, etc.). 67.
terraform
state mv = Moves an item in the state from one location to another. 68.
terraform
state rm = Removes an item from the Terraform state file. 69. terraform
workspace =
Manages Terraform workspaces, which allow for creating separate environments
within
a single configuration. 70. terraform workspace new = Creates a new
workspace. 71.
terraform module = Manages and updates Terraform modules, which are reusable
configurations. 72. terraform init -get-plugins=true = Ensures that required
plugins
are fetched and available for modules. 73. TF_LOG = Sets the logging level
for
Terraform debug output (e.g., TRACE, DEBUG, INFO, WARN, ERROR). 74.
TF_LOG_PATH =
Directs Terraform logs to a specified file. 75. terraform login = Logs into
Terraform Cloud or Terraform Enterprise for managing remote backends and
workspaces.
76. terraform remote = Manages remote backends and remote state storage for
Terraform configurations. terraform push = Pushes Terraform modules to a
remote
module registry.
JKM DevOps Shack 200 Jenkins Scenario Based Question and Answer
How would you design a Jenkins setup for a
large-scaleenterpris e application with multiple teams
+
Design a master-agent architecture where the master handlesscheduling and
orchestrating jobs, and agents execute jobs. Use dis tributed builds by
configuring
Jenkins agents ondifferent machines or containers. Implement folder-based
multi-tenancy to is olate pipelines foreach team. Secure the Jenkins setup
using
role-based access control(RBAC). Example: Team A has access to Folder A with
restrictedpipeline vis ibility, while the master node ensures no resource
contention.
How can you scale Jenkins to handle high build loads
+
Use Kubernetes-based Jenkins agents that scale dynamicallybased on workload.
Implement build queue monitoring and optimize resourceallocation by
offloading
non-critical jobs to low-priority nodes. Use Jenkins Operations Center
(CloudBees
CI) for centralizedmanagement of multiple Jenkins instances.
How do you manage plugins in a Jenkins environment to
ensure stability
+
Maintain a lis t of approved plugins after testingcompatibility with the
Jenkins
version. Regularly update plugins in a staging environment beforerolling
them into
production. Example: While upgrading the Git plugin, test it with
yourpipelines in
staging to ensure no dis ruption.
How do you design a Jenkins pipeline to support
multipleenvironments (e.g., Dev, QA, Prod)
+
Use parameterized pipelines where environment-specificconfigurations (e.g.,
URLs,
credentials) are passed as parameters. Implement environment-specific stages
or
branch-specificpipelines. Example: A pipeline that promotes a build from Dev
to QA
andthen to Prod using approval gates between stages.
How can you handle dynamic branch creation in Jenkins
pipelines
+
Use multibranch pipelines that automatically detect newbranches in a
repository and
create pipelines for them. Configure the Jenkinsfile in each branch to
define
itspipeline behavior.
How do you ensure pipeline resilience in case of
intermittent failures
+
Use retry blocks in declarative orscripted pipelines to retry failed stages.
Example: Retrying a flaky test stage three times withexponential backoff.
Implement
conditional steps using catchError to handle failures gracefully.
How do you secure sensitive credentials in
Jenkinspipelines
+
Use the Jenkins Credentials plugin to store secrets securely. Access
credentials
using environment variables or bindings inthe pipeline. Example: Fetch an
API key
stored in Jenkins credentials using withCredentials in a scripted pipeline.
How do you enforce role-based access control(RBAC) in
Jenkins
+
Use the Role-Based Authorization Strategy plugin. Define roles like Admin,
Developer, and Viewer, and assignpermis sions for jobs, folders, and builds
accordingly.
How do you integrate Jenkins with Docker for
buildingand
deploying applications
+
Use the Docker plugin or Docker Pipeline plugin. Example: Build a Docker
image in
the pipeline using docker.build and push it to a container regis try. Run
tests in
ephemeral Docker containers for consis tent testenvironments.
How do you integrate Jenkins with a Kubernetes cluster
for deployments
+
Use the Kubernetes plugin or kubectl commands in the pipeline. Example: Use
a
Kubernetes pod template with custom containersfor builds, then deploy
applications
using kubectl apply .
How can you reduce the build time of a Jenkinsjob
+
Use parallel stages to execute independent taskssimultaneously. Example:
Parallelize
static code analysis , unit tests, andintegration tests. Use build caching
mechanis
ms like Docker layer caching ordependency caching.
How do you optimize Jenkins for CI/CD pipelines with
heavy test loads
+
Split tests into smaller batches and run them in parallel. Use sharding for
dis
tributed test execution across multipleagents. Example: Divide a 10,000-test
suite
into 10 shards anddis tribute them across agents.
What would you do if a Jenkins job hangsindefinitely
+
Check the Jenkins build logs for deadlocks or resourcecontention. Restart
the agent
where the build is stuck, if needed. Example: A job stuck in docker build
could
indicate Docker daemon is sues; restart the Docker service.
How do you troubleshoot a Jenkins job that keeps
failing
at the same step
+
Analyze the console output to identify the error message. Check for
environmental is
sues like mis sing dependencies orincorrect permis sions. Example: A Maven
build
failing due to repository connectivitymight require checking proxy
configurations.
How do you implement manual approval gates in
Jenkinspipelines
+
Use the input step in a declarativepipeline. Example: Add an approval step
before
deploying to production.Only after manual confirmation does the pipeline
proceed.
How do you handle blue-green deployments in Jenkins
+
Create separate pipelines for blue and green environments. Route traffic to
the new
environment after successfuldeployment and health checks. Example: Use AWS
Route53
or Kubernetes Ingress to switchtraffic seamlessly.
How do you monitor Jenkins build trends
+
Use the Build His tory and Build Monitor plugins. Example: Vis ualize
pass/fail
trends over time to identifyflaky tests.
How do you notify teams about build failures
+
Use the Email Extension or Slack Notification plugins. Example: Configure a
Slack
webhook to notify the #build-alerts channel upon failure.
How do you manage monorepos in Jenkinspipelines
+
Use sparse checkouts to fetch only the required directories. Example:
Trigger
pipelines based on changes in specificsubdirectories using the dir parameter
in Git.
How do you handle merge conflicts in a Jenkins
pipeline
+
Use Git pre-merge hooks or resolve conflicts locally and pushthe updated
code.
Example: A pipeline can fetch both source and target branches,merge them in
a
temporary branch, and check for conflicts.
How do you trigger a Jenkins pipeline from
anotherpipeline
+
Use the build step in a scripted or declarativepipeline to trigger another
pipeline.
Example: Pipeline A builds the application, and Pipeline B deploysit.
Pipeline A
calls Pipeline B using build(job:'Pipeline-B', parameters: [string(name:
'version',value: '1.0')]) .
How do you handle shared libraries in Jenkins
pipelines
+
Use the Global Shared Libraries feature inJenkins. Example: Create reusable
Groovy
functions for common tasks (e.g.,linting, packaging) and call them in
pipelines
using @Library('my-library') .
How do you implement conditional logic in Jenkins
pipelines
+
Use when in declarative pipelines or if statements in scripted pipelines.
Example:
Skip deployment if the branch is not main using when { branch 'main' } .
How do you handle job failures in a Jenkins pipeline
+
Use the catchError block to handle errorsgracefully. Example: catchError {
sh
'some-failing-command' } echo 'Handled the failure and proceeding.'
What would you do if a Jenkins master node crashes
+
Restore the master node from backups. Use Jenkins’ thinBackup or a similar
plugin
for automatedbackups. Example: After restoration, ensure the plugins and
configuration aresynchronized.
How do you restart a failed Jenkins pipeline from a
specific stage
+
Enable the Restart from Stage feature in theJenkins declarative pipeline.
Example:
If the Deploy stage fails, restart thepipeline from that stage without re-
executing
previous stages.
How do you integrate Jenkins with SonarQube for code
qualityanalysis
+
Use the SonarQube Scanner plugin. Example: Add a stage in the pipeline to
run
sonar-scanner and publis h results to the SonarQubeserver.
How do you enforce code coverage thresholds in Jenkins
pipelines
+
Use tools like JaCoCo or Cobertura and configure the build to fail
ifthresholds are
not met. Example: jacoco(execPattern: '**/jacoco.exec',
minimumBranchCoverage: '80')
How do you implement parallelis m in Jenkinspipelines
+
Use the parallel directive in declarativepipelines or parallel block in
scripted
pipelines. Example: Run unit tests , integration tests , and linting
inparallel
stages.
How do you optimize resource utilization in Jenkins
+
Use lock to manage resource contention. Example: Limit concurrent jobs
accessing a
shared environment using lock('resourceName') .
How do you run Jenkins jobs in a Docker container
+
Use the docker block in declarativepipelines. Example: agent { docker {
image
'node:14' } }
How do you ensure consis tent environments for Jenkins
builds
+
Use Docker images to define build environments. Example: Use a prebuilt
image with
all dependencies pre-installed forfaster builds.
How do you integrate Jenkins with AWS for CI/CD
+
Use the AWS CLI or AWS-specific Jenkins plugins. Example: Deploy an
application to
S3 using aws s3 cp commands in the pipeline.
How do you configure Jenkins to deploy to Azure
Kubernetes Service (AKS)
+
Use kubectl commands with AKS credentialsstored in Jenkins credentials.
Example:
Deploy manifests using sh 'kubectl apply-f k8s.yaml' .
How do you trigger a Jenkins job when a file changes
inGit
+
Use GitHub or Bitbucket webhooks configured with the Jenkinsjob. Example: A
webhook
triggers the job only for changes in a specificfolder by setting path
filters.
How do you schedule periodic builds in Jenkins
+
Use the Build periodically option or cron syntax in pipeline scripts.
Example:
Schedule a nightly build using H 0 * ** .
How do you audit build logs and job execution
inJenkins
+
Enable the Audit Trail plugin to track user actions. Example: View changes
made to
jobs, builds, and plugins.
How do you implement compliance checks in Jenkins
pipelines
+
Integrate with tools like OpenSCAP or custom scripts for
compliancevalidation.
Example: Validate infrastructure as code (IaC) templates forcompliance
before
deployment.
How do you manage build artifacts in Jenkins
+
Use the Archive the artifacts post-buildstep. Example: Store JAR files and
logs for
future reference using archiveArtifacts artifacts: 'build/*.jar' .
How do you publis h artifacts to a repository like
Nexus
or Artifactory
+
Use Maven/Gradle plugins or REST APis for publis hing. Example: Push aJAR
file to
Nexus with: sh 'mvn deploy'
How do you notify a team about pipeline status
+
Use Slack or Email plugins for notifications. Example: Notify Slackon
success or
failure with: slackSend channel: '#builds', message:
"Build#${env.BUILD_NUMBER}
${currentBuild.result}"
How do you send detailed build reports via email in
Jenkins
+
Use the Email Extension plugin and configure templates for detailedreports.
Example:
Include build logs and test results in the email.
How do you back up Jenkins configurations
+
Use the thinBackup plugin or manual backup of $JENKINS_HOME . Example:
Automate
backups nightly and store them in a secure locationlike S3.
How do you recover a Jenkins instance from backup
+
Restore the $JENKINS_HOME directory from thebackup and restart Jenkins.
Example:
After restoration, validate all jobs and credentials.
How do you implement feature flags in Jenkinspipelines
+
Use environment variables or external tools like LaunchDarkly. Example: A
feature
flag determines whether to deploy the featurebranch.
How do you integrate Jenkins with a database for
testing
+
Spin up a database container or use a preconfigured testdatabase. Example:
Use
Docker Compose to bring up a MySQL container beforerunning tests.
How do you manage long-running jobs in Jenkins
+
Break them into smaller jobs or stages to allow checkpoints. Example: Use
timeout to
terminate excessivelylong builds.
What would you do if Jenkins pipelines start failing
intermittently
+
Investigate resource constraints, flaky tests, or networkis sues. Example:
Monitor
agent logs and rebuild affected stages.
How do you manage Jenkins jobs for multiple branches
in
a monorepo
+
Use multibranch pipelines or branch-specific Jenkinsfiles.
How do you handle cross-team collaboration in Jenkins
pipelines
+
Use shared libraries for reusable code and maintain a central
Jenkinsgovernance
team.
How do you manage Jenkins agents in a dynamic
cloudenvironment
+
Use a cloud provider plugin (e.g., Amazon EC2 or Kubernetes). Example:
Configure
Kubernetes-based agents to dynamically spin uppods based on job demands.
How do you limit the number of concurrent builds for a
Jenkins job
+
Use the Throttle Concurrent Builds plugin. Example: Set a limit of two
builds per
agent to avoid resourcecontention.
How do you optimize Jenkins for large-scale builds
with
limited hardware
+
Use build labels to dis tribute specific jobs to the rightagents. Example:
Assign
resource-intensive builds to high-capacity agentswith labels like high_mem .
How do you implement custom notifications in
Jenkinspipelines
+
Use a custom script to send notifications via APis . Example: Integrate with
Microsoft Teams by using their webhook API tosend custom alerts.
How do you alert stakeholders only on critical build
failures
+
Use conditional steps in pipelines to send notifications based onfailure
type.
Example: Notify stakeholders if the failure occurs in the Deploy stage.
How do you manage dependencies in a Jenkins
CI/CDpipeline
+
Use dependency management tools like Maven, Gradle, or npm. Example: Use a
package.json or pom.xml file to ensure consis tent dependencies
acrossbuilds.
How do you handle dependency conflicts in a Jenkins
build
+
Use dependency resolution features of tools like Maven orGradle. Example:
Exclude
transitive dependencies causing conflicts in the pom.xml .
How do you debug Jenkins pipeline failureseffectively
+
Enable verbose logging for specific stages or commands. Example: Use sh 'set
-x
&&your-command' for detailed command output.
How do you log custom messages in Jenkins pipelines
+
Use the echo step in declarative or scriptedpipelines. Example: echo
"Starting
deployment toenvironment: ${env.ENV_NAME}" .
How do you monitor Jenkins server health
+
Use the Monitoring plugin or external toolslike Prometheus and Grafana.
Example:
Monitor JVM memory, dis k usage, and thread activity usingPrometheus
exporters.
How do you set up Jenkins alerts for high resource
usage
+
Integrate Jenkins with monitoring tools like Nagios orDatadog. Example:
Trigger an
alert if CPU usage exceeds 80% duringbuilds.
How do you set up pipelines to work on multiple
operatingsystems
+
Use agent labels to target specific platforms (e.g., linux , windows ).
Example: Run
tests on both Linux and Windows agents using parallelstages.
How do you ensure portability in Jenkins pipelines
across environments
+
Use containerized builds with Docker for a consis tent runtime. Example:
Build and
test the application in the same Dockerimage.
How do you create custom build steps in Jenkins
+
Use the Pipeline Utility Steps plugin or write custom Groovyscripts.
Example: Create
a step to clean the workspace, fetch dependencies,and run tests.
How do you extend Jenkins functionality with custom
plugins
+
Develop a custom Jenkins plugin using the Jenkins Plugin DevelopmentKit
(PDK).
Example: A plugin to integrate Jenkins with a proprietarydeployment system.
How do you integrate Jenkins with performance testing
tools likeJMeter
+
Use the Performance Plugin to parse JMeter results. Example: Trigger a
JMeter
script, then analyze results withthresholds for build pass/fail criteria.
How do you fail a Jenkins build if performance metrics
are below expectations
+
Add a stage to validate performance metrics against predefinedthresholds.
Example:
Fail the build if response time exceeds 500ms.
How do you trigger a Jenkins job based on an external
event (e.g., anAPI call)
+
Use the Jenkins Remote Trigger URL with an API token. Example: Trigger a job
using
curl -XPOST
+
/job/ /buildtoken= .
How do you schedule a Jenkins job to run only on
specific days
+
Use a cron expression in the Build periodically field. Example: Schedule a
job for
Mondays and Fridays using H H * * 1,5 .
How do you use Jenkins to automate databasemigrations
+
Integrate with tools like Flyway or Liquibase. Example: Add a pipeline stage
to run
migration scripts beforedeployment.
How do you verify database changes in a Jenkins
pipeline
+
Add a test stage to validate schema changes or dataconsis tency. Example:
Run SQL
queries to ensure migration scripts worked asexpected.
How do you secure Jenkins pipelines from
maliciousscripts
+
Use sandboxed Groovy scripts and validate third-partyJenkinsfiles. Example:
Use a
code review process for external contributions.
How do you protect sensitive information in Jenkins
logs
+
Mask sensitive information using the Mask Passwords plugin. Example: API
keys are
replaced with **** inlogs.
How do you implement versioning in Jenkins pipelines
+
Use build numbers or Git tags for versioning. Example: Generate a version
like
1.0.${BUILD_NUMBER} during the build process.
How do you automate release tagging in Jenkins
+
Use git tag commands in the pipeline. Example: Add a post-build step to tag
the
release and push it to therepository.
How do you fix "agent offline" is sues inJenkins
+
Verify network connectivity, agent logs, and master-agentconfigurations.
Example:
Check if the agent process has permis sions to connect to themaster.
What would you do if Jenkins fails to fetch code from
a
Git repository
+
Check Git plugin configurations, repository URL, and accesscredentials.
Example:
Verify that the SSH key used by Jenkins is valid.
How do you implement canary deployments in Jenkins
+
Deploy a small percentage of traffic to the new version and monitorbefore
full
rollout. Example: Use a custom script or plugin to automate trafficshifting.
How do you automate rollback in Jenkins pipelines
+
Maintain a record of previous deployments and redeploy the lastsuccessful
build.
Example: Use a rollback stage that fetchesartifacts of the previous version.
How do you ensure Jenkins pipelines are maintainable
+
Use shared libraries, modular pipelines, and cleardocumentation. Example:
Abstract
repetitive tasks like linting or packaging intoshared library functions.
How do you handle Jenkins updates in a production
environment
+
Test updates in a staging environment before applying them toproduction.
Example:
Validate that plugins are compatible with the new Jenkinsversion.
How do you handle long-running builds inJenkins
+
Use timeout steps to terminate excessive runtimes. Example: Fail the build
if it
exceeds 2 hours.
How do you prioritize critical jobs in Jenkins
+
Assign higher priority to critical jobs using the Priority Sorterplugin.
Example:
Ensure deployment jobs are always queued before non-criticalones.
How do you build and test multiple modules of a
monolithicapplication in Jenkins
+
Use a multi-module build system like Maven or Gradle to compile andtest each
module
independently. Example: Add stages in the pipeline to build, test, and
packagemodules sequentially or in parallel.
How do you configure Jenkins to build microservices
independently
+
Use separate pipelines for each microservice. Example: Trigger the build of
a
specific microservice based onchanges in its folder using the path parameter
inmultibranch pipelines.
How do you integrate Jenkins with Selenium for
UItesting
+
Use the Selenium WebDriver and Jenkins Selenium plugin. Example: Add a stage
in the
pipeline to run Selenium test scripts ona dedicated test environment.
How do you fail a Jenkins build if tests fail
intermittently
+
Use the retry block to re-run flaky tests alimited number of times. Example:
Fail
the build after three retries if the tests continue tofail.
How do you pass parameters dynamically to a
Jenkinspipeline
+
Use parameterized builds and populate parameters dynamically througha
script.
Example: Use the active choice plugin topopulate a dropdown with values
fetched from
an API.
How do you create matrix builds in Jenkins
+
Use the Matrix plugin or a declarative pipeline with matrix stages. Example:
Test an
application on multiple OS and Java versions.
How do you back up and restore Jenkins jobs
+
Back up the $JENKINS_HOME/jobs directory. Example: Automate backups using a
cron job
or tools like thinBackup .
What steps would you follow to restore Jenkins jobs
from
backup
+
Stop Jenkins, copy the backed-up job configurations to the
$JENKINS_HOME/jobs
directory, and restart Jenkins. Example: Verify job configurations and
plugin
dependenciespost-restoration.
How do you use Jenkins to validate Infrastructure as
Code(IaC)
+
Integrate tools like Terraform or CloudFormation with Jenkinspipelines.
Example: Add
a stage to validate Terraform plans using terraform validate .
How do you implement automated provis ioning using
Jenkins
+
Use Jenkins to trigger Terraform or Ansible scripts for provis
ioninginfrastructure.
Example: Provis ion an AWS EC2 instance and deploy an application onit as
part of
the pipeline.
How do you test across multiple environments
simultaneously inJenkins
+
Use parallel stages in declarative pipelines. Example: Run tests on Dev, QA,
and
Staging environments inparallel.
How do you configure Jenkins to run parallel builds
for
multiple branches
+
Use multibranch pipelines to detect and execute builds for allbranches.
Example:
Each branch builds independently in its pipeline.
How do you securely pass secrets to a Jenkins job
+
Use the Credentials plugin to inject secrets into the pipeline.Example: Use
withCredentials to pass a secret API key to ashell script:
withCredentials([string(credentialsId: 'api-key', variable:'API_KEY')]) { sh
'curl
-H "Authorization: $API_KEY"https://api.example.com' }
How do you audit the usage of credentials in Jenkins
+
Enable auditing through the Audit Trail plugin and monitor credentialusage
logs.
Example: Identify unauthorized access to sensitivecredentials.
How do you manage a situation where a Jenkins job is
stuckindefinitely
+
Identify the is sue by reviewing the build logs and system resourceusage.
Example:
Terminate the stuck process on the agent and re-trigger thejob.
How do you handle pipeline execution that consumes
excessive resources
+
Use resource quotas or throttle settings tolimit resource usage. Example:
Assign
builds to low-resource agents for non-criticaljobs.
How do you implement multi-cloud deployments
usingJenkins
+
Configure multiple cloud credentials and deploy to each
providerconditionally.
Example: Deploy to AWS, Azure, and GCP using environment-specificdeployment
scripts.
How do you monitor Jenkins pipeline performance
+
Use plugins like Build Monitor, Prometheus, or Performance Publis herto
track
performance metrics. Example: Analyze pipeline execution time trends to
optimize
slowstages.
How do you generate build trend reports in Jenkins
+
Use the Test Results Analyzer or Dashboard View plugin. Example: Vis ualize
the
number of passed, failed, and skipped testsover time.
How do you create dynamic stages in a Jenkinspipeline
+
Use Groovy scripting in a scripted pipeline to define stagesdynamically.
Example:
Loop through a lis t of services and create a build stage foreach.
How do you dynamically load environment configurations
in Jenkins
+
Use configuration files stored in a repository or as a Jenkins
sharedlibrary.
Example: Load environment-specific variables from a JSON file duringthe
pipeline
execution.
How do you implement build caching in Jenkinspipelines
+
Use tools like Docker cache or Gradle/Maven build caches. Example: Use a
shared
cache directory for dependencies acrossbuilds.
How do you handle incremental builds in Jenkins
+
Configure the pipeline to build only the modified components usingtools like
Git
diff. Example: Trigger builds for only the microservices that havechanged.
How do you set up Jenkins for multitenant usage
acrossteams
+
Use folders, RBAC, and dedicated agents for each team. Example: Team A and
Team B
have separate folders with is olatedpipelines and credentials.
How do you handle conflicts when multiple teams use
shared Jenkins resources
+
Use the Lockable Resources plugin to serializeaccess to shared resources.
Example:
Ensure only one team can deploy to the staging environmentat a time.
How do you recover a pipeline that fails due to a
transientis sue
+
Use retry blocks to automatically retry thefailed step. Example: Retry a
deployment
step up to three times if it fails due tonetwork is sues.
How do you resume a pipeline after fixing an error
+
Use the Restart from Stage feature indeclarative pipelines. Example: Resume
the
pipeline from the Deploy stage after fixing a configuration is sue.
How do you integrate Jenkins with JIRA for is
suetracking
+
Use the JIRA plugin to update is sue status automatically after abuild.
Example:
Transition a JIRA ticket to "In Progress" when thebuild starts.
How do you integrate Jenkins with a service bus or
message queue
+
Use custom scripts or plugins to publis h messages to RabbitMQ, Kafka,or AWS
SQS.
Example: Notify downstream systems after a successful deployment bysending a
message
to a queue.
How do you use Jenkins to build and test
containerizedapplications
+
Use the Docker Pipeline plugin to build and test images. Example: Build a
Docker
image in one stage and run tests in acontainerized environment in the next
stage.
How do you manage container orchestration with Jenkins
+
Use Kubernetes or Docker Compose to orchestrate multi-containerenvironments.
Example: Deploy an application and database containers together
forintegration
tests.
How do you allocate specific agents for
certainpipelines
+
Use agent labels in the pipeline configuration. Example: Assign a pipeline
to the
high-memory agent for resource-intensive builds.
How do you ensure efficient resource utilization
across
Jenkins agents
+
Use the Load Balancer plugin or Jenkins Cloud Agents for dynamicscaling.
Example:
Scale down idle agents during off-peak hours.
How do you manage Jenkins configurations
acrossenvironments
+
Use tools like Jenkins Configuration as Code (JCasC) or custom
Groovyscripts.
Example: Use a YAML configuration file to define jobs, credentials,
andplugins.
How do you version controlJenkins jobs and pipelines
+
Store pipeline scripts in a Git repository. Example: Use Jenkinsfiles to
define
pipelines, making them portableand traceable.
How do you implement rolling deployments withJenkins
+
Deploy updates incrementally to a subset of servers or pods. Example: Update
10% of
the pods in Kubernetes before proceeding tothe next batch.
How do you automate blue-green deployments in Jenkins
+
Use separate environments for blue and green and switch traffic
post-deployment.
Example: Use a load balancer to toggle between environments aftersuccessful
tests.
How do you integrate Jenkins with API testing tools
likePostman
+
Use Newman (Postman CLI) in the pipeline to executecollections. Example: Run
newman
run collection.json in atest stage.
How do you handle test data for automated testing in
Jenkins
+
Use environment variables or configuration files to provide testdata.
Example: Pass
database credentials as environment variables duringtest execution.
How do you automate release notes generation inJenkins
+
Use a custom script or plugin to fetch Git commit messages or JIRAupdates.
Example:
Generate release notes from commits tagged with [release] .
How do you implement versioning in a CI/CD pipeline
+
Use Git tags or build numbers to version artifacts. Example: Create a
version string
like 1.0.${BUILD_NUMBER} for every build.
What steps would you take if Jenkins builds suddenly
start failingacross all jobs
+
Check global configurations, credentials, and plugin updates. Example:
Investigate
whether a recent plugin update causedcompatibility is sues.
How do you handle Jenkins agent dis connections during
builds
+
Configure a reconnect strategy or reassign the job to anotheragent. Example:
Use a
script to auto-restart dis connected agents.
How do you design pipelines to handle varying
deploymentstrategies
+
Use parameters to define the deployment type (e.g., rolling,canary).
Example: A
pipeline prompts the user to select the strategy beforedeployment.
How do you configure pipelines for multiple repository
triggers
+
Use a webhook aggregator to trigger the pipeline for changes inmultiple
repositories. Example: Trigger a build when changes are made to either the
frontendor backend repositories.
How do you ensure compliance with Jenkins pipelines
+
Use tools like SonarQube for code quality checks and enforce policieswith
shared
libraries. Example: Ensure every pipeline includes a security scan stage.
How do you audit pipeline execution in Jenkins
+
Use the Audit Trail plugin to track changes and executionhis tory. Example:
Identify
who triggered a job and when.
How do you set up Jenkins for high availability
+
Use a clustered setup with multiple Jenkins masters and sharedstorage.
Example:
Configure an NFS share for $JENKINS_HOME to ensure consis tency across
masters.
What’s your approach to restoring Jenkins from a dis
aster
+
Restore configurations and data from backups, then validate pluginsand jobs.
Example: Use thinBackup to quickly recover Jenkins data.
How do you implement Jenkins backups for
criticalenvironments
+
Use tools like thinBackup or JenkinsConfiguration as Code (JCasC) to back up
configurations, jobs, and plugins.Automate the process with cron jobs or
scripts.
Example: Automate daily backups of the $JENKINS_HOME directory and store
them on S3
or a secure location.
What strategies do you recommend for Jenkins dis aster
recovery
+
Use a secondary Jenkins instance as a standby master with replicateddata.
Example:
Periodically sync $JENKINS_HOME between primary and standby instances and
use a load
balancer forfailover.
How do you handle consis tent build failures caused by
flakytests
+
Identify flaky tests using test reports and is olate them intoseparate test
suites.
Example: Retry only the flaky tests multiple times in a dedicatedpipeline
stage.
What would you do if builds fail due to resource
exhaustion
+
Optimize resource allocation by reducing the number of concurrentbuilds or
increasing system capacity. Example: Add more Jenkins agents or limit
concurrent
jobs with theThrottle Concurrent Builds plugin.
How do you manage environment-specific variables in
Jenkinspipelines
+
Use environment variables defined in the Jenkinsfile or
externalconfiguration files.
Example: Load environment-specific files based on the selected parameter
using: def
config = readYaml file: "config/${env.ENVIRONMENT}.yaml"
How do you handle multi-environment deployments in a
single pipeline
+
Use declarative pipeline stages with conditional logic for
differentenvironments.
Example: Deploy to QA, Staging, and Production in sequence withmanual
approval gates
for Staging and Production.
How do you reduce pipeline execution time for
largeapplications
+
Use parallel stages, build caching, and pre-configuredenvironments. Example:
Parallelize unit tests, integration tests, and static codeanalysis stages.
How do you identify and fix bottlenecks in Jenkins
pipelines
+
Use performance plugins or monitor logs to detect slow stages. Example:
Split a
long-running build stage into smaller tasks oroptimize resource- intensive
scripts.
How do you ensure reproducibility in containerized
Jenkinspipelines
+
Use Docker images with all required dependenciespre-installed. Example:
Build and
test Node.js applications using a custom Docker image: agent { docker {
image
'custom-node:14' } }
How do you handle container orchestration in Jenkins
pipelines
+
Use Kubernetes plugins or tools like Helm for deploying and
managingcontainers.
Example: Deploy a Helm chart to Kubernetes as part of thepipeline.
How do you manage shared Jenkins resources across
multipleteams
+
Use the Folder and Role-Based Authorization Strategy plugins tois olate
team-
specific configurations. Example: Each team has a dedicated folder with
restricted
access totheir jobs and agents.
How do you create reusable components for different
team
pipelines
+
Use Jenkins Shared Libraries for common functionality like deploymentscripts
or
notifications. Example: Create a shared library to send Slack notifications:
def
sendNotification(String message) { slackSend(channel:'#builds', message:
message) }
How do you secure sensitive API keys and tokens
inJenkins
+
Use the Credentials plugin to securely store and retrieve
sensitiveinformation.
Example: Use withCredentials to pass an APItoken to a pipeline:
withCredentials([string(credentialsId: 'api-token', variable:'TOKEN')]) { sh
"curl
-H 'Authorization: Bearer ${TOKEN}'https://api.example.com" }
How do you implement secure access controlfor Jenkins
users
+
Use the Role-Based Authorization Strategy plugin to define roles andpermis
sions.
Example: Admins have full access, while developers have job-specificpermis
sions.
How do you handle integration testing in
Jenkinspipelines
+
Spin up test environments using Docker or Kubernetes for is olatedtesting.
Example:
Run integration tests against a temporary database containerin a pipeline
stage.
How do you automate regression testing in Jenkins
+
Use tools like Selenium or TestNG for regression tests triggeredafter every
build.
Example: Schedule nightly builds to run a regression testsuite.
How do you customize build notifications inJenkins
+
Use plugins like Email Extension or Slack Notification with customtemplates.
Example: Include build duration and commit messages in Slacknotifications.
How do you configure Jenkins to notify specific
stakeholders
+
Use the post-build step to send notifications to different recipientsbased
on
pipeline results. Example: Notify developers on failure and QA on success.
How do you integrate Jenkins with Terraform for
IaCautomation
+
Use the Terraform plugin or CLI to apply configurations. Example: Add a
stage to
validate, plan, and apply Terraformscripts.
How do you integrate Jenkins with Ansible for
configuration management
+
Trigger Ansible playbooks from the Jenkins pipeline using the Ansibleplugin
or CLI.
Example: Use ansiblePlaybook to deployconfigurations to a server.
How do you horizontally scale Jenkins to handle
highworkloads
+
Add multiple agents and dis tribute builds using labels or nodeaffinity.
Example:
Use Kubernetes agents to dynamically scale based on thebuild queue.
How do you optimize Jenkins for a dis tributed build
environment
+
Use dis tributed agents with pre-installed dependencies to reducesetup time.
Example: Assign resource-intensive jobs to dedicated high-performanceagents.
How do you handle multi-region deployments inJenkins
+
Use separate stages or pipelines for each region. Example: Deploy to US-East
and
EU-West regions using AWS CLIcommands.
How do you implement zero-downtime deployments in
Jenkins
+
Use rolling updates or blue-green deployments to ensureavailability.
Example:
Gradually replace instances in an auto-scaling group withthe new version.
How do you debug Jenkins pipeline is sues inreal-time
+
Use console logs and debug flags in pipeline steps. Example: Add set -x to
shell
commands fordetailed debugging.
How do you handle agent dis connect is sues during
builds
+
Implement retry logic and configure robust reconnect settings. Example:
Auto-restart
agents if they dis connect due to resourceconstraints.
How do you implement pipeline-as-code in Jenkins
+
Store Jenkinsfiles in the source code repository forversion-controlled
pipelines.
Example: Use checkout scm to pull theJenkinsfile from Git.
How do you integrate Jenkins with GitOps workflows
+
Use tools like ArgoCD or Flux in combination with Jenkins forGitOps.
Example:
Trigger a deployment when changes are committed to a Gitrepository.
How do you implement feature toggles in
Jenkinspipelines
+
Use environment variables or configuration files to toggle featuresduring
deployment. Example: Use a parameter in the pipeline to enable or dis able a
specific feature: if (params.ENABLE_FEATURE_X) { sh 'deploy-feature-x.sh' }
How do you automate multi-branch testing in Jenkins
+
Use multibranch pipelines to automatically detect and run tests onnew
branches.
Example: Configure branch-specific Jenkinsfiles to define uniquetesting
workflows.
How do you manage dependency trees in Jenkins for
largeprojects
+
Use build tools like Maven or Gradle with dependency managementfeatures.
Example:
Trigger dependent builds using the Parameterized Trigger plugin.
How do you build microservices with interdependencies
in
Jenkins
+
Use a parent pipeline to trigger builds for dependent microservicesin the
correct
order. Example: Build Service A, then trigger builds for Services B and
C,which
depend on it.
How do you deploy multiple services using Jenkins
inparallel
+
Use the parallel directive in a declarativepipeline. Example: Deploy
frontend,
backend, and database servicessimultaneously.
How do you sequence dependent service deployments in
Jenkins
+
Use pipeline stages with proper dependencies defined. Example: Deploy a
database
schema before deploying the backendservice.
How do you enforce code scanning in Jenkinspipelines
+
Integrate tools like Snyk, Checkmarx, or OWASPDependency-Check. Example: Add
a stage
to scan for vulnerabilities in dependencies andfail the build on
high-severity is
sues.
How do you prevent unauthorized pipeline modifications
+
Use Git repository branch protections and Jenkins accesscontrols. Example:
Require
pull requests to be reviewed before updatingJenkinsfiles in main .
How do you manage Jenkins jobs for legacy systems
+
Use parameterized freestyle jobs or convert them into pipelines forbetter
flexibility. Example: Migrate a job using shell scripts into a
scriptedpipeline.
How do you ensure compatibility between Jenkins and
legacy build tools
+
Use custom scripts or Dockerized environments that mimic the legacysystem.
Example:
Run builds in a container with legacy dependenciespre-installed.
How do you store and retrieve pipeline artifacts
inJenkins
+
Use the Archive the Artifacts plugin or storeartifacts in a dedicated
repository
like Nexus or Artifactory. Example: Archive build logs and binaries for
debugging
andauditing.
How do you handle large artifact storage in Jenkins
+
Use external storage solutions like S3 or Azure Blob Storage. Example:
Upload
artifacts to an S3 bucket as part of the post-buildstep.
How do you trigger Jenkins builds based on Git
tagcreation
+
Configure webhooks to trigger jobs when a tag is created. Example: Trigger a
release
pipeline for tags matching the pattern v* .
How do you implement Git submodule handling in Jenkins
+
Enable submodule support in the Git plugin configuration. Example: Clone and
update
submodules automatically during thecheckout process.
How do you implement cross-browser testing inJenkins
+
Use tools like Selenium Grid or BrowserStack for browsercompatibility
testing.
Example: Run tests across Chrome, Firefox, and Safari in parallelstages.
How do you manage test environments dynamically in
Jenkins
+
Use Docker or Kubernetes to spin up test environments during
pipelineexecution.
Example: Deploy test environments using Helm charts and tear themdown after
tests.
How do you customize notifications for specific
pipelinestages
+
Use conditional logic to send stage-specific notifications. Example: Notify
the QA
team only when the test stage fails.
How do you integrate Jenkins with Microsoft Teams for
notifications
+
Use a webhook to send notifications to Teams channels. Example: Post
pipeline
results to a Teams channel using a curl command.
How do you optimize Jenkins pipelines for
Docker-basedapplications
+
Use Docker caching and multis tage builds to speed up builds. Example: Build
and
push Docker images only if code changes aredetected.
How do you deploy containerized applications using
Jenkins
+
Use Kubernetes manifests or Docker Compose files in pipelinescripts.
Example: Deploy
to Kubernetes using kubectlapply .
How do you debug failed Jenkins jobs effectively
+
Analyze logs, enable debug mode, and rerun failing stepslocally. Example:
Use sh
'set -x' inpipeline steps to trace shell command execution.
How do you handle intermittent pipeline failures
+
Use retry mechanis ms and investigate logs to identify flakycomponents.
Example:
Retry a step with a maximum of three attempts: retry(3) { sh
'flaky-command.sh' }
How do you implement blue-green deployments in
Jenkinspipelines
+
Use separate environments for blue and green, then switch trafficusing a
load
balancer. Example: Deploy the new version to the green environment, test it,
and
redirect traffic from blue to green .
How do you roll back a blue-green deployment
+
Switch traffic back to the stable environment (e.g., blue ) in case of is
sues.
Example: Update load balancer settings to point to the previousversion.
How do you standardize pipeline templates for
multipleprojects
+
Use Jenkins Shared Libraries to define reusable pipelinefunctions. Example:
Define a
buildAndDeploy function forconsis tent CI/CD across projects.
How do you parameterize pipeline templates for
different
use cases
+
Use pipeline parameters to customize behavior dynamically. Example: Use a
DEPLOY_ENV
parameter to specifythe target environment.
How do you monitor long-running builds in Jenkins
+
Use the Build Monitor plugin or integrate with external monitoringtools.
Example:
Set up alerts for builds exceeding a specificduration.
How do you identify agents with high resource usage
+
Use the Monitoring plugin or analyze system metrics. Example: Identify
agents with
CPU or memory spikes duringbuilds.
How do you audit Jenkins pipelines for
regulatorycompliance
+
Use plugins like Audit Trail to log all pipeline changes andexecutions.
Example:
Ensure every production deployment is traceable with anaudit log.
How do you enforce compliance checks in Jenkins
pipelines
+
Integrate with compliance tools like HashiCorp Sentinel or customscripts.
Example:
Fail the pipeline if IaC templates do not meet compliancerequirements.
How do you configure Jenkins for auto-scaling in
cloudenvironments
+
Use Kubernetes or AWS plugins to dynamically scale agents based onthe build
queue.
Example: Configure a Kubernetes pod template to spin up agents ondemand.
How do you balance workloads in a dis tributed Jenkins
setup
+
Use node labels and assign jobs based on agent capabilities. Example: Assign
resource-intensive builds to high-memoryagents.
How do you analyze build success rates in Jenkins
+
Use the Build His tory Metrics plugin or integrate with externalanalytics
tools.
Example: Generate reports showing success and failure trends overtime.
How do you track pipeline execution times across
multiple jobs
+
Use the Pipeline Stage View plugin to vis ualize executiontimes. Example:
Identify
stages with consis tently high executiontimes.
How do you implement canary deployments in
Jenkinspipelines
+
Deploy updates to a small percentage of instances or users first,then
gradually
increase. Example: Route 5% of traffic to the new version using feature
flagsor load
balancer rules.
How do you deploy serverless applications using
Jenkins
+
Use CLI tools like AWS SAM or Azure Functions Core Tools. Example: Deploy a
Lambda
function using aws lambdaupdate-function-code .
How do you handle a Jenkins master node running out of
dis kspace
+
Clean up old build logs, artifacts, and workspace directories.Example: Use a
script
to automate periodic cleanup: find $JENKINS_HOME/workspace -type d -mtime
+30 -exec
rm -rf {}\;
How do you address slow Jenkins startup times
+
Optimize plugins by removing unused ones and upgrading to newerversions.
Example:
Use the Pipeline Speed/Durability Settings for lightweight pipeline
executions.
How do you migrate from Jenkins to a modern CI/CDtool
+
Export pipelines, convert them to the new tool's format, andtest the
migrated
workflows. Example: Migrate from Jenkins to GitHub Actions using
YAML-basedworkflows.
How do you ensure Jenkins pipelines remain
future-proof
+
Regularly update plugins, adopt new best practices, and refactoroutdated
pipelines.
Example: Transition from freestyle jobs to declarative pipelines forbetter
maintainability.
How would you design a Jenkins setup for a
large-scaleenterpris e application with multiple teams
+
Design a master-agent architecture where the master handlesscheduling and
orchestrating jobs, and agents execute jobs. Use dis tributed builds by
configuring
Jenkins agents ondifferent machines or containers. Implement folder-based
multi-tenancy to is olate pipelines foreach team. Secure the Jenkins setup
using
role-based access control(RBAC). Example: Team A has access to Folder A with
restrictedpipeline vis ibility, while the master node ensures no resource
contention.
How can you scale Jenkins to handle high build loads
+
Use Kubernetes-based Jenkins agents that scale dynamicallybased on workload.
Implement build queue monitoring and optimize resourceallocation by
offloading
non-critical jobs to low-priority nodes. Use Jenkins Operations Center
(CloudBees
CI) for centralizedmanagement of multiple Jenkins instances.
How do you manage plugins in a Jenkins environment to
ensure stability
+
Maintain a lis t of approved plugins after testingcompatibility with the
Jenkins
version. Regularly update plugins in a staging environment beforerolling
them into
production. Example: While upgrading the Git plugin, test it with
yourpipelines in
staging to ensure no dis ruption.
How do you design a Jenkins pipeline to support
multipleenvironments (e.g., Dev, QA, Prod)
+
Use parameterized pipelines where environment-specificconfigurations (e.g.,
URLs,
credentials) are passed as parameters. Implement environment-specific stages
or
branch-specificpipelines. Example: A pipeline that promotes a build from Dev
to QA
andthen to Prod using approval gates between stages.
How can you handle dynamic branch creation in Jenkins
pipelines
+
Use multibranch pipelines that automatically detect newbranches in a
repository and
create pipelines for them. Configure the Jenkinsfile in each branch to
define
itspipeline behavior.
How do you ensure pipeline resilience in case of
intermittent failures
+
Use retry blocks in declarative orscripted pipelines to retry failed stages.
Example: Retrying a flaky test stage three times withexponential backoff.
Implement
conditional steps using catchError to handle failures gracefully.
How do you secure sensitive credentials in
Jenkinspipelines
+
Use the Jenkins Credentials plugin to store secrets securely. Access
credentials
using environment variables or bindings inthe pipeline. Example: Fetch an
API key
stored in Jenkins credentials using withCredentials in a scripted pipeline.
How do you enforce role-based access control(RBAC) in
Jenkins
+
Use the Role-Based Authorization Strategy plugin. Define roles like Admin,
Developer, and Viewer, and assignpermis sions for jobs, folders, and builds
accordingly.
How do you integrate Jenkins with Docker for
buildingand
deploying applications
+
Use the Docker plugin or Docker Pipeline plugin. Example: Build a Docker
image in
the pipeline using docker.build and push it to a container regis try. Run
tests in
ephemeral Docker containers for consis tent testenvironments.
How do you integrate Jenkins with a Kubernetes cluster
for deployments
+
Use the Kubernetes plugin or kubectl commands in the pipeline. Example: Use
a
Kubernetes pod template with custom containersfor builds, then deploy
applications
using kubectl apply .
How can you reduce the build time of a Jenkinsjob
+
Use parallel stages to execute independent taskssimultaneously. Example:
Parallelize
static code analysis , unit tests, andintegration tests. Use build caching
mechanis
ms like Docker layer caching ordependency caching.
How do you optimize Jenkins for CI/CD pipelines with
heavy test loads
+
Split tests into smaller batches and run them in parallel. Use sharding for
dis
tributed test execution across multipleagents. Example: Divide a 10,000-test
suite
into 10 shards anddis tribute them across agents.
What would you do if a Jenkins job hangsindefinitely
+
Check the Jenkins build logs for deadlocks or resourcecontention. Restart
the agent
where the build is stuck, if needed. Example: A job stuck in docker build
could
indicate Docker daemon is sues; restart the Docker service.
How do you troubleshoot a Jenkins job that keeps
failing
at the same step
+
Analyze the console output to identify the error message. Check for
environmental is
sues like mis sing dependencies orincorrect permis sions. Example: A Maven
build
failing due to repository connectivitymight require checking proxy
configurations.
How do you implement manual approval gates in
Jenkinspipelines
+
Use the input step in a declarativepipeline. Example: Add an approval step
before
deploying to production.Only after manual confirmation does the pipeline
proceed.
How do you handle blue-green deployments in Jenkins
+
Create separate pipelines for blue and green environments. Route traffic to
the new
environment after successfuldeployment and health checks. Example: Use AWS
Route53
or Kubernetes Ingress to switchtraffic seamlessly.
How do you monitor Jenkins build trends
+
Use the Build His tory and Build Monitor plugins. Example: Vis ualize
pass/fail
trends over time to identifyflaky tests.
How do you notify teams about build failures
+
Use the Email Extension or Slack Notification plugins. Example: Configure a
Slack
webhook to notify the #build-alerts channel upon failure.
How do you manage monorepos in Jenkinspipelines
+
Use sparse checkouts to fetch only the required directories. Example:
Trigger
pipelines based on changes in specificsubdirectories using the dir parameter
in Git.
How do you handle merge conflicts in a Jenkins
pipeline
+
Use Git pre-merge hooks or resolve conflicts locally and pushthe updated
code.
Example: A pipeline can fetch both source and target branches,merge them in
a
temporary branch, and check for conflicts.
How do you trigger a Jenkins pipeline from
anotherpipeline
+
Use the build step in a scripted or declarativepipeline to trigger another
pipeline.
Example: Pipeline A builds the application, and Pipeline B deploysit.
Pipeline A
calls Pipeline B using build(job:'Pipeline-B', parameters: [string(name:
'version',value: '1.0')]) .
How do you handle shared libraries in Jenkins
pipelines
+
Use the Global Shared Libraries feature inJenkins. Example: Create reusable
Groovy
functions for common tasks (e.g.,linting, packaging) and call them in
pipelines
using @Library('my-library') .
How do you implement conditional logic in Jenkins
pipelines
+
Use when in declarative pipelines or if statements in scripted pipelines.
Example:
Skip deployment if the branch is not main using when { branch 'main' } .
How do you handle job failures in a Jenkins pipeline
+
Use the catchError block to handle errorsgracefully. Example: catchError {
sh
'some-failing-command' } echo 'Handled the failure and proceeding.'
What would you do if a Jenkins master node crashes
+
Restore the master node from backups. Use Jenkins’ thinBackup or a similar
plugin
for automatedbackups. Example: After restoration, ensure the plugins and
configuration aresynchronized.
How do you restart a failed Jenkins pipeline from a
specific stage
+
Enable the Restart from Stage feature in theJenkins declarative pipeline.
Example:
If the Deploy stage fails, restart thepipeline from that stage without re-
executing
previous stages.
How do you integrate Jenkins with SonarQube for code
qualityanalysis
+
Use the SonarQube Scanner plugin. Example: Add a stage in the pipeline to
run
sonar-scanner and publis h results to the SonarQubeserver.
How do you enforce code coverage thresholds in Jenkins
pipelines
+
Use tools like JaCoCo or Cobertura and configure the build to fail
ifthresholds are
not met. Example: jacoco(execPattern: '**/jacoco.exec',
minimumBranchCoverage: '80')
How do you implement parallelis m in Jenkinspipelines
+
Use the parallel directive in declarativepipelines or parallel block in
scripted
pipelines. Example: Run unit tests , integration tests , and linting
inparallel
stages.
How do you optimize resource utilization in Jenkins
+
Use lock to manage resource contention. Example: Limit concurrent jobs
accessing a
shared environment using lock('resourceName') .
How do you run Jenkins jobs in a Docker container
+
Use the docker block in declarativepipelines. Example: agent { docker {
image
'node:14' } }
How do you ensure consis tent environments for Jenkins
builds
+
Use Docker images to define build environments. Example: Use a prebuilt
image with
all dependencies pre-installed forfaster builds.
How do you integrate Jenkins with AWS for CI/CD
+
Use the AWS CLI or AWS-specific Jenkins plugins. Example: Deploy an
application to
S3 using aws s3 cp commands in the pipeline.
How do you configure Jenkins to deploy to Azure
Kubernetes Service (AKS)
+
Use kubectl commands with AKS credentialsstored in Jenkins credentials.
Example:
Deploy manifests using sh 'kubectl apply-f k8s.yaml' .
How do you trigger a Jenkins job when a file changes
inGit
+
Use GitHub or Bitbucket webhooks configured with the Jenkinsjob. Example: A
webhook
triggers the job only for changes in a specificfolder by setting path
filters.
How do you schedule periodic builds in Jenkins
+
Use the Build periodically option or cron syntax in pipeline scripts.
Example:
Schedule a nightly build using H 0 * ** .
How do you audit build logs and job execution
inJenkins
+
Enable the Audit Trail plugin to track user actions. Example: View changes
made to
jobs, builds, and plugins.
How do you implement compliance checks in Jenkins
pipelines
+
Integrate with tools like OpenSCAP or custom scripts for
compliancevalidation.
Example: Validate infrastructure as code (IaC) templates forcompliance
before
deployment.
How do you manage build artifacts in Jenkins
+
Use the Archive the artifacts post-buildstep. Example: Store JAR files and
logs for
future reference using archiveArtifacts artifacts: 'build/*.jar' .
How do you publis h artifacts to a repository like
Nexus
or Artifactory
+
Use Maven/Gradle plugins or REST APis for publis hing. Example: Push aJAR
file to
Nexus with: sh 'mvn deploy'
How do you notify a team about pipeline status
+
Use Slack or Email plugins for notifications. Example: Notify Slackon
success or
failure with: slackSend channel: '#builds', message:
"Build#${env.BUILD_NUMBER}
${currentBuild.result}"
How do you send detailed build reports via email in
Jenkins
+
Use the Email Extension plugin and configure templates for detailedreports.
Example:
Include build logs and test results in the email.
How do you back up Jenkins configurations
+
Use the thinBackup plugin or manual backup of $JENKINS_HOME . Example:
Automate
backups nightly and store them in a secure locationlike S3.
How do you recover a Jenkins instance from backup
+
Restore the $JENKINS_HOME directory from thebackup and restart Jenkins.
Example:
After restoration, validate all jobs and credentials.
How do you implement feature flags in Jenkinspipelines
+
Use environment variables or external tools like LaunchDarkly. Example: A
feature
flag determines whether to deploy the featurebranch.
How do you integrate Jenkins with a database for
testing
+
Spin up a database container or use a preconfigured testdatabase. Example:
Use
Docker Compose to bring up a MySQL container beforerunning tests.
How do you manage long-running jobs in Jenkins
+
Break them into smaller jobs or stages to allow checkpoints. Example: Use
timeout to
terminate excessivelylong builds.
What would you do if Jenkins pipelines start failing
intermittently
+
Investigate resource constraints, flaky tests, or networkis sues. Example:
Monitor
agent logs and rebuild affected stages.
How do you manage Jenkins jobs for multiple branches
in
a monorepo
+
Use multibranch pipelines or branch-specific Jenkinsfiles.
How do you handle cross-team collaboration in Jenkins
pipelines
+
Use shared libraries for reusable code and maintain a central
Jenkinsgovernance
team.
How do you manage Jenkins agents in a dynamic
cloudenvironment
+
Use a cloud provider plugin (e.g., Amazon EC2 or Kubernetes). Example:
Configure
Kubernetes-based agents to dynamically spin uppods based on job demands.
How do you limit the number of concurrent builds for a
Jenkins job
+
Use the Throttle Concurrent Builds plugin. Example: Set a limit of two
builds per
agent to avoid resourcecontention.
How do you optimize Jenkins for large-scale builds
with
limited hardware
+
Use build labels to dis tribute specific jobs to the rightagents. Example:
Assign
resource-intensive builds to high-capacity agentswith labels like high_mem .
How do you implement custom notifications in
Jenkinspipelines
+
Use a custom script to send notifications via APis . Example: Integrate with
Microsoft Teams by using their webhook API tosend custom alerts.
How do you alert stakeholders only on critical build
failures
+
Use conditional steps in pipelines to send notifications based onfailure
type.
Example: Notify stakeholders if the failure occurs in the Deploy stage.
How do you manage dependencies in a Jenkins
CI/CDpipeline
+
Use dependency management tools like Maven, Gradle, or npm. Example: Use a
package.json or pom.xml file to ensure consis tent dependencies
acrossbuilds.
How do you handle dependency conflicts in a Jenkins
build
+
Use dependency resolution features of tools like Maven orGradle. Example:
Exclude
transitive dependencies causing conflicts in the pom.xml .
How do you debug Jenkins pipeline failureseffectively
+
Enable verbose logging for specific stages or commands. Example: Use sh 'set
-x
&&your-command' for detailed command output.
How do you log custom messages in Jenkins pipelines
+
Use the echo step in declarative or scriptedpipelines. Example: echo
"Starting
deployment toenvironment: ${env.ENV_NAME}" .
How do you monitor Jenkins server health
+
Use the Monitoring plugin or external toolslike Prometheus and Grafana.
Example:
Monitor JVM memory, dis k usage, and thread activity usingPrometheus
exporters.
How do you set up Jenkins alerts for high resource
usage
+
Integrate Jenkins with monitoring tools like Nagios orDatadog. Example:
Trigger an
alert if CPU usage exceeds 80% duringbuilds.
How do you set up pipelines to work on multiple
operatingsystems
+
Use agent labels to target specific platforms (e.g., linux , windows ).
Example: Run
tests on both Linux and Windows agents using parallelstages.
How do you ensure portability in Jenkins pipelines
across environments
+
Use containerized builds with Docker for a consis tent runtime. Example:
Build and
test the application in the same Dockerimage.
How do you create custom build steps in Jenkins
+
Use the Pipeline Utility Steps plugin or write custom Groovyscripts.
Example: Create
a step to clean the workspace, fetch dependencies,and run tests.
How do you extend Jenkins functionality with custom
plugins
+
Develop a custom Jenkins plugin using the Jenkins Plugin DevelopmentKit
(PDK).
Example: A plugin to integrate Jenkins with a proprietarydeployment system.
How do you integrate Jenkins with performance testing
tools likeJMeter
+
Use the Performance Plugin to parse JMeter results. Example: Trigger a
JMeter
script, then analyze results withthresholds for build pass/fail criteria.
How do you fail a Jenkins build if performance metrics
are below expectations
+
Add a stage to validate performance metrics against predefinedthresholds.
Example:
Fail the build if response time exceeds 500ms.
How do you trigger a Jenkins job based on an external
event (e.g., anAPI call)
+
Use the Jenkins Remote Trigger URL with an API token. Example: Trigger a job
using
curl -XPOST
+
/job/ /buildtoken= .
How do you schedule a Jenkins job to run only on
specific days
+
Use a cron expression in the Build periodically field. Example: Schedule a
job for
Mondays and Fridays using H H * * 1,5 .
How do you use Jenkins to automate databasemigrations
+
Integrate with tools like Flyway or Liquibase. Example: Add a pipeline stage
to run
migration scripts beforedeployment.
How do you verify database changes in a Jenkins
pipeline
+
Add a test stage to validate schema changes or dataconsis tency. Example:
Run SQL
queries to ensure migration scripts worked asexpected.
How do you secure Jenkins pipelines from
maliciousscripts
+
Use sandboxed Groovy scripts and validate third-partyJenkinsfiles. Example:
Use a
code review process for external contributions.
How do you protect sensitive information in Jenkins
logs
+
Mask sensitive information using the Mask Passwords plugin. Example: API
keys are
replaced with **** inlogs.
How do you implement versioning in Jenkins pipelines
+
Use build numbers or Git tags for versioning. Example: Generate a version
like
1.0.${BUILD_NUMBER} during the build process.
How do you automate release tagging in Jenkins
+
Use git tag commands in the pipeline. Example: Add a post-build step to tag
the
release and push it to therepository.
How do you fix "agent offline" is sues inJenkins
+
Verify network connectivity, agent logs, and master-agentconfigurations.
Example:
Check if the agent process has permis sions to connect to themaster.
What would you do if Jenkins fails to fetch code from
a
Git repository
+
Check Git plugin configurations, repository URL, and accesscredentials.
Example:
Verify that the SSH key used by Jenkins is valid.
How do you implement canary deployments in Jenkins
+
Deploy a small percentage of traffic to the new version and monitorbefore
full
rollout. Example: Use a custom script or plugin to automate trafficshifting.
How do you automate rollback in Jenkins pipelines
+
Maintain a record of previous deployments and redeploy the lastsuccessful
build.
Example: Use a rollback stage that fetchesartifacts of the previous version.
How do you ensure Jenkins pipelines are maintainable
+
Use shared libraries, modular pipelines, and cleardocumentation. Example:
Abstract
repetitive tasks like linting or packaging intoshared library functions.
How do you handle Jenkins updates in a production
environment
+
Test updates in a staging environment before applying them toproduction.
Example:
Validate that plugins are compatible with the new Jenkinsversion.
How do you handle long-running builds inJenkins
+
Use timeout steps to terminate excessive runtimes. Example: Fail the build
if it
exceeds 2 hours.
How do you prioritize critical jobs in Jenkins
+
Assign higher priority to critical jobs using the Priority Sorterplugin.
Example:
Ensure deployment jobs are always queued before non-criticalones.
How do you build and test multiple modules of a
monolithicapplication in Jenkins
+
Use a multi-module build system like Maven or Gradle to compile andtest each
module
independently. Example: Add stages in the pipeline to build, test, and
packagemodules sequentially or in parallel.
How do you configure Jenkins to build microservices
independently
+
Use separate pipelines for each microservice. Example: Trigger the build of
a
specific microservice based onchanges in its folder using the path parameter
inmultibranch pipelines.
How do you integrate Jenkins with Selenium for
UItesting
+
Use the Selenium WebDriver and Jenkins Selenium plugin. Example: Add a stage
in the
pipeline to run Selenium test scripts ona dedicated test environment.
How do you fail a Jenkins build if tests fail
intermittently
+
Use the retry block to re-run flaky tests alimited number of times. Example:
Fail
the build after three retries if the tests continue tofail.
How do you pass parameters dynamically to a
Jenkinspipeline
+
Use parameterized builds and populate parameters dynamically througha
script.
Example: Use the active choice plugin topopulate a dropdown with values
fetched from
an API.
How do you create matrix builds in Jenkins
+
Use the Matrix plugin or a declarative pipeline with matrix stages. Example:
Test an
application on multiple OS and Java versions.
How do you back up and restore Jenkins jobs
+
Back up the $JENKINS_HOME/jobs directory. Example: Automate backups using a
cron job
or tools like thinBackup .
What steps would you follow to restore Jenkins jobs
from
backup
+
Stop Jenkins, copy the backed-up job configurations to the
$JENKINS_HOME/jobs
directory, and restart Jenkins. Example: Verify job configurations and
plugin
dependenciespost-restoration.
How do you use Jenkins to validate Infrastructure as
Code(IaC)
+
Integrate tools like Terraform or CloudFormation with Jenkinspipelines.
Example: Add
a stage to validate Terraform plans using terraform validate .
How do you implement automated provis ioning using
Jenkins
+
Use Jenkins to trigger Terraform or Ansible scripts for provis
ioninginfrastructure.
Example: Provis ion an AWS EC2 instance and deploy an application onit as
part of
the pipeline.
How do you test across multiple environments
simultaneously inJenkins
+
Use parallel stages in declarative pipelines. Example: Run tests on Dev, QA,
and
Staging environments inparallel.
How do you configure Jenkins to run parallel builds
for
multiple branches
+
Use multibranch pipelines to detect and execute builds for allbranches.
Example:
Each branch builds independently in its pipeline.
How do you securely pass secrets to a Jenkins job
+
Use the Credentials plugin to inject secrets into the pipeline.Example: Use
withCredentials to pass a secret API key to ashell script:
withCredentials([string(credentialsId: 'api-key', variable:'API_KEY')]) { sh
'curl
-H "Authorization: $API_KEY"https://api.example.com' }
How do you audit the usage of credentials in Jenkins
+
Enable auditing through the Audit Trail plugin and monitor credentialusage
logs.
Example: Identify unauthorized access to sensitivecredentials.
How do you manage a situation where a Jenkins job is
stuckindefinitely
+
Identify the is sue by reviewing the build logs and system resourceusage.
Example:
Terminate the stuck process on the agent and re-trigger thejob.
How do you handle pipeline execution that consumes
excessive resources
+
Use resource quotas or throttle settings tolimit resource usage. Example:
Assign
builds to low-resource agents for non-criticaljobs.
How do you implement multi-cloud deployments
usingJenkins
+
Configure multiple cloud credentials and deploy to each
providerconditionally.
Example: Deploy to AWS, Azure, and GCP using environment-specificdeployment
scripts.
How do you monitor Jenkins pipeline performance
+
Use plugins like Build Monitor, Prometheus, or Performance Publis herto
track
performance metrics. Example: Analyze pipeline execution time trends to
optimize
slowstages.
How do you generate build trend reports in Jenkins
+
Use the Test Results Analyzer or Dashboard View plugin. Example: Vis ualize
the
number of passed, failed, and skipped testsover time.
How do you create dynamic stages in a Jenkinspipeline
+
Use Groovy scripting in a scripted pipeline to define stagesdynamically.
Example:
Loop through a lis t of services and create a build stage foreach.
How do you dynamically load environment configurations
in Jenkins
+
Use configuration files stored in a repository or as a Jenkins
sharedlibrary.
Example: Load environment-specific variables from a JSON file duringthe
pipeline
execution.
How do you implement build caching in Jenkinspipelines
+
Use tools like Docker cache or Gradle/Maven build caches. Example: Use a
shared
cache directory for dependencies acrossbuilds.
How do you handle incremental builds in Jenkins
+
Configure the pipeline to build only the modified components usingtools like
Git
diff. Example: Trigger builds for only the microservices that havechanged.
How do you set up Jenkins for multitenant usage
acrossteams
+
Use folders, RBAC, and dedicated agents for each team. Example: Team A and
Team B
have separate folders with is olatedpipelines and credentials.
How do you handle conflicts when multiple teams use
shared Jenkins resources
+
Use the Lockable Resources plugin to serializeaccess to shared resources.
Example:
Ensure only one team can deploy to the staging environmentat a time.
How do you recover a pipeline that fails due to a
transientis sue
+
Use retry blocks to automatically retry thefailed step. Example: Retry a
deployment
step up to three times if it fails due tonetwork is sues.
How do you resume a pipeline after fixing an error
+
Use the Restart from Stage feature indeclarative pipelines. Example: Resume
the
pipeline from the Deploy stage after fixing a configuration is sue.
How do you integrate Jenkins with JIRA for is
suetracking
+
Use the JIRA plugin to update is sue status automatically after abuild.
Example:
Transition a JIRA ticket to "In Progress" when thebuild starts.
How do you integrate Jenkins with a service bus or
message queue
+
Use custom scripts or plugins to publis h messages to RabbitMQ, Kafka,or AWS
SQS.
Example: Notify downstream systems after a successful deployment bysending a
message
to a queue.
How do you use Jenkins to build and test
containerizedapplications
+
Use the Docker Pipeline plugin to build and test images. Example: Build a
Docker
image in one stage and run tests in acontainerized environment in the next
stage.
How do you manage container orchestration with Jenkins
+
Use Kubernetes or Docker Compose to orchestrate multi-containerenvironments.
Example: Deploy an application and database containers together
forintegration
tests.
How do you allocate specific agents for
certainpipelines
+
Use agent labels in the pipeline configuration. Example: Assign a pipeline
to the
high-memory agent for resource-intensive builds.
How do you ensure efficient resource utilization
across
Jenkins agents
+
Use the Load Balancer plugin or Jenkins Cloud Agents for dynamicscaling.
Example:
Scale down idle agents during off-peak hours.
How do you manage Jenkins configurations
acrossenvironments
+
Use tools like Jenkins Configuration as Code (JCasC) or custom
Groovyscripts.
Example: Use a YAML configuration file to define jobs, credentials,
andplugins.
How do you version controlJenkins jobs and pipelines
+
Store pipeline scripts in a Git repository. Example: Use Jenkinsfiles to
define
pipelines, making them portableand traceable.
How do you implement rolling deployments withJenkins
+
Deploy updates incrementally to a subset of servers or pods. Example: Update
10% of
the pods in Kubernetes before proceeding tothe next batch.
How do you automate blue-green deployments in Jenkins
+
Use separate environments for blue and green and switch traffic
post-deployment.
Example: Use a load balancer to toggle between environments aftersuccessful
tests.
How do you integrate Jenkins with API testing tools
likePostman
+
Use Newman (Postman CLI) in the pipeline to executecollections. Example: Run
newman
run collection.json in atest stage.
How do you handle test data for automated testing in
Jenkins
+
Use environment variables or configuration files to provide testdata.
Example: Pass
database credentials as environment variables duringtest execution.
How do you automate release notes generation inJenkins
+
Use a custom script or plugin to fetch Git commit messages or JIRAupdates.
Example:
Generate release notes from commits tagged with [release] .
How do you implement versioning in a CI/CD pipeline
+
Use Git tags or build numbers to version artifacts. Example: Create a
version string
like 1.0.${BUILD_NUMBER} for every build.
What steps would you take if Jenkins builds suddenly
start failingacross all jobs
+
Check global configurations, credentials, and plugin updates. Example:
Investigate
whether a recent plugin update causedcompatibility is sues.
How do you handle Jenkins agent dis connections during
builds
+
Configure a reconnect strategy or reassign the job to anotheragent. Example:
Use a
script to auto-restart dis connected agents.
How do you design pipelines to handle varying
deploymentstrategies
+
Use parameters to define the deployment type (e.g., rolling,canary).
Example: A
pipeline prompts the user to select the strategy beforedeployment.
How do you configure pipelines for multiple repository
triggers
+
Use a webhook aggregator to trigger the pipeline for changes inmultiple
repositories. Example: Trigger a build when changes are made to either the
frontendor backend repositories.
How do you ensure compliance with Jenkins pipelines
+
Use tools like SonarQube for code quality checks and enforce policieswith
shared
libraries. Example: Ensure every pipeline includes a security scan stage.
How do you audit pipeline execution in Jenkins
+
Use the Audit Trail plugin to track changes and executionhis tory. Example:
Identify
who triggered a job and when.
How do you set up Jenkins for high availability
+
Use a clustered setup with multiple Jenkins masters and sharedstorage.
Example:
Configure an NFS share for $JENKINS_HOME to ensure consis tency across
masters.
What’s your approach to restoring Jenkins from a dis
aster
+
Restore configurations and data from backups, then validate pluginsand jobs.
Example: Use thinBackup to quickly recover Jenkins data.
How do you implement Jenkins backups for
criticalenvironments
+
Use tools like thinBackup or JenkinsConfiguration as Code (JCasC) to back up
configurations, jobs, and plugins.Automate the process with cron jobs or
scripts.
Example: Automate daily backups of the $JENKINS_HOME directory and store
them on S3
or a secure location.
What strategies do you recommend for Jenkins dis aster
recovery
+
Use a secondary Jenkins instance as a standby master with replicateddata.
Example:
Periodically sync $JENKINS_HOME between primary and standby instances and
use a load
balancer forfailover.
How do you handle consis tent build failures caused by
flakytests
+
Identify flaky tests using test reports and is olate them intoseparate test
suites.
Example: Retry only the flaky tests multiple times in a dedicatedpipeline
stage.
What would you do if builds fail due to resource
exhaustion
+
Optimize resource allocation by reducing the number of concurrentbuilds or
increasing system capacity. Example: Add more Jenkins agents or limit
concurrent
jobs with theThrottle Concurrent Builds plugin.
How do you manage environment-specific variables in
Jenkinspipelines
+
Use environment variables defined in the Jenkinsfile or
externalconfiguration files.
Example: Load environment-specific files based on the selected parameter
using: def
config = readYaml file: "config/${env.ENVIRONMENT}.yaml"
How do you handle multi-environment deployments in a
single pipeline
+
Use declarative pipeline stages with conditional logic for
differentenvironments.
Example: Deploy to QA, Staging, and Production in sequence withmanual
approval gates
for Staging and Production.
How do you reduce pipeline execution time for
largeapplications
+
Use parallel stages, build caching, and pre-configuredenvironments. Example:
Parallelize unit tests, integration tests, and static codeanalysis stages.
How do you identify and fix bottlenecks in Jenkins
pipelines
+
Use performance plugins or monitor logs to detect slow stages. Example:
Split a
long-running build stage into smaller tasks oroptimize resource- intensive
scripts.
How do you ensure reproducibility in containerized
Jenkinspipelines
+
Use Docker images with all required dependenciespre-installed. Example:
Build and
test Node.js applications using a custom Docker image: agent { docker {
image
'custom-node:14' } }
How do you handle container orchestration in Jenkins
pipelines
+
Use Kubernetes plugins or tools like Helm for deploying and
managingcontainers.
Example: Deploy a Helm chart to Kubernetes as part of thepipeline.
How do you manage shared Jenkins resources across
multipleteams
+
Use the Folder and Role-Based Authorization Strategy plugins tois olate
team-
specific configurations. Example: Each team has a dedicated folder with
restricted
access totheir jobs and agents.
How do you create reusable components for different
team
pipelines
+
Use Jenkins Shared Libraries for common functionality like deploymentscripts
or
notifications. Example: Create a shared library to send Slack notifications:
def
sendNotification(String message) { slackSend(channel:'#builds', message:
message) }
How do you secure sensitive API keys and tokens
inJenkins
+
Use the Credentials plugin to securely store and retrieve
sensitiveinformation.
Example: Use withCredentials to pass an APItoken to a pipeline:
withCredentials([string(credentialsId: 'api-token', variable:'TOKEN')]) { sh
"curl
-H 'Authorization: Bearer ${TOKEN}'https://api.example.com" }
How do you implement secure access controlfor Jenkins
users
+
Use the Role-Based Authorization Strategy plugin to define roles andpermis
sions.
Example: Admins have full access, while developers have job-specificpermis
sions.
How do you handle integration testing in
Jenkinspipelines
+
Spin up test environments using Docker or Kubernetes for is olatedtesting.
Example:
Run integration tests against a temporary database containerin a pipeline
stage.
How do you automate regression testing in Jenkins
+
Use tools like Selenium or TestNG for regression tests triggeredafter every
build.
Example: Schedule nightly builds to run a regression testsuite.
How do you customize build notifications inJenkins
+
Use plugins like Email Extension or Slack Notification with customtemplates.
Example: Include build duration and commit messages in Slacknotifications.
How do you configure Jenkins to notify specific
stakeholders
+
Use the post-build step to send notifications to different recipientsbased
on
pipeline results. Example: Notify developers on failure and QA on success.
How do you integrate Jenkins with Terraform for
IaCautomation
+
Use the Terraform plugin or CLI to apply configurations. Example: Add a
stage to
validate, plan, and apply Terraformscripts.
How do you integrate Jenkins with Ansible for
configuration management
+
Trigger Ansible playbooks from the Jenkins pipeline using the Ansibleplugin
or CLI.
Example: Use ansiblePlaybook to deployconfigurations to a server.
How do you horizontally scale Jenkins to handle
highworkloads
+
Add multiple agents and dis tribute builds using labels or nodeaffinity.
Example:
Use Kubernetes agents to dynamically scale based on thebuild queue.
How do you optimize Jenkins for a dis tributed build
environment
+
Use dis tributed agents with pre-installed dependencies to reducesetup time.
Example: Assign resource-intensive jobs to dedicated high-performanceagents.
How do you handle multi-region deployments inJenkins
+
Use separate stages or pipelines for each region. Example: Deploy to US-East
and
EU-West regions using AWS CLIcommands.
How do you implement zero-downtime deployments in
Jenkins
+
Use rolling updates or blue-green deployments to ensureavailability.
Example:
Gradually replace instances in an auto-scaling group withthe new version.
How do you debug Jenkins pipeline is sues inreal-time
+
Use console logs and debug flags in pipeline steps. Example: Add set -x to
shell
commands fordetailed debugging.
How do you handle agent dis connect is sues during
builds
+
Implement retry logic and configure robust reconnect settings. Example:
Auto-restart
agents if they dis connect due to resourceconstraints.
How do you implement pipeline-as-code in Jenkins
+
Store Jenkinsfiles in the source code repository forversion-controlled
pipelines.
Example: Use checkout scm to pull theJenkinsfile from Git.
How do you integrate Jenkins with GitOps workflows
+
Use tools like ArgoCD or Flux in combination with Jenkins forGitOps.
Example:
Trigger a deployment when changes are committed to a Gitrepository.
How do you implement feature toggles in
Jenkinspipelines
+
Use environment variables or configuration files to toggle featuresduring
deployment. Example: Use a parameter in the pipeline to enable or dis able a
specific feature: if (params.ENABLE_FEATURE_X) { sh 'deploy-feature-x.sh' }
How do you automate multi-branch testing in Jenkins
+
Use multibranch pipelines to automatically detect and run tests onnew
branches.
Example: Configure branch-specific Jenkinsfiles to define uniquetesting
workflows.
How do you manage dependency trees in Jenkins for
largeprojects
+
Use build tools like Maven or Gradle with dependency managementfeatures.
Example:
Trigger dependent builds using the Parameterized Trigger plugin.
How do you build microservices with interdependencies
in
Jenkins
+
Use a parent pipeline to trigger builds for dependent microservicesin the
correct
order. Example: Build Service A, then trigger builds for Services B and
C,which
depend on it.
How do you deploy multiple services using Jenkins
inparallel
+
Use the parallel directive in a declarativepipeline. Example: Deploy
frontend,
backend, and database servicessimultaneously.
How do you sequence dependent service deployments in
Jenkins
+
Use pipeline stages with proper dependencies defined. Example: Deploy a
database
schema before deploying the backendservice.
How do you enforce code scanning in Jenkinspipelines
+
Integrate tools like Snyk, Checkmarx, or OWASPDependency-Check. Example: Add
a stage
to scan for vulnerabilities in dependencies andfail the build on
high-severity is
sues.
How do you prevent unauthorized pipeline modifications
+
Use Git repository branch protections and Jenkins accesscontrols. Example:
Require
pull requests to be reviewed before updatingJenkinsfiles in main .
How do you manage Jenkins jobs for legacy systems
+
Use parameterized freestyle jobs or convert them into pipelines forbetter
flexibility. Example: Migrate a job using shell scripts into a
scriptedpipeline.
How do you ensure compatibility between Jenkins and
legacy build tools
+
Use custom scripts or Dockerized environments that mimic the legacysystem.
Example:
Run builds in a container with legacy dependenciespre-installed.
How do you store and retrieve pipeline artifacts
inJenkins
+
Use the Archive the Artifacts plugin or storeartifacts in a dedicated
repository
like Nexus or Artifactory. Example: Archive build logs and binaries for
debugging
andauditing.
How do you handle large artifact storage in Jenkins
+
Use external storage solutions like S3 or Azure Blob Storage. Example:
Upload
artifacts to an S3 bucket as part of the post-buildstep.
How do you trigger Jenkins builds based on Git
tagcreation
+
Configure webhooks to trigger jobs when a tag is created. Example: Trigger a
release
pipeline for tags matching the pattern v* .
How do you implement Git submodule handling in Jenkins
+
Enable submodule support in the Git plugin configuration. Example: Clone and
update
submodules automatically during thecheckout process.
How do you implement cross-browser testing inJenkins
+
Use tools like Selenium Grid or BrowserStack for browsercompatibility
testing.
Example: Run tests across Chrome, Firefox, and Safari in parallelstages.
How do you manage test environments dynamically in
Jenkins
+
Use Docker or Kubernetes to spin up test environments during
pipelineexecution.
Example: Deploy test environments using Helm charts and tear themdown after
tests.
How do you customize notifications for specific
pipelinestages
+
Use conditional logic to send stage-specific notifications. Example: Notify
the QA
team only when the test stage fails.
How do you integrate Jenkins with Microsoft Teams for
notifications
+
Use a webhook to send notifications to Teams channels. Example: Post
pipeline
results to a Teams channel using a curl command.
How do you optimize Jenkins pipelines for
Docker-basedapplications
+
Use Docker caching and multis tage builds to speed up builds. Example: Build
and
push Docker images only if code changes aredetected.
How do you deploy containerized applications using
Jenkins
+
Use Kubernetes manifests or Docker Compose files in pipelinescripts.
Example: Deploy
to Kubernetes using kubectlapply .
How do you debug failed Jenkins jobs effectively
+
Analyze logs, enable debug mode, and rerun failing stepslocally. Example:
Use sh
'set -x' inpipeline steps to trace shell command execution.
How do you handle intermittent pipeline failures
+
Use retry mechanis ms and investigate logs to identify flakycomponents.
Example:
Retry a step with a maximum of three attempts: retry(3) { sh
'flaky-command.sh' }
How do you implement blue-green deployments in
Jenkinspipelines
+
Use separate environments for blue and green, then switch trafficusing a
load
balancer. Example: Deploy the new version to the green environment, test it,
and
redirect traffic from blue to green .
How do you roll back a blue-green deployment
+
Switch traffic back to the stable environment (e.g., blue ) in case of is
sues.
Example: Update load balancer settings to point to the previousversion.
How do you standardize pipeline templates for
multipleprojects
+
Use Jenkins Shared Libraries to define reusable pipelinefunctions. Example:
Define a
buildAndDeploy function forconsis tent CI/CD across projects.
How do you parameterize pipeline templates for
different
use cases
+
Use pipeline parameters to customize behavior dynamically. Example: Use a
DEPLOY_ENV
parameter to specifythe target environment.
How do you monitor long-running builds in Jenkins
+
Use the Build Monitor plugin or integrate with external monitoringtools.
Example:
Set up alerts for builds exceeding a specificduration.
How do you identify agents with high resource usage
+
Use the Monitoring plugin or analyze system metrics. Example: Identify
agents with
CPU or memory spikes duringbuilds.
How do you audit Jenkins pipelines for
regulatorycompliance
+
Use plugins like Audit Trail to log all pipeline changes andexecutions.
Example:
Ensure every production deployment is traceable with anaudit log.
How do you enforce compliance checks in Jenkins
pipelines
+
Integrate with compliance tools like HashiCorp Sentinel or customscripts.
Example:
Fail the pipeline if IaC templates do not meet compliancerequirements.
How do you configure Jenkins for auto-scaling in
cloudenvironments
+
Use Kubernetes or AWS plugins to dynamically scale agents based onthe build
queue.
Example: Configure a Kubernetes pod template to spin up agents ondemand.
How do you balance workloads in a dis tributed Jenkins
setup
+
Use node labels and assign jobs based on agent capabilities. Example: Assign
resource-intensive builds to high-memoryagents.
How do you analyze build success rates in Jenkins
+
Use the Build His tory Metrics plugin or integrate with externalanalytics
tools.
Example: Generate reports showing success and failure trends overtime.
How do you track pipeline execution times across
multiple jobs
+
Use the Pipeline Stage View plugin to vis ualize executiontimes. Example:
Identify
stages with consis tently high executiontimes.
How do you implement canary deployments in
Jenkinspipelines
+
Deploy updates to a small percentage of instances or users first,then
gradually
increase. Example: Route 5% of traffic to the new version using feature
flagsor load
balancer rules.
How do you deploy serverless applications using
Jenkins
+
Use CLI tools like AWS SAM or Azure Functions Core Tools. Example: Deploy a
Lambda
function using aws lambdaupdate-function-code .
How do you handle a Jenkins master node running out of
dis kspace
+
Clean up old build logs, artifacts, and workspace directories.Example: Use a
script
to automate periodic cleanup: find $JENKINS_HOME/workspace -type d -mtime
+30 -exec
rm -rf {}\;
How do you address slow Jenkins startup times
+
Optimize plugins by removing unused ones and upgrading to newerversions.
Example:
Use the Pipeline Speed/Durability Settings for lightweight pipeline
executions.
How do you migrate from Jenkins to a modern CI/CDtool
+
Export pipelines, convert them to the new tool's format, andtest the
migrated
workflows. Example: Migrate from Jenkins to GitHub Actions using
YAML-basedworkflows.
How do you ensure Jenkins pipelines remain
future-proof
+
Regularly update plugins, adopt new best practices, and refactoroutdated
pipelines.
Example: Transition from freestyle jobs to declarative pipelines forbetter
maintainability.
How would you design a Jenkins setup for a
large-scaleenterpris e application with multiple teams
+
Design a master-agent architecture where the master handlesscheduling and
orchestrating jobs, and agents execute jobs. Use dis tributed builds by
configuring
Jenkins agents ondifferent machines or containers. Implement folder-based
multi-tenancy to is olate pipelines foreach team. Secure the Jenkins setup
using
role-based access control(RBAC). Example: Team A has access to Folder A with
restrictedpipeline vis ibility, while the master node ensures no resource
contention.
How can you scale Jenkins to handle high build loads
+
Use Kubernetes-based Jenkins agents that scale dynamicallybased on workload.
Implement build queue monitoring and optimize resourceallocation by
offloading
non-critical jobs to low-priority nodes. Use Jenkins Operations Center
(CloudBees
CI) for centralizedmanagement of multiple Jenkins instances.
How do you manage plugins in a Jenkins environment to
ensure stability
+
Maintain a lis t of approved plugins after testingcompatibility with the
Jenkins
version. Regularly update plugins in a staging environment beforerolling
them into
production. Example: While upgrading the Git plugin, test it with
yourpipelines in
staging to ensure no dis ruption.
How do you design a Jenkins pipeline to support
multipleenvironments (e.g., Dev, QA, Prod)
+
Use parameterized pipelines where environment-specificconfigurations (e.g.,
URLs,
credentials) are passed as parameters. Implement environment-specific stages
or
branch-specificpipelines. Example: A pipeline that promotes a build from Dev
to QA
andthen to Prod using approval gates between stages.
How can you handle dynamic branch creation in Jenkins
pipelines
+
Use multibranch pipelines that automatically detect newbranches in a
repository and
create pipelines for them. Configure the Jenkinsfile in each branch to
define
itspipeline behavior.
How do you ensure pipeline resilience in case of
intermittent failures
+
Use retry blocks in declarative orscripted pipelines to retry failed stages.
Example: Retrying a flaky test stage three times withexponential backoff.
Implement
conditional steps using catchError to handle failures gracefully.
How do you secure sensitive credentials in
Jenkinspipelines
+
Use the Jenkins Credentials plugin to store secrets securely. Access
credentials
using environment variables or bindings inthe pipeline. Example: Fetch an
API key
stored in Jenkins credentials using withCredentials in a scripted pipeline.
How do you enforce role-based access control(RBAC) in
Jenkins
+
Use the Role-Based Authorization Strategy plugin. Define roles like Admin,
Developer, and Viewer, and assignpermis sions for jobs, folders, and builds
accordingly.
How do you integrate Jenkins with Docker for
buildingand
deploying applications
+
Use the Docker plugin or Docker Pipeline plugin. Example: Build a Docker
image in
the pipeline using docker.build and push it to a container regis try. Run
tests in
ephemeral Docker containers for consis tent testenvironments.
How do you integrate Jenkins with a Kubernetes cluster
for deployments
+
Use the Kubernetes plugin or kubectl commands in the pipeline. Example: Use
a
Kubernetes pod template with custom containersfor builds, then deploy
applications
using kubectl apply .
How can you reduce the build time of a Jenkinsjob
+
Use parallel stages to execute independent taskssimultaneously. Example:
Parallelize
static code analysis , unit tests, andintegration tests. Use build caching
mechanis
ms like Docker layer caching ordependency caching.
How do you optimize Jenkins for CI/CD pipelines with
heavy test loads
+
Split tests into smaller batches and run them in parallel. Use sharding for
dis
tributed test execution across multipleagents. Example: Divide a 10,000-test
suite
into 10 shards anddis tribute them across agents.
What would you do if a Jenkins job hangsindefinitely
+
Check the Jenkins build logs for deadlocks or resourcecontention. Restart
the agent
where the build is stuck, if needed. Example: A job stuck in docker build
could
indicate Docker daemon is sues; restart the Docker service.
How do you troubleshoot a Jenkins job that keeps
failing
at the same step
+
Analyze the console output to identify the error message. Check for
environmental is
sues like mis sing dependencies orincorrect permis sions. Example: A Maven
build
failing due to repository connectivitymight require checking proxy
configurations.
How do you implement manual approval gates in
Jenkinspipelines
+
Use the input step in a declarativepipeline. Example: Add an approval step
before
deploying to production.Only after manual confirmation does the pipeline
proceed.
How do you handle blue-green deployments in Jenkins
+
Create separate pipelines for blue and green environments. Route traffic to
the new
environment after successfuldeployment and health checks. Example: Use AWS
Route53
or Kubernetes Ingress to switchtraffic seamlessly.
How do you monitor Jenkins build trends
+
Use the Build His tory and Build Monitor plugins. Example: Vis ualize
pass/fail
trends over time to identifyflaky tests.
How do you notify teams about build failures
+
Use the Email Extension or Slack Notification plugins. Example: Configure a
Slack
webhook to notify the #build-alerts channel upon failure.
How do you manage monorepos in Jenkinspipelines
+
Use sparse checkouts to fetch only the required directories. Example:
Trigger
pipelines based on changes in specificsubdirectories using the dir parameter
in Git.
How do you handle merge conflicts in a Jenkins
pipeline
+
Use Git pre-merge hooks or resolve conflicts locally and pushthe updated
code.
Example: A pipeline can fetch both source and target branches,merge them in
a
temporary branch, and check for conflicts.
How do you trigger a Jenkins pipeline from
anotherpipeline
+
Use the build step in a scripted or declarativepipeline to trigger another
pipeline.
Example: Pipeline A builds the application, and Pipeline B deploysit.
Pipeline A
calls Pipeline B using build(job:'Pipeline-B', parameters: [string(name:
'version',value: '1.0')]) .
How do you handle shared libraries in Jenkins
pipelines
+
Use the Global Shared Libraries feature inJenkins. Example: Create reusable
Groovy
functions for common tasks (e.g.,linting, packaging) and call them in
pipelines
using @Library('my-library') .
How do you implement conditional logic in Jenkins
pipelines
+
Use when in declarative pipelines or if statements in scripted pipelines.
Example:
Skip deployment if the branch is not main using when { branch 'main' } .
How do you handle job failures in a Jenkins pipeline
+
Use the catchError block to handle errorsgracefully. Example: catchError {
sh
'some-failing-command' } echo 'Handled the failure and proceeding.'
What would you do if a Jenkins master node crashes
+
Restore the master node from backups. Use Jenkins’ thinBackup or a similar
plugin
for automatedbackups. Example: After restoration, ensure the plugins and
configuration aresynchronized.
How do you restart a failed Jenkins pipeline from a
specific stage
+
Enable the Restart from Stage feature in theJenkins declarative pipeline.
Example:
If the Deploy stage fails, restart thepipeline from that stage without re-
executing
previous stages.
How do you integrate Jenkins with SonarQube for code
qualityanalysis
+
Use the SonarQube Scanner plugin. Example: Add a stage in the pipeline to
run
sonar-scanner and publis h results to the SonarQubeserver.
How do you enforce code coverage thresholds in Jenkins
pipelines
+
Use tools like JaCoCo or Cobertura and configure the build to fail
ifthresholds are
not met. Example: jacoco(execPattern: '**/jacoco.exec',
minimumBranchCoverage: '80')
How do you implement parallelis m in Jenkinspipelines
+
Use the parallel directive in declarativepipelines or parallel block in
scripted
pipelines. Example: Run unit tests , integration tests , and linting
inparallel
stages.
How do you optimize resource utilization in Jenkins
+
Use lock to manage resource contention. Example: Limit concurrent jobs
accessing a
shared environment using lock('resourceName') .
How do you run Jenkins jobs in a Docker container
+
Use the docker block in declarativepipelines. Example: agent { docker {
image
'node:14' } }
How do you ensure consis tent environments for Jenkins
builds
+
Use Docker images to define build environments. Example: Use a prebuilt
image with
all dependencies pre-installed forfaster builds.
How do you integrate Jenkins with AWS for CI/CD
+
Use the AWS CLI or AWS-specific Jenkins plugins. Example: Deploy an
application to
S3 using aws s3 cp commands in the pipeline.
How do you configure Jenkins to deploy to Azure
Kubernetes Service (AKS)
+
Use kubectl commands with AKS credentialsstored in Jenkins credentials.
Example:
Deploy manifests using sh 'kubectl apply-f k8s.yaml' .
How do you trigger a Jenkins job when a file changes
inGit
+
Use GitHub or Bitbucket webhooks configured with the Jenkinsjob. Example: A
webhook
triggers the job only for changes in a specificfolder by setting path
filters.
How do you schedule periodic builds in Jenkins
+
Use the Build periodically option or cron syntax in pipeline scripts.
Example:
Schedule a nightly build using H 0 * ** .
How do you audit build logs and job execution
inJenkins
+
Enable the Audit Trail plugin to track user actions. Example: View changes
made to
jobs, builds, and plugins.
How do you implement compliance checks in Jenkins
pipelines
+
Integrate with tools like OpenSCAP or custom scripts for
compliancevalidation.
Example: Validate infrastructure as code (IaC) templates forcompliance
before
deployment.
How do you manage build artifacts in Jenkins
+
Use the Archive the artifacts post-buildstep. Example: Store JAR files and
logs for
future reference using archiveArtifacts artifacts: 'build/*.jar' .
How do you publis h artifacts to a repository like
Nexus
or Artifactory
+
Use Maven/Gradle plugins or REST APis for publis hing. Example: Push aJAR
file to
Nexus with: sh 'mvn deploy'
How do you notify a team about pipeline status
+
Use Slack or Email plugins for notifications. Example: Notify Slackon
success or
failure with: slackSend channel: '#builds', message:
"Build#${env.BUILD_NUMBER}
${currentBuild.result}"
How do you send detailed build reports via email in
Jenkins
+
Use the Email Extension plugin and configure templates for detailedreports.
Example:
Include build logs and test results in the email.
How do you back up Jenkins configurations
+
Use the thinBackup plugin or manual backup of $JENKINS_HOME . Example:
Automate
backups nightly and store them in a secure locationlike S3.
How do you recover a Jenkins instance from backup
+
Restore the $JENKINS_HOME directory from thebackup and restart Jenkins.
Example:
After restoration, validate all jobs and credentials.
How do you implement feature flags in Jenkinspipelines
+
Use environment variables or external tools like LaunchDarkly. Example: A
feature
flag determines whether to deploy the featurebranch.
How do you integrate Jenkins with a database for
testing
+
Spin up a database container or use a preconfigured testdatabase. Example:
Use
Docker Compose to bring up a MySQL container beforerunning tests.
How do you manage long-running jobs in Jenkins
+
Break them into smaller jobs or stages to allow checkpoints. Example: Use
timeout to
terminate excessivelylong builds.
What would you do if Jenkins pipelines start failing
intermittently
+
Investigate resource constraints, flaky tests, or networkis sues. Example:
Monitor
agent logs and rebuild affected stages.
How do you manage Jenkins jobs for multiple branches
in
a monorepo
+
Use multibranch pipelines or branch-specific Jenkinsfiles.
How do you handle cross-team collaboration in Jenkins
pipelines
+
Use shared libraries for reusable code and maintain a central
Jenkinsgovernance
team.
How do you manage Jenkins agents in a dynamic
cloudenvironment
+
Use a cloud provider plugin (e.g., Amazon EC2 or Kubernetes). Example:
Configure
Kubernetes-based agents to dynamically spin uppods based on job demands.
How do you limit the number of concurrent builds for a
Jenkins job
+
Use the Throttle Concurrent Builds plugin. Example: Set a limit of two
builds per
agent to avoid resourcecontention.
How do you optimize Jenkins for large-scale builds
with
limited hardware
+
Use build labels to dis tribute specific jobs to the rightagents. Example:
Assign
resource-intensive builds to high-capacity agentswith labels like high_mem .
How do you implement custom notifications in
Jenkinspipelines
+
Use a custom script to send notifications via APis . Example: Integrate with
Microsoft Teams by using their webhook API tosend custom alerts.
How do you alert stakeholders only on critical build
failures
+
Use conditional steps in pipelines to send notifications based onfailure
type.
Example: Notify stakeholders if the failure occurs in the Deploy stage.
How do you manage dependencies in a Jenkins
CI/CDpipeline
+
Use dependency management tools like Maven, Gradle, or npm. Example: Use a
package.json or pom.xml file to ensure consis tent dependencies
acrossbuilds.
How do you handle dependency conflicts in a Jenkins
build
+
Use dependency resolution features of tools like Maven orGradle. Example:
Exclude
transitive dependencies causing conflicts in the pom.xml .
How do you debug Jenkins pipeline failureseffectively
+
Enable verbose logging for specific stages or commands. Example: Use sh 'set
-x
&&your-command' for detailed command output.
How do you log custom messages in Jenkins pipelines
+
Use the echo step in declarative or scriptedpipelines. Example: echo
"Starting
deployment toenvironment: ${env.ENV_NAME}" .
How do you monitor Jenkins server health
+
Use the Monitoring plugin or external toolslike Prometheus and Grafana.
Example:
Monitor JVM memory, dis k usage, and thread activity usingPrometheus
exporters.
How do you set up Jenkins alerts for high resource
usage
+
Integrate Jenkins with monitoring tools like Nagios orDatadog. Example:
Trigger an
alert if CPU usage exceeds 80% duringbuilds.
How do you set up pipelines to work on multiple
operatingsystems
+
Use agent labels to target specific platforms (e.g., linux , windows ).
Example: Run
tests on both Linux and Windows agents using parallelstages.
How do you ensure portability in Jenkins pipelines
across environments
+
Use containerized builds with Docker for a consis tent runtime. Example:
Build and
test the application in the same Dockerimage.
How do you create custom build steps in Jenkins
+
Use the Pipeline Utility Steps plugin or write custom Groovyscripts.
Example: Create
a step to clean the workspace, fetch dependencies,and run tests.
How do you extend Jenkins functionality with custom
plugins
+
Develop a custom Jenkins plugin using the Jenkins Plugin DevelopmentKit
(PDK).
Example: A plugin to integrate Jenkins with a proprietarydeployment system.
How do you integrate Jenkins with performance testing
tools likeJMeter
+
Use the Performance Plugin to parse JMeter results. Example: Trigger a
JMeter
script, then analyze results withthresholds for build pass/fail criteria.
How do you fail a Jenkins build if performance metrics
are below expectations
+
Add a stage to validate performance metrics against predefinedthresholds.
Example:
Fail the build if response time exceeds 500ms.
How do you trigger a Jenkins job based on an external
event (e.g., anAPI call)
+
Use the Jenkins Remote Trigger URL with an API token. Example: Trigger a job
using
curl -XPOST
+
/job/ /buildtoken= .
How do you schedule a Jenkins job to run only on
specific days
+
Use a cron expression in the Build periodically field. Example: Schedule a
job for
Mondays and Fridays using H H * * 1,5 .
How do you use Jenkins to automate databasemigrations
+
Integrate with tools like Flyway or Liquibase. Example: Add a pipeline stage
to run
migration scripts beforedeployment.
How do you verify database changes in a Jenkins
pipeline
+
Add a test stage to validate schema changes or dataconsis tency. Example:
Run SQL
queries to ensure migration scripts worked asexpected.
How do you secure Jenkins pipelines from
maliciousscripts
+
Use sandboxed Groovy scripts and validate third-partyJenkinsfiles. Example:
Use a
code review process for external contributions.
How do you protect sensitive information in Jenkins
logs
+
Mask sensitive information using the Mask Passwords plugin. Example: API
keys are
replaced with **** inlogs.
How do you implement versioning in Jenkins pipelines
+
Use build numbers or Git tags for versioning. Example: Generate a version
like
1.0.${BUILD_NUMBER} during the build process.
How do you automate release tagging in Jenkins
+
Use git tag commands in the pipeline. Example: Add a post-build step to tag
the
release and push it to therepository.
How do you fix "agent offline" is sues inJenkins
+
Verify network connectivity, agent logs, and master-agentconfigurations.
Example:
Check if the agent process has permis sions to connect to themaster.
What would you do if Jenkins fails to fetch code from
a
Git repository
+
Check Git plugin configurations, repository URL, and accesscredentials.
Example:
Verify that the SSH key used by Jenkins is valid.
How do you implement canary deployments in Jenkins
+
Deploy a small percentage of traffic to the new version and monitorbefore
full
rollout. Example: Use a custom script or plugin to automate trafficshifting.
How do you automate rollback in Jenkins pipelines
+
Maintain a record of previous deployments and redeploy the lastsuccessful
build.
Example: Use a rollback stage that fetchesartifacts of the previous version.
How do you ensure Jenkins pipelines are maintainable
+
Use shared libraries, modular pipelines, and cleardocumentation. Example:
Abstract
repetitive tasks like linting or packaging intoshared library functions.
How do you handle Jenkins updates in a production
environment
+
Test updates in a staging environment before applying them toproduction.
Example:
Validate that plugins are compatible with the new Jenkinsversion.
How do you handle long-running builds inJenkins
+
Use timeout steps to terminate excessive runtimes. Example: Fail the build
if it
exceeds 2 hours.
How do you prioritize critical jobs in Jenkins
+
Assign higher priority to critical jobs using the Priority Sorterplugin.
Example:
Ensure deployment jobs are always queued before non-criticalones.
How do you build and test multiple modules of a
monolithicapplication in Jenkins
+
Use a multi-module build system like Maven or Gradle to compile andtest each
module
independently. Example: Add stages in the pipeline to build, test, and
packagemodules sequentially or in parallel.
How do you configure Jenkins to build microservices
independently
+
Use separate pipelines for each microservice. Example: Trigger the build of
a
specific microservice based onchanges in its folder using the path parameter
inmultibranch pipelines.
How do you integrate Jenkins with Selenium for
UItesting
+
Use the Selenium WebDriver and Jenkins Selenium plugin. Example: Add a stage
in the
pipeline to run Selenium test scripts ona dedicated test environment.
How do you fail a Jenkins build if tests fail
intermittently
+
Use the retry block to re-run flaky tests alimited number of times. Example:
Fail
the build after three retries if the tests continue tofail.
How do you pass parameters dynamically to a
Jenkinspipeline
+
Use parameterized builds and populate parameters dynamically througha
script.
Example: Use the active choice plugin topopulate a dropdown with values
fetched from
an API.
How do you create matrix builds in Jenkins
+
Use the Matrix plugin or a declarative pipeline with matrix stages. Example:
Test an
application on multiple OS and Java versions.
How do you back up and restore Jenkins jobs
+
Back up the $JENKINS_HOME/jobs directory. Example: Automate backups using a
cron job
or tools like thinBackup .
What steps would you follow to restore Jenkins jobs
from
backup
+
Stop Jenkins, copy the backed-up job configurations to the
$JENKINS_HOME/jobs
directory, and restart Jenkins. Example: Verify job configurations and
plugin
dependenciespost-restoration.
How do you use Jenkins to validate Infrastructure as
Code(IaC)
+
Integrate tools like Terraform or CloudFormation with Jenkinspipelines.
Example: Add
a stage to validate Terraform plans using terraform validate .
How do you implement automated provis ioning using
Jenkins
+
Use Jenkins to trigger Terraform or Ansible scripts for provis
ioninginfrastructure.
Example: Provis ion an AWS EC2 instance and deploy an application onit as
part of
the pipeline.
How do you test across multiple environments
simultaneously inJenkins
+
Use parallel stages in declarative pipelines. Example: Run tests on Dev, QA,
and
Staging environments inparallel.
How do you configure Jenkins to run parallel builds
for
multiple branches
+
Use multibranch pipelines to detect and execute builds for allbranches.
Example:
Each branch builds independently in its pipeline.
How do you securely pass secrets to a Jenkins job
+
Use the Credentials plugin to inject secrets into the pipeline.Example: Use
withCredentials to pass a secret API key to ashell script:
withCredentials([string(credentialsId: 'api-key', variable:'API_KEY')]) { sh
'curl
-H "Authorization: $API_KEY"https://api.example.com' }
How do you audit the usage of credentials in Jenkins
+
Enable auditing through the Audit Trail plugin and monitor credentialusage
logs.
Example: Identify unauthorized access to sensitivecredentials.
How do you manage a situation where a Jenkins job is
stuckindefinitely
+
Identify the is sue by reviewing the build logs and system resourceusage.
Example:
Terminate the stuck process on the agent and re-trigger thejob.
How do you handle pipeline execution that consumes
excessive resources
+
Use resource quotas or throttle settings tolimit resource usage. Example:
Assign
builds to low-resource agents for non-criticaljobs.
How do you implement multi-cloud deployments
usingJenkins
+
Configure multiple cloud credentials and deploy to each
providerconditionally.
Example: Deploy to AWS, Azure, and GCP using environment-specificdeployment
scripts.
How do you monitor Jenkins pipeline performance
+
Use plugins like Build Monitor, Prometheus, or Performance Publis herto
track
performance metrics. Example: Analyze pipeline execution time trends to
optimize
slowstages.
How do you generate build trend reports in Jenkins
+
Use the Test Results Analyzer or Dashboard View plugin. Example: Vis ualize
the
number of passed, failed, and skipped testsover time.
How do you create dynamic stages in a Jenkinspipeline
+
Use Groovy scripting in a scripted pipeline to define stagesdynamically.
Example:
Loop through a lis t of services and create a build stage foreach.
How do you dynamically load environment configurations
in Jenkins
+
Use configuration files stored in a repository or as a Jenkins
sharedlibrary.
Example: Load environment-specific variables from a JSON file duringthe
pipeline
execution.
How do you implement build caching in Jenkinspipelines
+
Use tools like Docker cache or Gradle/Maven build caches. Example: Use a
shared
cache directory for dependencies acrossbuilds.
How do you handle incremental builds in Jenkins
+
Configure the pipeline to build only the modified components usingtools like
Git
diff. Example: Trigger builds for only the microservices that havechanged.
How do you set up Jenkins for multitenant usage
acrossteams
+
Use folders, RBAC, and dedicated agents for each team. Example: Team A and
Team B
have separate folders with is olatedpipelines and credentials.
How do you handle conflicts when multiple teams use
shared Jenkins resources
+
Use the Lockable Resources plugin to serializeaccess to shared resources.
Example:
Ensure only one team can deploy to the staging environmentat a time.
How do you recover a pipeline that fails due to a
transientis sue
+
Use retry blocks to automatically retry thefailed step. Example: Retry a
deployment
step up to three times if it fails due tonetwork is sues.
How do you resume a pipeline after fixing an error
+
Use the Restart from Stage feature indeclarative pipelines. Example: Resume
the
pipeline from the Deploy stage after fixing a configuration is sue.
How do you integrate Jenkins with JIRA for is
suetracking
+
Use the JIRA plugin to update is sue status automatically after abuild.
Example:
Transition a JIRA ticket to "In Progress" when thebuild starts.
How do you integrate Jenkins with a service bus or
message queue
+
Use custom scripts or plugins to publis h messages to RabbitMQ, Kafka,or AWS
SQS.
Example: Notify downstream systems after a successful deployment bysending a
message
to a queue.
How do you use Jenkins to build and test
containerizedapplications
+
Use the Docker Pipeline plugin to build and test images. Example: Build a
Docker
image in one stage and run tests in acontainerized environment in the next
stage.
How do you manage container orchestration with Jenkins
+
Use Kubernetes or Docker Compose to orchestrate multi-containerenvironments.
Example: Deploy an application and database containers together
forintegration
tests.
How do you allocate specific agents for
certainpipelines
+
Use agent labels in the pipeline configuration. Example: Assign a pipeline
to the
high-memory agent for resource-intensive builds.
How do you ensure efficient resource utilization
across
Jenkins agents
+
Use the Load Balancer plugin or Jenkins Cloud Agents for dynamicscaling.
Example:
Scale down idle agents during off-peak hours.
How do you manage Jenkins configurations
acrossenvironments
+
Use tools like Jenkins Configuration as Code (JCasC) or custom
Groovyscripts.
Example: Use a YAML configuration file to define jobs, credentials,
andplugins.
How do you version controlJenkins jobs and pipelines
+
Store pipeline scripts in a Git repository. Example: Use Jenkinsfiles to
define
pipelines, making them portableand traceable.
How do you implement rolling deployments withJenkins
+
Deploy updates incrementally to a subset of servers or pods. Example: Update
10% of
the pods in Kubernetes before proceeding tothe next batch.
How do you automate blue-green deployments in Jenkins
+
Use separate environments for blue and green and switch traffic
post-deployment.
Example: Use a load balancer to toggle between environments aftersuccessful
tests.
How do you integrate Jenkins with API testing tools
likePostman
+
Use Newman (Postman CLI) in the pipeline to executecollections. Example: Run
newman
run collection.json in atest stage.
How do you handle test data for automated testing in
Jenkins
+
Use environment variables or configuration files to provide testdata.
Example: Pass
database credentials as environment variables duringtest execution.
How do you automate release notes generation inJenkins
+
Use a custom script or plugin to fetch Git commit messages or JIRAupdates.
Example:
Generate release notes from commits tagged with [release] .
How do you implement versioning in a CI/CD pipeline
+
Use Git tags or build numbers to version artifacts. Example: Create a
version string
like 1.0.${BUILD_NUMBER} for every build.
What steps would you take if Jenkins builds suddenly
start failingacross all jobs
+
Check global configurations, credentials, and plugin updates. Example:
Investigate
whether a recent plugin update causedcompatibility is sues.
How do you handle Jenkins agent dis connections during
builds
+
Configure a reconnect strategy or reassign the job to anotheragent. Example:
Use a
script to auto-restart dis connected agents.
How do you design pipelines to handle varying
deploymentstrategies
+
Use parameters to define the deployment type (e.g., rolling,canary).
Example: A
pipeline prompts the user to select the strategy beforedeployment.
How do you configure pipelines for multiple repository
triggers
+
Use a webhook aggregator to trigger the pipeline for changes inmultiple
repositories. Example: Trigger a build when changes are made to either the
frontendor backend repositories.
How do you ensure compliance with Jenkins pipelines
+
Use tools like SonarQube for code quality checks and enforce policieswith
shared
libraries. Example: Ensure every pipeline includes a security scan stage.
How do you audit pipeline execution in Jenkins
+
Use the Audit Trail plugin to track changes and executionhis tory. Example:
Identify
who triggered a job and when.
How do you set up Jenkins for high availability
+
Use a clustered setup with multiple Jenkins masters and sharedstorage.
Example:
Configure an NFS share for $JENKINS_HOME to ensure consis tency across
masters.
What’s your approach to restoring Jenkins from a dis
aster
+
Restore configurations and data from backups, then validate pluginsand jobs.
Example: Use thinBackup to quickly recover Jenkins data.
How do you implement Jenkins backups for
criticalenvironments
+
Use tools like thinBackup or JenkinsConfiguration as Code (JCasC) to back up
configurations, jobs, and plugins.Automate the process with cron jobs or
scripts.
Example: Automate daily backups of the $JENKINS_HOME directory and store
them on S3
or a secure location.
What strategies do you recommend for Jenkins dis aster
recovery
+
Use a secondary Jenkins instance as a standby master with replicateddata.
Example:
Periodically sync $JENKINS_HOME between primary and standby instances and
use a load
balancer forfailover.
How do you handle consis tent build failures caused by
flakytests
+
Identify flaky tests using test reports and is olate them intoseparate test
suites.
Example: Retry only the flaky tests multiple times in a dedicatedpipeline
stage.
What would you do if builds fail due to resource
exhaustion
+
Optimize resource allocation by reducing the number of concurrentbuilds or
increasing system capacity. Example: Add more Jenkins agents or limit
concurrent
jobs with theThrottle Concurrent Builds plugin.
How do you manage environment-specific variables in
Jenkinspipelines
+
Use environment variables defined in the Jenkinsfile or
externalconfiguration files.
Example: Load environment-specific files based on the selected parameter
using: def
config = readYaml file: "config/${env.ENVIRONMENT}.yaml"
How do you handle multi-environment deployments in a
single pipeline
+
Use declarative pipeline stages with conditional logic for
differentenvironments.
Example: Deploy to QA, Staging, and Production in sequence withmanual
approval gates
for Staging and Production.
How do you reduce pipeline execution time for
largeapplications
+
Use parallel stages, build caching, and pre-configuredenvironments. Example:
Parallelize unit tests, integration tests, and static codeanalysis stages.
How do you identify and fix bottlenecks in Jenkins
pipelines
+
Use performance plugins or monitor logs to detect slow stages. Example:
Split a
long-running build stage into smaller tasks oroptimize resource- intensive
scripts.
How do you ensure reproducibility in containerized
Jenkinspipelines
+
Use Docker images with all required dependenciespre-installed. Example:
Build and
test Node.js applications using a custom Docker image: agent { docker {
image
'custom-node:14' } }
How do you handle container orchestration in Jenkins
pipelines
+
Use Kubernetes plugins or tools like Helm for deploying and
managingcontainers.
Example: Deploy a Helm chart to Kubernetes as part of thepipeline.
How do you manage shared Jenkins resources across
multipleteams
+
Use the Folder and Role-Based Authorization Strategy plugins tois olate
team-
specific configurations. Example: Each team has a dedicated folder with
restricted
access totheir jobs and agents.
How do you create reusable components for different
team
pipelines
+
Use Jenkins Shared Libraries for common functionality like deploymentscripts
or
notifications. Example: Create a shared library to send Slack notifications:
def
sendNotification(String message) { slackSend(channel:'#builds', message:
message) }
How do you secure sensitive API keys and tokens
inJenkins
+
Use the Credentials plugin to securely store and retrieve
sensitiveinformation.
Example: Use withCredentials to pass an APItoken to a pipeline:
withCredentials([string(credentialsId: 'api-token', variable:'TOKEN')]) { sh
"curl
-H 'Authorization: Bearer ${TOKEN}'https://api.example.com" }
How do you implement secure access controlfor Jenkins
users
+
Use the Role-Based Authorization Strategy plugin to define roles andpermis
sions.
Example: Admins have full access, while developers have job-specificpermis
sions.
How do you handle integration testing in
Jenkinspipelines
+
Spin up test environments using Docker or Kubernetes for is olatedtesting.
Example:
Run integration tests against a temporary database containerin a pipeline
stage.
How do you automate regression testing in Jenkins
+
Use tools like Selenium or TestNG for regression tests triggeredafter every
build.
Example: Schedule nightly builds to run a regression testsuite.
How do you customize build notifications inJenkins
+
Use plugins like Email Extension or Slack Notification with customtemplates.
Example: Include build duration and commit messages in Slacknotifications.
How do you configure Jenkins to notify specific
stakeholders
+
Use the post-build step to send notifications to different recipientsbased
on
pipeline results. Example: Notify developers on failure and QA on success.
How do you integrate Jenkins with Terraform for
IaCautomation
+
Use the Terraform plugin or CLI to apply configurations. Example: Add a
stage to
validate, plan, and apply Terraformscripts.
How do you integrate Jenkins with Ansible for
configuration management
+
Trigger Ansible playbooks from the Jenkins pipeline using the Ansibleplugin
or CLI.
Example: Use ansiblePlaybook to deployconfigurations to a server.
How do you horizontally scale Jenkins to handle
highworkloads
+
Add multiple agents and dis tribute builds using labels or nodeaffinity.
Example:
Use Kubernetes agents to dynamically scale based on thebuild queue.
How do you optimize Jenkins for a dis tributed build
environment
+
Use dis tributed agents with pre-installed dependencies to reducesetup time.
Example: Assign resource-intensive jobs to dedicated high-performanceagents.
How do you handle multi-region deployments inJenkins
+
Use separate stages or pipelines for each region. Example: Deploy to US-East
and
EU-West regions using AWS CLIcommands.
How do you implement zero-downtime deployments in
Jenkins
+
Use rolling updates or blue-green deployments to ensureavailability.
Example:
Gradually replace instances in an auto-scaling group withthe new version.
How do you debug Jenkins pipeline is sues inreal-time
+
Use console logs and debug flags in pipeline steps. Example: Add set -x to
shell
commands fordetailed debugging.
How do you handle agent dis connect is sues during
builds
+
Implement retry logic and configure robust reconnect settings. Example:
Auto-restart
agents if they dis connect due to resourceconstraints.
How do you implement pipeline-as-code in Jenkins
+
Store Jenkinsfiles in the source code repository forversion-controlled
pipelines.
Example: Use checkout scm to pull theJenkinsfile from Git.
How do you integrate Jenkins with GitOps workflows
+
Use tools like ArgoCD or Flux in combination with Jenkins forGitOps.
Example:
Trigger a deployment when changes are committed to a Gitrepository.
How do you implement feature toggles in
Jenkinspipelines
+
Use environment variables or configuration files to toggle featuresduring
deployment. Example: Use a parameter in the pipeline to enable or dis able a
specific feature: if (params.ENABLE_FEATURE_X) { sh 'deploy-feature-x.sh' }
How do you automate multi-branch testing in Jenkins
+
Use multibranch pipelines to automatically detect and run tests onnew
branches.
Example: Configure branch-specific Jenkinsfiles to define uniquetesting
workflows.
How do you manage dependency trees in Jenkins for
largeprojects
+
Use build tools like Maven or Gradle with dependency managementfeatures.
Example:
Trigger dependent builds using the Parameterized Trigger plugin.
How do you build microservices with interdependencies
in
Jenkins
+
Use a parent pipeline to trigger builds for dependent microservicesin the
correct
order. Example: Build Service A, then trigger builds for Services B and
C,which
depend on it.
How do you deploy multiple services using Jenkins
inparallel
+
Use the parallel directive in a declarativepipeline. Example: Deploy
frontend,
backend, and database servicessimultaneously.
How do you sequence dependent service deployments in
Jenkins
+
Use pipeline stages with proper dependencies defined. Example: Deploy a
database
schema before deploying the backendservice.
How do you enforce code scanning in Jenkinspipelines
+
Integrate tools like Snyk, Checkmarx, or OWASPDependency-Check. Example: Add
a stage
to scan for vulnerabilities in dependencies andfail the build on
high-severity is
sues.
How do you prevent unauthorized pipeline modifications
+
Use Git repository branch protections and Jenkins accesscontrols. Example:
Require
pull requests to be reviewed before updatingJenkinsfiles in main .
How do you manage Jenkins jobs for legacy systems
+
Use parameterized freestyle jobs or convert them into pipelines forbetter
flexibility. Example: Migrate a job using shell scripts into a
scriptedpipeline.
How do you ensure compatibility between Jenkins and
legacy build tools
+
Use custom scripts or Dockerized environments that mimic the legacysystem.
Example:
Run builds in a container with legacy dependenciespre-installed.
How do you store and retrieve pipeline artifacts
inJenkins
+
Use the Archive the Artifacts plugin or storeartifacts in a dedicated
repository
like Nexus or Artifactory. Example: Archive build logs and binaries for
debugging
andauditing.
How do you handle large artifact storage in Jenkins
+
Use external storage solutions like S3 or Azure Blob Storage. Example:
Upload
artifacts to an S3 bucket as part of the post-buildstep.
How do you trigger Jenkins builds based on Git
tagcreation
+
Configure webhooks to trigger jobs when a tag is created. Example: Trigger a
release
pipeline for tags matching the pattern v* .
How do you implement Git submodule handling in Jenkins
+
Enable submodule support in the Git plugin configuration. Example: Clone and
update
submodules automatically during thecheckout process.
How do you implement cross-browser testing inJenkins
+
Use tools like Selenium Grid or BrowserStack for browsercompatibility
testing.
Example: Run tests across Chrome, Firefox, and Safari in parallelstages.
How do you manage test environments dynamically in
Jenkins
+
Use Docker or Kubernetes to spin up test environments during
pipelineexecution.
Example: Deploy test environments using Helm charts and tear themdown after
tests.
How do you customize notifications for specific
pipelinestages
+
Use conditional logic to send stage-specific notifications. Example: Notify
the QA
team only when the test stage fails.
How do you integrate Jenkins with Microsoft Teams for
notifications
+
Use a webhook to send notifications to Teams channels. Example: Post
pipeline
results to a Teams channel using a curl command.
How do you optimize Jenkins pipelines for
Docker-basedapplications
+
Use Docker caching and multis tage builds to speed up builds. Example: Build
and
push Docker images only if code changes aredetected.
How do you deploy containerized applications using
Jenkins
+
Use Kubernetes manifests or Docker Compose files in pipelinescripts.
Example: Deploy
to Kubernetes using kubectlapply .
How do you debug failed Jenkins jobs effectively
+
Analyze logs, enable debug mode, and rerun failing stepslocally. Example:
Use sh
'set -x' inpipeline steps to trace shell command execution.
How do you handle intermittent pipeline failures
+
Use retry mechanis ms and investigate logs to identify flakycomponents.
Example:
Retry a step with a maximum of three attempts: retry(3) { sh
'flaky-command.sh' }
How do you implement blue-green deployments in
Jenkinspipelines
+
Use separate environments for blue and green, then switch trafficusing a
load
balancer. Example: Deploy the new version to the green environment, test it,
and
redirect traffic from blue to green .
How do you roll back a blue-green deployment
+
Switch traffic back to the stable environment (e.g., blue ) in case of is
sues.
Example: Update load balancer settings to point to the previousversion.
How do you standardize pipeline templates for
multipleprojects
+
Use Jenkins Shared Libraries to define reusable pipelinefunctions. Example:
Define a
buildAndDeploy function forconsis tent CI/CD across projects.
How do you parameterize pipeline templates for
different
use cases
+
Use pipeline parameters to customize behavior dynamically. Example: Use a
DEPLOY_ENV
parameter to specifythe target environment.
How do you monitor long-running builds in Jenkins
+
Use the Build Monitor plugin or integrate with external monitoringtools.
Example:
Set up alerts for builds exceeding a specificduration.
How do you identify agents with high resource usage
+
Use the Monitoring plugin or analyze system metrics. Example: Identify
agents with
CPU or memory spikes duringbuilds.
How do you audit Jenkins pipelines for
regulatorycompliance
+
Use plugins like Audit Trail to log all pipeline changes andexecutions.
Example:
Ensure every production deployment is traceable with anaudit log.
How do you enforce compliance checks in Jenkins
pipelines
+
Integrate with compliance tools like HashiCorp Sentinel or customscripts.
Example:
Fail the pipeline if IaC templates do not meet compliancerequirements.
How do you configure Jenkins for auto-scaling in
cloudenvironments
+
Use Kubernetes or AWS plugins to dynamically scale agents based onthe build
queue.
Example: Configure a Kubernetes pod template to spin up agents ondemand.
How do you balance workloads in a dis tributed Jenkins
setup
+
Use node labels and assign jobs based on agent capabilities. Example: Assign
resource-intensive builds to high-memoryagents.
How do you analyze build success rates in Jenkins
+
Use the Build His tory Metrics plugin or integrate with externalanalytics
tools.
Example: Generate reports showing success and failure trends overtime.
How do you track pipeline execution times across
multiple jobs
+
Use the Pipeline Stage View plugin to vis ualize executiontimes. Example:
Identify
stages with consis tently high executiontimes.
How do you implement canary deployments in
Jenkinspipelines
+
Deploy updates to a small percentage of instances or users first,then
gradually
increase. Example: Route 5% of traffic to the new version using feature
flagsor load
balancer rules.
How do you deploy serverless applications using
Jenkins
+
Use CLI tools like AWS SAM or Azure Functions Core Tools. Example: Deploy a
Lambda
function using aws lambdaupdate-function-code .
How do you handle a Jenkins master node running out of
dis kspace
+
Clean up old build logs, artifacts, and workspace directories.Example: Use a
script
to automate periodic cleanup: find $JENKINS_HOME/workspace -type d -mtime
+30 -exec
rm -rf {}\;
How do you address slow Jenkins startup times
+
Optimize plugins by removing unused ones and upgrading to newerversions.
Example:
Use the Pipeline Speed/Durability Settings for lightweight pipeline
executions.
How do you migrate from Jenkins to a modern CI/CDtool
+
Export pipelines, convert them to the new tool's format, andtest the
migrated
workflows. Example: Migrate from Jenkins to GitHub Actions using
YAML-basedworkflows.
How do you ensure Jenkins pipelines remain
future-proof
+
Regularly update plugins, adopt new best practices, and refactoroutdated
pipelines.
Example: Transition from freestyle jobs to declarative pipelines forbetter
maintainability.
How would you design a Jenkins setup for a
large-scaleenterpris e application with multiple teams
+
Design a master-agent architecture where the master handlesscheduling and
orchestrating jobs, and agents execute jobs. Use dis tributed builds by
configuring
Jenkins agents ondifferent machines or containers. Implement folder-based
multi-tenancy to is olate pipelines foreach team. Secure the Jenkins setup
using
role-based access control(RBAC). Example: Team A has access to Folder A with
restrictedpipeline vis ibility, while the master node ensures no resource
contention.
How can you scale Jenkins to handle high build loads
+
Use Kubernetes-based Jenkins agents that scale dynamicallybased on workload.
Implement build queue monitoring and optimize resourceallocation by
offloading
non-critical jobs to low-priority nodes. Use Jenkins Operations Center
(CloudBees
CI) for centralizedmanagement of multiple Jenkins instances.
How do you manage plugins in a Jenkins environment to
ensure stability
+
Maintain a lis t of approved plugins after testingcompatibility with the
Jenkins
version. Regularly update plugins in a staging environment beforerolling
them into
production. Example: While upgrading the Git plugin, test it with
yourpipelines in
staging to ensure no dis ruption.
How do you design a Jenkins pipeline to support
multipleenvironments (e.g., Dev, QA, Prod)
+
Use parameterized pipelines where environment-specificconfigurations (e.g.,
URLs,
credentials) are passed as parameters. Implement environment-specific stages
or
branch-specificpipelines. Example: A pipeline that promotes a build from Dev
to QA
andthen to Prod using approval gates between stages.
How can you handle dynamic branch creation in Jenkins
pipelines
+
Use multibranch pipelines that automatically detect newbranches in a
repository and
create pipelines for them. Configure the Jenkinsfile in each branch to
define
itspipeline behavior.
How do you ensure pipeline resilience in case of
intermittent failures
+
Use retry blocks in declarative orscripted pipelines to retry failed stages.
Example: Retrying a flaky test stage three times withexponential backoff.
Implement
conditional steps using catchError to handle failures gracefully.
How do you secure sensitive credentials in
Jenkinspipelines
+
Use the Jenkins Credentials plugin to store secrets securely. Access
credentials
using environment variables or bindings inthe pipeline. Example: Fetch an
API key
stored in Jenkins credentials using withCredentials in a scripted pipeline.
How do you enforce role-based access control(RBAC) in
Jenkins
+
Use the Role-Based Authorization Strategy plugin. Define roles like Admin,
Developer, and Viewer, and assignpermis sions for jobs, folders, and builds
accordingly.
How do you integrate Jenkins with Docker for
buildingand
deploying applications
+
Use the Docker plugin or Docker Pipeline plugin. Example: Build a Docker
image in
the pipeline using docker.build and push it to a container regis try. Run
tests in
ephemeral Docker containers for consis tent testenvironments.
How do you integrate Jenkins with a Kubernetes cluster
for deployments
+
Use the Kubernetes plugin or kubectl commands in the pipeline. Example: Use
a
Kubernetes pod template with custom containersfor builds, then deploy
applications
using kubectl apply .
How can you reduce the build time of a Jenkinsjob
+
Use parallel stages to execute independent taskssimultaneously. Example:
Parallelize
static code analysis , unit tests, andintegration tests. Use build caching
mechanis
ms like Docker layer caching ordependency caching.
How do you optimize Jenkins for CI/CD pipelines with
heavy test loads
+
Split tests into smaller batches and run them in parallel. Use sharding for
dis
tributed test execution across multipleagents. Example: Divide a 10,000-test
suite
into 10 shards anddis tribute them across agents.
What would you do if a Jenkins job hangsindefinitely
+
Check the Jenkins build logs for deadlocks or resourcecontention. Restart
the agent
where the build is stuck, if needed. Example: A job stuck in docker build
could
indicate Docker daemon is sues; restart the Docker service.
How do you troubleshoot a Jenkins job that keeps
failing
at the same step
+
Analyze the console output to identify the error message. Check for
environmental is
sues like mis sing dependencies orincorrect permis sions. Example: A Maven
build
failing due to repository connectivitymight require checking proxy
configurations.
How do you implement manual approval gates in
Jenkinspipelines
+
Use the input step in a declarativepipeline. Example: Add an approval step
before
deploying to production.Only after manual confirmation does the pipeline
proceed.
How do you handle blue-green deployments in Jenkins
+
Create separate pipelines for blue and green environments. Route traffic to
the new
environment after successfuldeployment and health checks. Example: Use AWS
Route53
or Kubernetes Ingress to switchtraffic seamlessly.
How do you monitor Jenkins build trends
+
Use the Build His tory and Build Monitor plugins. Example: Vis ualize
pass/fail
trends over time to identifyflaky tests.
How do you notify teams about build failures
+
Use the Email Extension or Slack Notification plugins. Example: Configure a
Slack
webhook to notify the #build-alerts channel upon failure.
How do you manage monorepos in Jenkinspipelines
+
Use sparse checkouts to fetch only the required directories. Example:
Trigger
pipelines based on changes in specificsubdirectories using the dir parameter
in Git.
How do you handle merge conflicts in a Jenkins
pipeline
+
Use Git pre-merge hooks or resolve conflicts locally and pushthe updated
code.
Example: A pipeline can fetch both source and target branches,merge them in
a
temporary branch, and check for conflicts.
How do you trigger a Jenkins pipeline from
anotherpipeline
+
Use the build step in a scripted or declarativepipeline to trigger another
pipeline.
Example: Pipeline A builds the application, and Pipeline B deploysit.
Pipeline A
calls Pipeline B using build(job:'Pipeline-B', parameters: [string(name:
'version',value: '1.0')]) .
How do you handle shared libraries in Jenkins
pipelines
+
Use the Global Shared Libraries feature inJenkins. Example: Create reusable
Groovy
functions for common tasks (e.g.,linting, packaging) and call them in
pipelines
using @Library('my-library') .
How do you implement conditional logic in Jenkins
pipelines
+
Use when in declarative pipelines or if statements in scripted pipelines.
Example:
Skip deployment if the branch is not main using when { branch 'main' } .
How do you handle job failures in a Jenkins pipeline
+
Use the catchError block to handle errorsgracefully. Example: catchError {
sh
'some-failing-command' } echo 'Handled the failure and proceeding.'
What would you do if a Jenkins master node crashes
+
Restore the master node from backups. Use Jenkins’ thinBackup or a similar
plugin
for automatedbackups. Example: After restoration, ensure the plugins and
configuration aresynchronized.
How do you restart a failed Jenkins pipeline from a
specific stage
+
Enable the Restart from Stage feature in theJenkins declarative pipeline.
Example:
If the Deploy stage fails, restart thepipeline from that stage without re-
executing
previous stages.
How do you integrate Jenkins with SonarQube for code
qualityanalysis
+
Use the SonarQube Scanner plugin. Example: Add a stage in the pipeline to
run
sonar-scanner and publis h results to the SonarQubeserver.
How do you enforce code coverage thresholds in Jenkins
pipelines
+
Use tools like JaCoCo or Cobertura and configure the build to fail
ifthresholds are
not met. Example: jacoco(execPattern: '**/jacoco.exec',
minimumBranchCoverage: '80')
How do you implement parallelis m in Jenkinspipelines
+
Use the parallel directive in declarativepipelines or parallel block in
scripted
pipelines. Example: Run unit tests , integration tests , and linting
inparallel
stages.
How do you optimize resource utilization in Jenkins
+
Use lock to manage resource contention. Example: Limit concurrent jobs
accessing a
shared environment using lock('resourceName') .
How do you run Jenkins jobs in a Docker container
+
Use the docker block in declarativepipelines. Example: agent { docker {
image
'node:14' } }
How do you ensure consis tent environments for Jenkins
builds
+
Use Docker images to define build environments. Example: Use a prebuilt
image with
all dependencies pre-installed forfaster builds.
How do you integrate Jenkins with AWS for CI/CD
+
Use the AWS CLI or AWS-specific Jenkins plugins. Example: Deploy an
application to
S3 using aws s3 cp commands in the pipeline.
How do you configure Jenkins to deploy to Azure
Kubernetes Service (AKS)
+
Use kubectl commands with AKS credentialsstored in Jenkins credentials.
Example:
Deploy manifests using sh 'kubectl apply-f k8s.yaml' .
How do you trigger a Jenkins job when a file changes
inGit
+
Use GitHub or Bitbucket webhooks configured with the Jenkinsjob. Example: A
webhook
triggers the job only for changes in a specificfolder by setting path
filters.
How do you schedule periodic builds in Jenkins
+
Use the Build periodically option or cron syntax in pipeline scripts.
Example:
Schedule a nightly build using H 0 * ** .
How do you audit build logs and job execution
inJenkins
+
Enable the Audit Trail plugin to track user actions. Example: View changes
made to
jobs, builds, and plugins.
How do you implement compliance checks in Jenkins
pipelines
+
Integrate with tools like OpenSCAP or custom scripts for
compliancevalidation.
Example: Validate infrastructure as code (IaC) templates forcompliance
before
deployment.
How do you manage build artifacts in Jenkins
+
Use the Archive the artifacts post-buildstep. Example: Store JAR files and
logs for
future reference using archiveArtifacts artifacts: 'build/*.jar' .
How do you publis h artifacts to a repository like
Nexus
or Artifactory
+
Use Maven/Gradle plugins or REST APis for publis hing. Example: Push aJAR
file to
Nexus with: sh 'mvn deploy'
How do you notify a team about pipeline status
+
Use Slack or Email plugins for notifications. Example: Notify Slackon
success or
failure with: slackSend channel: '#builds', message:
"Build#${env.BUILD_NUMBER}
${currentBuild.result}"
How do you send detailed build reports via email in
Jenkins
+
Use the Email Extension plugin and configure templates for detailedreports.
Example:
Include build logs and test results in the email.
How do you back up Jenkins configurations
+
Use the thinBackup plugin or manual backup of $JENKINS_HOME . Example:
Automate
backups nightly and store them in a secure locationlike S3.
How do you recover a Jenkins instance from backup
+
Restore the $JENKINS_HOME directory from thebackup and restart Jenkins.
Example:
After restoration, validate all jobs and credentials.
How do you implement feature flags in Jenkinspipelines
+
Use environment variables or external tools like LaunchDarkly. Example: A
feature
flag determines whether to deploy the featurebranch.
How do you integrate Jenkins with a database for
testing
+
Spin up a database container or use a preconfigured testdatabase. Example:
Use
Docker Compose to bring up a MySQL container beforerunning tests.
How do you manage long-running jobs in Jenkins
+
Break them into smaller jobs or stages to allow checkpoints. Example: Use
timeout to
terminate excessivelylong builds.
What would you do if Jenkins pipelines start failing
intermittently
+
Investigate resource constraints, flaky tests, or networkis sues. Example:
Monitor
agent logs and rebuild affected stages.
How do you manage Jenkins jobs for multiple branches
in
a monorepo
+
Use multibranch pipelines or branch-specific Jenkinsfiles.
How do you handle cross-team collaboration in Jenkins
pipelines
+
Use shared libraries for reusable code and maintain a central
Jenkinsgovernance
team.
How do you manage Jenkins agents in a dynamic
cloudenvironment
+
Use a cloud provider plugin (e.g., Amazon EC2 or Kubernetes). Example:
Configure
Kubernetes-based agents to dynamically spin uppods based on job demands.
How do you limit the number of concurrent builds for a
Jenkins job
+
Use the Throttle Concurrent Builds plugin. Example: Set a limit of two
builds per
agent to avoid resourcecontention.
How do you optimize Jenkins for large-scale builds
with
limited hardware
+
Use build labels to dis tribute specific jobs to the rightagents. Example:
Assign
resource-intensive builds to high-capacity agentswith labels like high_mem .
How do you implement custom notifications in
Jenkinspipelines
+
Use a custom script to send notifications via APis . Example: Integrate with
Microsoft Teams by using their webhook API tosend custom alerts.
How do you alert stakeholders only on critical build
failures
+
Use conditional steps in pipelines to send notifications based onfailure
type.
Example: Notify stakeholders if the failure occurs in the Deploy stage.
How do you manage dependencies in a Jenkins
CI/CDpipeline
+
Use dependency management tools like Maven, Gradle, or npm. Example: Use a
package.json or pom.xml file to ensure consis tent dependencies
acrossbuilds.
How do you handle dependency conflicts in a Jenkins
build
+
Use dependency resolution features of tools like Maven orGradle. Example:
Exclude
transitive dependencies causing conflicts in the pom.xml .
How do you debug Jenkins pipeline failureseffectively
+
Enable verbose logging for specific stages or commands. Example: Use sh 'set
-x
&&your-command' for detailed command output.
How do you log custom messages in Jenkins pipelines
+
Use the echo step in declarative or scriptedpipelines. Example: echo
"Starting
deployment toenvironment: ${env.ENV_NAME}" .
How do you monitor Jenkins server health
+
Use the Monitoring plugin or external toolslike Prometheus and Grafana.
Example:
Monitor JVM memory, dis k usage, and thread activity usingPrometheus
exporters.
How do you set up Jenkins alerts for high resource
usage
+
Integrate Jenkins with monitoring tools like Nagios orDatadog. Example:
Trigger an
alert if CPU usage exceeds 80% duringbuilds.
How do you set up pipelines to work on multiple
operatingsystems
+
Use agent labels to target specific platforms (e.g., linux , windows ).
Example: Run
tests on both Linux and Windows agents using parallelstages.
How do you ensure portability in Jenkins pipelines
across environments
+
Use containerized builds with Docker for a consis tent runtime. Example:
Build and
test the application in the same Dockerimage.
How do you create custom build steps in Jenkins
+
Use the Pipeline Utility Steps plugin or write custom Groovyscripts.
Example: Create
a step to clean the workspace, fetch dependencies,and run tests.
How do you extend Jenkins functionality with custom
plugins
+
Develop a custom Jenkins plugin using the Jenkins Plugin DevelopmentKit
(PDK).
Example: A plugin to integrate Jenkins with a proprietarydeployment system.
How do you integrate Jenkins with performance testing
tools likeJMeter
+
Use the Performance Plugin to parse JMeter results. Example: Trigger a
JMeter
script, then analyze results withthresholds for build pass/fail criteria.
How do you fail a Jenkins build if performance metrics
are below expectations
+
Add a stage to validate performance metrics against predefinedthresholds.
Example:
Fail the build if response time exceeds 500ms.
How do you trigger a Jenkins job based on an external
event (e.g., anAPI call)
+
Use the Jenkins Remote Trigger URL with an API token. Example: Trigger a job
using
curl -XPOST
+
/job/ /buildtoken= .
How do you schedule a Jenkins job to run only on
specific days
+
Use a cron expression in the Build periodically field. Example: Schedule a
job for
Mondays and Fridays using H H * * 1,5 .
How do you use Jenkins to automate databasemigrations
+
Integrate with tools like Flyway or Liquibase. Example: Add a pipeline stage
to run
migration scripts beforedeployment.
How do you verify database changes in a Jenkins
pipeline
+
Add a test stage to validate schema changes or dataconsis tency. Example:
Run SQL
queries to ensure migration scripts worked asexpected.
How do you secure Jenkins pipelines from
maliciousscripts
+
Use sandboxed Groovy scripts and validate third-partyJenkinsfiles. Example:
Use a
code review process for external contributions.
How do you protect sensitive information in Jenkins
logs
+
Mask sensitive information using the Mask Passwords plugin. Example: API
keys are
replaced with **** inlogs.
How do you implement versioning in Jenkins pipelines
+
Use build numbers or Git tags for versioning. Example: Generate a version
like
1.0.${BUILD_NUMBER} during the build process.
How do you automate release tagging in Jenkins
+
Use git tag commands in the pipeline. Example: Add a post-build step to tag
the
release and push it to therepository.
How do you fix "agent offline" is sues inJenkins
+
Verify network connectivity, agent logs, and master-agentconfigurations.
Example:
Check if the agent process has permis sions to connect to themaster.
What would you do if Jenkins fails to fetch code from
a
Git repository
+
Check Git plugin configurations, repository URL, and accesscredentials.
Example:
Verify that the SSH key used by Jenkins is valid.
How do you implement canary deployments in Jenkins
+
Deploy a small percentage of traffic to the new version and monitorbefore
full
rollout. Example: Use a custom script or plugin to automate trafficshifting.
How do you automate rollback in Jenkins pipelines
+
Maintain a record of previous deployments and redeploy the lastsuccessful
build.
Example: Use a rollback stage that fetchesartifacts of the previous version.
How do you ensure Jenkins pipelines are maintainable
+
Use shared libraries, modular pipelines, and cleardocumentation. Example:
Abstract
repetitive tasks like linting or packaging intoshared library functions.
How do you handle Jenkins updates in a production
environment
+
Test updates in a staging environment before applying them toproduction.
Example:
Validate that plugins are compatible with the new Jenkinsversion.
How do you handle long-running builds inJenkins
+
Use timeout steps to terminate excessive runtimes. Example: Fail the build
if it
exceeds 2 hours.
How do you prioritize critical jobs in Jenkins
+
Assign higher priority to critical jobs using the Priority Sorterplugin.
Example:
Ensure deployment jobs are always queued before non-criticalones.
How do you build and test multiple modules of a
monolithicapplication in Jenkins
+
Use a multi-module build system like Maven or Gradle to compile andtest each
module
independently. Example: Add stages in the pipeline to build, test, and
packagemodules sequentially or in parallel.
How do you configure Jenkins to build microservices
independently
+
Use separate pipelines for each microservice. Example: Trigger the build of
a
specific microservice based onchanges in its folder using the path parameter
inmultibranch pipelines.
How do you integrate Jenkins with Selenium for
UItesting
+
Use the Selenium WebDriver and Jenkins Selenium plugin. Example: Add a stage
in the
pipeline to run Selenium test scripts ona dedicated test environment.
How do you fail a Jenkins build if tests fail
intermittently
+
Use the retry block to re-run flaky tests alimited number of times. Example:
Fail
the build after three retries if the tests continue tofail.
How do you pass parameters dynamically to a
Jenkinspipeline
+
Use parameterized builds and populate parameters dynamically througha
script.
Example: Use the active choice plugin topopulate a dropdown with values
fetched from
an API.
How do you create matrix builds in Jenkins
+
Use the Matrix plugin or a declarative pipeline with matrix stages. Example:
Test an
application on multiple OS and Java versions.
How do you back up and restore Jenkins jobs
+
Back up the $JENKINS_HOME/jobs directory. Example: Automate backups using a
cron job
or tools like thinBackup .
What steps would you follow to restore Jenkins jobs
from
backup
+
Stop Jenkins, copy the backed-up job configurations to the
$JENKINS_HOME/jobs
directory, and restart Jenkins. Example: Verify job configurations and
plugin
dependenciespost-restoration.
How do you use Jenkins to validate Infrastructure as
Code(IaC)
+
Integrate tools like Terraform or CloudFormation with Jenkinspipelines.
Example: Add
a stage to validate Terraform plans using terraform validate .
How do you implement automated provis ioning using
Jenkins
+
Use Jenkins to trigger Terraform or Ansible scripts for provis
ioninginfrastructure.
Example: Provis ion an AWS EC2 instance and deploy an application onit as
part of
the pipeline.
How do you test across multiple environments
simultaneously inJenkins
+
Use parallel stages in declarative pipelines. Example: Run tests on Dev, QA,
and
Staging environments inparallel.
How do you configure Jenkins to run parallel builds
for
multiple branches
+
Use multibranch pipelines to detect and execute builds for allbranches.
Example:
Each branch builds independently in its pipeline.
How do you securely pass secrets to a Jenkins job
+
Use the Credentials plugin to inject secrets into the pipeline.Example: Use
withCredentials to pass a secret API key to ashell script:
withCredentials([string(credentialsId: 'api-key', variable:'API_KEY')]) { sh
'curl
-H "Authorization: $API_KEY"https://api.example.com' }
How do you audit the usage of credentials in Jenkins
+
Enable auditing through the Audit Trail plugin and monitor credentialusage
logs.
Example: Identify unauthorized access to sensitivecredentials.
How do you manage a situation where a Jenkins job is
stuckindefinitely
+
Identify the is sue by reviewing the build logs and system resourceusage.
Example:
Terminate the stuck process on the agent and re-trigger thejob.
How do you handle pipeline execution that consumes
excessive resources
+
Use resource quotas or throttle settings tolimit resource usage. Example:
Assign
builds to low-resource agents for non-criticaljobs.
How do you implement multi-cloud deployments
usingJenkins
+
Configure multiple cloud credentials and deploy to each
providerconditionally.
Example: Deploy to AWS, Azure, and GCP using environment-specificdeployment
scripts.
How do you monitor Jenkins pipeline performance
+
Use plugins like Build Monitor, Prometheus, or Performance Publis herto
track
performance metrics. Example: Analyze pipeline execution time trends to
optimize
slowstages.
How do you generate build trend reports in Jenkins
+
Use the Test Results Analyzer or Dashboard View plugin. Example: Vis ualize
the
number of passed, failed, and skipped testsover time.
How do you create dynamic stages in a Jenkinspipeline
+
Use Groovy scripting in a scripted pipeline to define stagesdynamically.
Example:
Loop through a lis t of services and create a build stage foreach.
How do you dynamically load environment configurations
in Jenkins
+
Use configuration files stored in a repository or as a Jenkins
sharedlibrary.
Example: Load environment-specific variables from a JSON file duringthe
pipeline
execution.
How do you implement build caching in Jenkinspipelines
+
Use tools like Docker cache or Gradle/Maven build caches. Example: Use a
shared
cache directory for dependencies acrossbuilds.
How do you handle incremental builds in Jenkins
+
Configure the pipeline to build only the modified components usingtools like
Git
diff. Example: Trigger builds for only the microservices that havechanged.
How do you set up Jenkins for multitenant usage
acrossteams
+
Use folders, RBAC, and dedicated agents for each team. Example: Team A and
Team B
have separate folders with is olatedpipelines and credentials.
How do you handle conflicts when multiple teams use
shared Jenkins resources
+
Use the Lockable Resources plugin to serializeaccess to shared resources.
Example:
Ensure only one team can deploy to the staging environmentat a time.
How do you recover a pipeline that fails due to a
transientis sue
+
Use retry blocks to automatically retry thefailed step. Example: Retry a
deployment
step up to three times if it fails due tonetwork is sues.
How do you resume a pipeline after fixing an error
+
Use the Restart from Stage feature indeclarative pipelines. Example: Resume
the
pipeline from the Deploy stage after fixing a configuration is sue.
How do you integrate Jenkins with JIRA for is
suetracking
+
Use the JIRA plugin to update is sue status automatically after abuild.
Example:
Transition a JIRA ticket to "In Progress" when thebuild starts.
How do you integrate Jenkins with a service bus or
message queue
+
Use custom scripts or plugins to publis h messages to RabbitMQ, Kafka,or AWS
SQS.
Example: Notify downstream systems after a successful deployment bysending a
message
to a queue.
How do you use Jenkins to build and test
containerizedapplications
+
Use the Docker Pipeline plugin to build and test images. Example: Build a
Docker
image in one stage and run tests in acontainerized environment in the next
stage.
How do you manage container orchestration with Jenkins
+
Use Kubernetes or Docker Compose to orchestrate multi-containerenvironments.
Example: Deploy an application and database containers together
forintegration
tests.
How do you allocate specific agents for
certainpipelines
+
Use agent labels in the pipeline configuration. Example: Assign a pipeline
to the
high-memory agent for resource-intensive builds.
How do you ensure efficient resource utilization
across
Jenkins agents
+
Use the Load Balancer plugin or Jenkins Cloud Agents for dynamicscaling.
Example:
Scale down idle agents during off-peak hours.
How do you manage Jenkins configurations
acrossenvironments
+
Use tools like Jenkins Configuration as Code (JCasC) or custom
Groovyscripts.
Example: Use a YAML configuration file to define jobs, credentials,
andplugins.
How do you version controlJenkins jobs and pipelines
+
Store pipeline scripts in a Git repository. Example: Use Jenkinsfiles to
define
pipelines, making them portableand traceable.
How do you implement rolling deployments withJenkins
+
Deploy updates incrementally to a subset of servers or pods. Example: Update
10% of
the pods in Kubernetes before proceeding tothe next batch.
How do you automate blue-green deployments in Jenkins
+
Use separate environments for blue and green and switch traffic
post-deployment.
Example: Use a load balancer to toggle between environments aftersuccessful
tests.
How do you integrate Jenkins with API testing tools
likePostman
+
Use Newman (Postman CLI) in the pipeline to executecollections. Example: Run
newman
run collection.json in atest stage.
How do you handle test data for automated testing in
Jenkins
+
Use environment variables or configuration files to provide testdata.
Example: Pass
database credentials as environment variables duringtest execution.
How do you automate release notes generation inJenkins
+
Use a custom script or plugin to fetch Git commit messages or JIRAupdates.
Example:
Generate release notes from commits tagged with [release] .
How do you implement versioning in a CI/CD pipeline
+
Use Git tags or build numbers to version artifacts. Example: Create a
version string
like 1.0.${BUILD_NUMBER} for every build.
What steps would you take if Jenkins builds suddenly
start failingacross all jobs
+
Check global configurations, credentials, and plugin updates. Example:
Investigate
whether a recent plugin update causedcompatibility is sues.
How do you handle Jenkins agent dis connections during
builds
+
Configure a reconnect strategy or reassign the job to anotheragent. Example:
Use a
script to auto-restart dis connected agents.
How do you design pipelines to handle varying
deploymentstrategies
+
Use parameters to define the deployment type (e.g., rolling,canary).
Example: A
pipeline prompts the user to select the strategy beforedeployment.
How do you configure pipelines for multiple repository
triggers
+
Use a webhook aggregator to trigger the pipeline for changes inmultiple
repositories. Example: Trigger a build when changes are made to either the
frontendor backend repositories.
How do you ensure compliance with Jenkins pipelines
+
Use tools like SonarQube for code quality checks and enforce policieswith
shared
libraries. Example: Ensure every pipeline includes a security scan stage.
How do you audit pipeline execution in Jenkins
+
Use the Audit Trail plugin to track changes and executionhis tory. Example:
Identify
who triggered a job and when.
How do you set up Jenkins for high availability
+
Use a clustered setup with multiple Jenkins masters and sharedstorage.
Example:
Configure an NFS share for $JENKINS_HOME to ensure consis tency across
masters.
What’s your approach to restoring Jenkins from a dis
aster
+
Restore configurations and data from backups, then validate pluginsand jobs.
Example: Use thinBackup to quickly recover Jenkins data.
How do you implement Jenkins backups for
criticalenvironments
+
Use tools like thinBackup or JenkinsConfiguration as Code (JCasC) to back up
configurations, jobs, and plugins.Automate the process with cron jobs or
scripts.
Example: Automate daily backups of the $JENKINS_HOME directory and store
them on S3
or a secure location.
What strategies do you recommend for Jenkins dis aster
recovery
+
Use a secondary Jenkins instance as a standby master with replicateddata.
Example:
Periodically sync $JENKINS_HOME between primary and standby instances and
use a load
balancer forfailover.
How do you handle consis tent build failures caused by
flakytests
+
Identify flaky tests using test reports and is olate them intoseparate test
suites.
Example: Retry only the flaky tests multiple times in a dedicatedpipeline
stage.
What would you do if builds fail due to resource
exhaustion
+
Optimize resource allocation by reducing the number of concurrentbuilds or
increasing system capacity. Example: Add more Jenkins agents or limit
concurrent
jobs with theThrottle Concurrent Builds plugin.
How do you manage environment-specific variables in
Jenkinspipelines
+
Use environment variables defined in the Jenkinsfile or
externalconfiguration files.
Example: Load environment-specific files based on the selected parameter
using: def
config = readYaml file: "config/${env.ENVIRONMENT}.yaml"
How do you handle multi-environment deployments in a
single pipeline
+
Use declarative pipeline stages with conditional logic for
differentenvironments.
Example: Deploy to QA, Staging, and Production in sequence withmanual
approval gates
for Staging and Production.
How do you reduce pipeline execution time for
largeapplications
+
Use parallel stages, build caching, and pre-configuredenvironments. Example:
Parallelize unit tests, integration tests, and static codeanalysis stages.
How do you identify and fix bottlenecks in Jenkins
pipelines
+
Use performance plugins or monitor logs to detect slow stages. Example:
Split a
long-running build stage into smaller tasks oroptimize resource- intensive
scripts.
How do you ensure reproducibility in containerized
Jenkinspipelines
+
Use Docker images with all required dependenciespre-installed. Example:
Build and
test Node.js applications using a custom Docker image: agent { docker {
image
'custom-node:14' } }
How do you handle container orchestration in Jenkins
pipelines
+
Use Kubernetes plugins or tools like Helm for deploying and
managingcontainers.
Example: Deploy a Helm chart to Kubernetes as part of thepipeline.
How do you manage shared Jenkins resources across
multipleteams
+
Use the Folder and Role-Based Authorization Strategy plugins tois olate
team-
specific configurations. Example: Each team has a dedicated folder with
restricted
access totheir jobs and agents.
How do you create reusable components for different
team
pipelines
+
Use Jenkins Shared Libraries for common functionality like deploymentscripts
or
notifications. Example: Create a shared library to send Slack notifications:
def
sendNotification(String message) { slackSend(channel:'#builds', message:
message) }
How do you secure sensitive API keys and tokens
inJenkins
+
Use the Credentials plugin to securely store and retrieve
sensitiveinformation.
Example: Use withCredentials to pass an APItoken to a pipeline:
withCredentials([string(credentialsId: 'api-token', variable:'TOKEN')]) { sh
"curl
-H 'Authorization: Bearer ${TOKEN}'https://api.example.com" }
How do you implement secure access controlfor Jenkins
users
+
Use the Role-Based Authorization Strategy plugin to define roles andpermis
sions.
Example: Admins have full access, while developers have job-specificpermis
sions.
How do you handle integration testing in
Jenkinspipelines
+
Spin up test environments using Docker or Kubernetes for is olatedtesting.
Example:
Run integration tests against a temporary database containerin a pipeline
stage.
How do you automate regression testing in Jenkins
+
Use tools like Selenium or TestNG for regression tests triggeredafter every
build.
Example: Schedule nightly builds to run a regression testsuite.
How do you customize build notifications inJenkins
+
Use plugins like Email Extension or Slack Notification with customtemplates.
Example: Include build duration and commit messages in Slacknotifications.
How do you configure Jenkins to notify specific
stakeholders
+
Use the post-build step to send notifications to different recipientsbased
on
pipeline results. Example: Notify developers on failure and QA on success.
How do you integrate Jenkins with Terraform for
IaCautomation
+
Use the Terraform plugin or CLI to apply configurations. Example: Add a
stage to
validate, plan, and apply Terraformscripts.
How do you integrate Jenkins with Ansible for
configuration management
+
Trigger Ansible playbooks from the Jenkins pipeline using the Ansibleplugin
or CLI.
Example: Use ansiblePlaybook to deployconfigurations to a server.
How do you horizontally scale Jenkins to handle
highworkloads
+
Add multiple agents and dis tribute builds using labels or nodeaffinity.
Example:
Use Kubernetes agents to dynamically scale based on thebuild queue.
How do you optimize Jenkins for a dis tributed build
environment
+
Use dis tributed agents with pre-installed dependencies to reducesetup time.
Example: Assign resource-intensive jobs to dedicated high-performanceagents.
How do you handle multi-region deployments inJenkins
+
Use separate stages or pipelines for each region. Example: Deploy to US-East
and
EU-West regions using AWS CLIcommands.
How do you implement zero-downtime deployments in
Jenkins
+
Use rolling updates or blue-green deployments to ensureavailability.
Example:
Gradually replace instances in an auto-scaling group withthe new version.
How do you debug Jenkins pipeline is sues inreal-time
+
Use console logs and debug flags in pipeline steps. Example: Add set -x to
shell
commands fordetailed debugging.
How do you handle agent dis connect is sues during
builds
+
Implement retry logic and configure robust reconnect settings. Example:
Auto-restart
agents if they dis connect due to resourceconstraints.
How do you implement pipeline-as-code in Jenkins
+
Store Jenkinsfiles in the source code repository forversion-controlled
pipelines.
Example: Use checkout scm to pull theJenkinsfile from Git.
How do you integrate Jenkins with GitOps workflows
+
Use tools like ArgoCD or Flux in combination with Jenkins forGitOps.
Example:
Trigger a deployment when changes are committed to a Gitrepository.
How do you implement feature toggles in
Jenkinspipelines
+
Use environment variables or configuration files to toggle featuresduring
deployment. Example: Use a parameter in the pipeline to enable or dis able a
specific feature: if (params.ENABLE_FEATURE_X) { sh 'deploy-feature-x.sh' }
How do you automate multi-branch testing in Jenkins
+
Use multibranch pipelines to automatically detect and run tests onnew
branches.
Example: Configure branch-specific Jenkinsfiles to define uniquetesting
workflows.
How do you manage dependency trees in Jenkins for
largeprojects
+
Use build tools like Maven or Gradle with dependency managementfeatures.
Example:
Trigger dependent builds using the Parameterized Trigger plugin.
How do you build microservices with interdependencies
in
Jenkins
+
Use a parent pipeline to trigger builds for dependent microservicesin the
correct
order. Example: Build Service A, then trigger builds for Services B and
C,which
depend on it.
How do you deploy multiple services using Jenkins
inparallel
+
Use the parallel directive in a declarativepipeline. Example: Deploy
frontend,
backend, and database servicessimultaneously.
How do you sequence dependent service deployments in
Jenkins
+
Use pipeline stages with proper dependencies defined. Example: Deploy a
database
schema before deploying the backendservice.
How do you enforce code scanning in Jenkinspipelines
+
Integrate tools like Snyk, Checkmarx, or OWASPDependency-Check. Example: Add
a stage
to scan for vulnerabilities in dependencies andfail the build on
high-severity is
sues.
How do you prevent unauthorized pipeline modifications
+
Use Git repository branch protections and Jenkins accesscontrols. Example:
Require
pull requests to be reviewed before updatingJenkinsfiles in main .
How do you manage Jenkins jobs for legacy systems
+
Use parameterized freestyle jobs or convert them into pipelines forbetter
flexibility. Example: Migrate a job using shell scripts into a
scriptedpipeline.
How do you ensure compatibility between Jenkins and
legacy build tools
+
Use custom scripts or Dockerized environments that mimic the legacysystem.
Example:
Run builds in a container with legacy dependenciespre-installed.
How do you store and retrieve pipeline artifacts
inJenkins
+
Use the Archive the Artifacts plugin or storeartifacts in a dedicated
repository
like Nexus or Artifactory. Example: Archive build logs and binaries for
debugging
andauditing.
How do you handle large artifact storage in Jenkins
+
Use external storage solutions like S3 or Azure Blob Storage. Example:
Upload
artifacts to an S3 bucket as part of the post-buildstep.
How do you trigger Jenkins builds based on Git
tagcreation
+
Configure webhooks to trigger jobs when a tag is created. Example: Trigger a
release
pipeline for tags matching the pattern v* .
How do you implement Git submodule handling in Jenkins
+
Enable submodule support in the Git plugin configuration. Example: Clone and
update
submodules automatically during thecheckout process.
How do you implement cross-browser testing inJenkins
+
Use tools like Selenium Grid or BrowserStack for browsercompatibility
testing.
Example: Run tests across Chrome, Firefox, and Safari in parallelstages.
How do you manage test environments dynamically in
Jenkins
+
Use Docker or Kubernetes to spin up test environments during
pipelineexecution.
Example: Deploy test environments using Helm charts and tear themdown after
tests.
How do you customize notifications for specific
pipelinestages
+
Use conditional logic to send stage-specific notifications. Example: Notify
the QA
team only when the test stage fails.
How do you integrate Jenkins with Microsoft Teams for
notifications
+
Use a webhook to send notifications to Teams channels. Example: Post
pipeline
results to a Teams channel using a curl command.
How do you optimize Jenkins pipelines for
Docker-basedapplications
+
Use Docker caching and multis tage builds to speed up builds. Example: Build
and
push Docker images only if code changes aredetected.
How do you deploy containerized applications using
Jenkins
+
Use Kubernetes manifests or Docker Compose files in pipelinescripts.
Example: Deploy
to Kubernetes using kubectlapply .
How do you debug failed Jenkins jobs effectively
+
Analyze logs, enable debug mode, and rerun failing stepslocally. Example:
Use sh
'set -x' inpipeline steps to trace shell command execution.
How do you handle intermittent pipeline failures
+
Use retry mechanis ms and investigate logs to identify flakycomponents.
Example:
Retry a step with a maximum of three attempts: retry(3) { sh
'flaky-command.sh' }
How do you implement blue-green deployments in
Jenkinspipelines
+
Use separate environments for blue and green, then switch trafficusing a
load
balancer. Example: Deploy the new version to the green environment, test it,
and
redirect traffic from blue to green .
How do you roll back a blue-green deployment
+
Switch traffic back to the stable environment (e.g., blue ) in case of is
sues.
Example: Update load balancer settings to point to the previousversion.
How do you standardize pipeline templates for
multipleprojects
+
Use Jenkins Shared Libraries to define reusable pipelinefunctions. Example:
Define a
buildAndDeploy function forconsis tent CI/CD across projects.
How do you parameterize pipeline templates for
different
use cases
+
Use pipeline parameters to customize behavior dynamically. Example: Use a
DEPLOY_ENV
parameter to specifythe target environment.
How do you monitor long-running builds in Jenkins
+
Use the Build Monitor plugin or integrate with external monitoringtools.
Example:
Set up alerts for builds exceeding a specificduration.
How do you identify agents with high resource usage
+
Use the Monitoring plugin or analyze system metrics. Example: Identify
agents with
CPU or memory spikes duringbuilds.
How do you audit Jenkins pipelines for
regulatorycompliance
+
Use plugins like Audit Trail to log all pipeline changes andexecutions.
Example:
Ensure every production deployment is traceable with anaudit log.
How do you enforce compliance checks in Jenkins
pipelines
+
Integrate with compliance tools like HashiCorp Sentinel or customscripts.
Example:
Fail the pipeline if IaC templates do not meet compliancerequirements.
How do you configure Jenkins for auto-scaling in
cloudenvironments
+
Use Kubernetes or AWS plugins to dynamically scale agents based onthe build
queue.
Example: Configure a Kubernetes pod template to spin up agents ondemand.
How do you balance workloads in a dis tributed Jenkins
setup
+
Use node labels and assign jobs based on agent capabilities. Example: Assign
resource-intensive builds to high-memoryagents.
How do you analyze build success rates in Jenkins
+
Use the Build His tory Metrics plugin or integrate with externalanalytics
tools.
Example: Generate reports showing success and failure trends overtime.
How do you track pipeline execution times across
multiple jobs
+
Use the Pipeline Stage View plugin to vis ualize executiontimes. Example:
Identify
stages with consis tently high executiontimes.
How do you implement canary deployments in
Jenkinspipelines
+
Deploy updates to a small percentage of instances or users first,then
gradually
increase. Example: Route 5% of traffic to the new version using feature
flagsor load
balancer rules.
How do you deploy serverless applications using
Jenkins
+
Use CLI tools like AWS SAM or Azure Functions Core Tools. Example: Deploy a
Lambda
function using aws lambdaupdate-function-code .
How do you handle a Jenkins master node running out of
dis kspace
+
Clean up old build logs, artifacts, and workspace directories.Example: Use a
script
to automate periodic cleanup: find $JENKINS_HOME/workspace -type d -mtime
+30 -exec
rm -rf {}\;
How do you address slow Jenkins startup times
+
Optimize plugins by removing unused ones and upgrading to newerversions.
Example:
Use the Pipeline Speed/Durability Settings for lightweight pipeline
executions.
How do you migrate from Jenkins to a modern CI/CDtool
+
Export pipelines, convert them to the new tool's format, andtest the
migrated
workflows. Example: Migrate from Jenkins to GitHub Actions using
YAML-basedworkflows.
How do you ensure Jenkins pipelines remain
future-proof
+
Regularly update plugins, adopt new best practices, and refactoroutdated
pipelines.
Example: Transition from freestyle jobs to declarative pipelines forbetter
maintainability.
How would you design a Jenkins setup for a
large-scaleenterpris e application with multiple teams
+
Design a master-agent architecture where the master handlesscheduling and
orchestrating jobs, and agents execute jobs. Use dis tributed builds by
configuring
Jenkins agents ondifferent machines or containers. Implement folder-based
multi-tenancy to is olate pipelines foreach team. Secure the Jenkins setup
using
role-based access control(RBAC). Example: Team A has access to Folder A with
restrictedpipeline vis ibility, while the master node ensures no resource
contention.
How can you scale Jenkins to handle high build loads
+
Use Kubernetes-based Jenkins agents that scale dynamicallybased on workload.
Implement build queue monitoring and optimize resourceallocation by
offloading
non-critical jobs to low-priority nodes. Use Jenkins Operations Center
(CloudBees
CI) for centralizedmanagement of multiple Jenkins instances.
How do you manage plugins in a Jenkins environment to
ensure stability
+
Maintain a lis t of approved plugins after testingcompatibility with the
Jenkins
version. Regularly update plugins in a staging environment beforerolling
them into
production. Example: While upgrading the Git plugin, test it with
yourpipelines in
staging to ensure no dis ruption.
How do you design a Jenkins pipeline to support
multipleenvironments (e.g., Dev, QA, Prod)
+
Use parameterized pipelines where environment-specificconfigurations (e.g.,
URLs,
credentials) are passed as parameters. Implement environment-specific stages
or
branch-specificpipelines. Example: A pipeline that promotes a build from Dev
to QA
andthen to Prod using approval gates between stages.
How can you handle dynamic branch creation in Jenkins
pipelines
+
Use multibranch pipelines that automatically detect newbranches in a
repository and
create pipelines for them. Configure the Jenkinsfile in each branch to
define
itspipeline behavior.
How do you ensure pipeline resilience in case of
intermittent failures
+
Use retry blocks in declarative orscripted pipelines to retry failed stages.
Example: Retrying a flaky test stage three times withexponential backoff.
Implement
conditional steps using catchError to handle failures gracefully.
How do you secure sensitive credentials in
Jenkinspipelines
+
Use the Jenkins Credentials plugin to store secrets securely. Access
credentials
using environment variables or bindings inthe pipeline. Example: Fetch an
API key
stored in Jenkins credentials using withCredentials in a scripted pipeline.
How do you enforce role-based access control(RBAC) in
Jenkins
+
Use the Role-Based Authorization Strategy plugin. Define roles like Admin,
Developer, and Viewer, and assignpermis sions for jobs, folders, and builds
accordingly.
How do you integrate Jenkins with Docker for
buildingand
deploying applications
+
Use the Docker plugin or Docker Pipeline plugin. Example: Build a Docker
image in
the pipeline using docker.build and push it to a container regis try. Run
tests in
ephemeral Docker containers for consis tent testenvironments.
How do you integrate Jenkins with a Kubernetes cluster
for deployments
+
Use the Kubernetes plugin or kubectl commands in the pipeline. Example: Use
a
Kubernetes pod template with custom containersfor builds, then deploy
applications
using kubectl apply .
How can you reduce the build time of a Jenkinsjob
+
Use parallel stages to execute independent taskssimultaneously. Example:
Parallelize
static code analysis , unit tests, andintegration tests. Use build caching
mechanis
ms like Docker layer caching ordependency caching.
How do you optimize Jenkins for CI/CD pipelines with
heavy test loads
+
Split tests into smaller batches and run them in parallel. Use sharding for
dis
tributed test execution across multipleagents. Example: Divide a 10,000-test
suite
into 10 shards anddis tribute them across agents.
What would you do if a Jenkins job hangsindefinitely
+
Check the Jenkins build logs for deadlocks or resourcecontention. Restart
the agent
where the build is stuck, if needed. Example: A job stuck in docker build
could
indicate Docker daemon is sues; restart the Docker service.
How do you troubleshoot a Jenkins job that keeps
failing
at the same step
+
Analyze the console output to identify the error message. Check for
environmental is
sues like mis sing dependencies orincorrect permis sions. Example: A Maven
build
failing due to repository connectivitymight require checking proxy
configurations.
How do you implement manual approval gates in
Jenkinspipelines
+
Use the input step in a declarativepipeline. Example: Add an approval step
before
deploying to production.Only after manual confirmation does the pipeline
proceed.
How do you handle blue-green deployments in Jenkins
+
Create separate pipelines for blue and green environments. Route traffic to
the new
environment after successfuldeployment and health checks. Example: Use AWS
Route53
or Kubernetes Ingress to switchtraffic seamlessly.
How do you monitor Jenkins build trends
+
Use the Build His tory and Build Monitor plugins. Example: Vis ualize
pass/fail
trends over time to identifyflaky tests.
How do you notify teams about build failures
+
Use the Email Extension or Slack Notification plugins. Example: Configure a
Slack
webhook to notify the #build-alerts channel upon failure.
How do you manage monorepos in Jenkinspipelines
+
Use sparse checkouts to fetch only the required directories. Example:
Trigger
pipelines based on changes in specificsubdirectories using the dir parameter
in Git.
How do you handle merge conflicts in a Jenkins
pipeline
+
Use Git pre-merge hooks or resolve conflicts locally and pushthe updated
code.
Example: A pipeline can fetch both source and target branches,merge them in
a
temporary branch, and check for conflicts.
How do you trigger a Jenkins pipeline from
anotherpipeline
+
Use the build step in a scripted or declarativepipeline to trigger another
pipeline.
Example: Pipeline A builds the application, and Pipeline B deploysit.
Pipeline A
calls Pipeline B using build(job:'Pipeline-B', parameters: [string(name:
'version',value: '1.0')]) .
How do you handle shared libraries in Jenkins
pipelines
+
Use the Global Shared Libraries feature inJenkins. Example: Create reusable
Groovy
functions for common tasks (e.g.,linting, packaging) and call them in
pipelines
using @Library('my-library') .
How do you implement conditional logic in Jenkins
pipelines
+
Use when in declarative pipelines or if statements in scripted pipelines.
Example:
Skip deployment if the branch is not main using when { branch 'main' } .
How do you handle job failures in a Jenkins pipeline
+
Use the catchError block to handle errorsgracefully. Example: catchError {
sh
'some-failing-command' } echo 'Handled the failure and proceeding.'
What would you do if a Jenkins master node crashes
+
Restore the master node from backups. Use Jenkins’ thinBackup or a similar
plugin
for automatedbackups. Example: After restoration, ensure the plugins and
configuration aresynchronized.
How do you restart a failed Jenkins pipeline from a
specific stage
+
Enable the Restart from Stage feature in theJenkins declarative pipeline.
Example:
If the Deploy stage fails, restart thepipeline from that stage without re-
executing
previous stages.
How do you integrate Jenkins with SonarQube for code
qualityanalysis
+
Use the SonarQube Scanner plugin. Example: Add a stage in the pipeline to
run
sonar-scanner and publis h results to the SonarQubeserver.
How do you enforce code coverage thresholds in Jenkins
pipelines
+
Use tools like JaCoCo or Cobertura and configure the build to fail
ifthresholds are
not met. Example: jacoco(execPattern: '**/jacoco.exec',
minimumBranchCoverage: '80')
How do you implement parallelis m in Jenkinspipelines
+
Use the parallel directive in declarativepipelines or parallel block in
scripted
pipelines. Example: Run unit tests , integration tests , and linting
inparallel
stages.
How do you optimize resource utilization in Jenkins
+
Use lock to manage resource contention. Example: Limit concurrent jobs
accessing a
shared environment using lock('resourceName') .
How do you run Jenkins jobs in a Docker container
+
Use the docker block in declarativepipelines. Example: agent { docker {
image
'node:14' } }
How do you ensure consis tent environments for Jenkins
builds
+
Use Docker images to define build environments. Example: Use a prebuilt
image with
all dependencies pre-installed forfaster builds.
How do you integrate Jenkins with AWS for CI/CD
+
Use the AWS CLI or AWS-specific Jenkins plugins. Example: Deploy an
application to
S3 using aws s3 cp commands in the pipeline.
How do you configure Jenkins to deploy to Azure
Kubernetes Service (AKS)
+
Use kubectl commands with AKS credentialsstored in Jenkins credentials.
Example:
Deploy manifests using sh 'kubectl apply-f k8s.yaml' .
How do you trigger a Jenkins job when a file changes
inGit
+
Use GitHub or Bitbucket webhooks configured with the Jenkinsjob. Example: A
webhook
triggers the job only for changes in a specificfolder by setting path
filters.
How do you schedule periodic builds in Jenkins
+
Use the Build periodically option or cron syntax in pipeline scripts.
Example:
Schedule a nightly build using H 0 * ** .
How do you audit build logs and job execution
inJenkins
+
Enable the Audit Trail plugin to track user actions. Example: View changes
made to
jobs, builds, and plugins.
How do you implement compliance checks in Jenkins
pipelines
+
Integrate with tools like OpenSCAP or custom scripts for
compliancevalidation.
Example: Validate infrastructure as code (IaC) templates forcompliance
before
deployment.
How do you manage build artifacts in Jenkins
+
Use the Archive the artifacts post-buildstep. Example: Store JAR files and
logs for
future reference using archiveArtifacts artifacts: 'build/*.jar' .
How do you publis h artifacts to a repository like
Nexus
or Artifactory
+
Use Maven/Gradle plugins or REST APis for publis hing. Example: Push aJAR
file to
Nexus with: sh 'mvn deploy'
How do you notify a team about pipeline status
+
Use Slack or Email plugins for notifications. Example: Notify Slackon
success or
failure with: slackSend channel: '#builds', message:
"Build#${env.BUILD_NUMBER}
${currentBuild.result}"
How do you send detailed build reports via email in
Jenkins
+
Use the Email Extension plugin and configure templates for detailedreports.
Example:
Include build logs and test results in the email.
How do you back up Jenkins configurations
+
Use the thinBackup plugin or manual backup of $JENKINS_HOME . Example:
Automate
backups nightly and store them in a secure locationlike S3.
How do you recover a Jenkins instance from backup
+
Restore the $JENKINS_HOME directory from thebackup and restart Jenkins.
Example:
After restoration, validate all jobs and credentials.
How do you implement feature flags in Jenkinspipelines
+
Use environment variables or external tools like LaunchDarkly. Example: A
feature
flag determines whether to deploy the featurebranch.
How do you integrate Jenkins with a database for
testing
+
Spin up a database container or use a preconfigured testdatabase. Example:
Use
Docker Compose to bring up a MySQL container beforerunning tests.
How do you manage long-running jobs in Jenkins
+
Break them into smaller jobs or stages to allow checkpoints. Example: Use
timeout to
terminate excessivelylong builds.
What would you do if Jenkins pipelines start failing
intermittently
+
Investigate resource constraints, flaky tests, or networkis sues. Example:
Monitor
agent logs and rebuild affected stages.
How do you manage Jenkins jobs for multiple branches
in
a monorepo
+
Use multibranch pipelines or branch-specific Jenkinsfiles.
How do you handle cross-team collaboration in Jenkins
pipelines
+
Use shared libraries for reusable code and maintain a central
Jenkinsgovernance
team.
How do you manage Jenkins agents in a dynamic
cloudenvironment
+
Use a cloud provider plugin (e.g., Amazon EC2 or Kubernetes). Example:
Configure
Kubernetes-based agents to dynamically spin uppods based on job demands.
How do you limit the number of concurrent builds for a
Jenkins job
+
Use the Throttle Concurrent Builds plugin. Example: Set a limit of two
builds per
agent to avoid resourcecontention.
How do you optimize Jenkins for large-scale builds
with
limited hardware
+
Use build labels to dis tribute specific jobs to the rightagents. Example:
Assign
resource-intensive builds to high-capacity agentswith labels like high_mem .
How do you implement custom notifications in
Jenkinspipelines
+
Use a custom script to send notifications via APis . Example: Integrate with
Microsoft Teams by using their webhook API tosend custom alerts.
How do you alert stakeholders only on critical build
failures
+
Use conditional steps in pipelines to send notifications based onfailure
type.
Example: Notify stakeholders if the failure occurs in the Deploy stage.
How do you manage dependencies in a Jenkins
CI/CDpipeline
+
Use dependency management tools like Maven, Gradle, or npm. Example: Use a
package.json or pom.xml file to ensure consis tent dependencies
acrossbuilds.
How do you handle dependency conflicts in a Jenkins
build
+
Use dependency resolution features of tools like Maven orGradle. Example:
Exclude
transitive dependencies causing conflicts in the pom.xml .
How do you debug Jenkins pipeline failureseffectively
+
Enable verbose logging for specific stages or commands. Example: Use sh 'set
-x
&&your-command' for detailed command output.
How do you log custom messages in Jenkins pipelines
+
Use the echo step in declarative or scriptedpipelines. Example: echo
"Starting
deployment toenvironment: ${env.ENV_NAME}" .
How do you monitor Jenkins server health
+
Use the Monitoring plugin or external toolslike Prometheus and Grafana.
Example:
Monitor JVM memory, dis k usage, and thread activity usingPrometheus
exporters.
How do you set up Jenkins alerts for high resource
usage
+
Integrate Jenkins with monitoring tools like Nagios orDatadog. Example:
Trigger an
alert if CPU usage exceeds 80% duringbuilds.
How do you set up pipelines to work on multiple
operatingsystems
+
Use agent labels to target specific platforms (e.g., linux , windows ).
Example: Run
tests on both Linux and Windows agents using parallelstages.
How do you ensure portability in Jenkins pipelines
across environments
+
Use containerized builds with Docker for a consis tent runtime. Example:
Build and
test the application in the same Dockerimage.
How do you create custom build steps in Jenkins
+
Use the Pipeline Utility Steps plugin or write custom Groovyscripts.
Example: Create
a step to clean the workspace, fetch dependencies,and run tests.
How do you extend Jenkins functionality with custom
plugins
+
Develop a custom Jenkins plugin using the Jenkins Plugin DevelopmentKit
(PDK).
Example: A plugin to integrate Jenkins with a proprietarydeployment system.
How do you integrate Jenkins with performance testing
tools likeJMeter
+
Use the Performance Plugin to parse JMeter results. Example: Trigger a
JMeter
script, then analyze results withthresholds for build pass/fail criteria.
How do you fail a Jenkins build if performance metrics
are below expectations
+
Add a stage to validate performance metrics against predefinedthresholds.
Example:
Fail the build if response time exceeds 500ms.
How do you trigger a Jenkins job based on an external
event (e.g., anAPI call)
+
Use the Jenkins Remote Trigger URL with an API token. Example: Trigger a job
using
curl -XPOST
+
/job/ /buildtoken= .
How do you schedule a Jenkins job to run only on
specific days
+
Use a cron expression in the Build periodically field. Example: Schedule a
job for
Mondays and Fridays using H H * * 1,5 .
How do you use Jenkins to automate databasemigrations
+
Integrate with tools like Flyway or Liquibase. Example: Add a pipeline stage
to run
migration scripts beforedeployment.
How do you verify database changes in a Jenkins
pipeline
+
Add a test stage to validate schema changes or dataconsis tency. Example:
Run SQL
queries to ensure migration scripts worked asexpected.
How do you secure Jenkins pipelines from
maliciousscripts
+
Use sandboxed Groovy scripts and validate third-partyJenkinsfiles. Example:
Use a
code review process for external contributions.
How do you protect sensitive information in Jenkins
logs
+
Mask sensitive information using the Mask Passwords plugin. Example: API
keys are
replaced with **** inlogs.
How do you implement versioning in Jenkins pipelines
+
Use build numbers or Git tags for versioning. Example: Generate a version
like
1.0.${BUILD_NUMBER} during the build process.
How do you automate release tagging in Jenkins
+
Use git tag commands in the pipeline. Example: Add a post-build step to tag
the
release and push it to therepository.
How do you fix "agent offline" is sues inJenkins
+
Verify network connectivity, agent logs, and master-agentconfigurations.
Example:
Check if the agent process has permis sions to connect to themaster.
What would you do if Jenkins fails to fetch code from
a
Git repository
+
Check Git plugin configurations, repository URL, and accesscredentials.
Example:
Verify that the SSH key used by Jenkins is valid.
How do you implement canary deployments in Jenkins
+
Deploy a small percentage of traffic to the new version and monitorbefore
full
rollout. Example: Use a custom script or plugin to automate trafficshifting.
How do you automate rollback in Jenkins pipelines
+
Maintain a record of previous deployments and redeploy the lastsuccessful
build.
Example: Use a rollback stage that fetchesartifacts of the previous version.
How do you ensure Jenkins pipelines are maintainable
+
Use shared libraries, modular pipelines, and cleardocumentation. Example:
Abstract
repetitive tasks like linting or packaging intoshared library functions.
How do you handle Jenkins updates in a production
environment
+
Test updates in a staging environment before applying them toproduction.
Example:
Validate that plugins are compatible with the new Jenkinsversion.
How do you handle long-running builds inJenkins
+
Use timeout steps to terminate excessive runtimes. Example: Fail the build
if it
exceeds 2 hours.
How do you prioritize critical jobs in Jenkins
+
Assign higher priority to critical jobs using the Priority Sorterplugin.
Example:
Ensure deployment jobs are always queued before non-criticalones.
How do you build and test multiple modules of a
monolithicapplication in Jenkins
+
Use a multi-module build system like Maven or Gradle to compile andtest each
module
independently. Example: Add stages in the pipeline to build, test, and
packagemodules sequentially or in parallel.
How do you configure Jenkins to build microservices
independently
+
Use separate pipelines for each microservice. Example: Trigger the build of
a
specific microservice based onchanges in its folder using the path parameter
inmultibranch pipelines.
How do you integrate Jenkins with Selenium for
UItesting
+
Use the Selenium WebDriver and Jenkins Selenium plugin. Example: Add a stage
in the
pipeline to run Selenium test scripts ona dedicated test environment.
How do you fail a Jenkins build if tests fail
intermittently
+
Use the retry block to re-run flaky tests alimited number of times. Example:
Fail
the build after three retries if the tests continue tofail.
How do you pass parameters dynamically to a
Jenkinspipeline
+
Use parameterized builds and populate parameters dynamically througha
script.
Example: Use the active choice plugin topopulate a dropdown with values
fetched from
an API.
How do you create matrix builds in Jenkins
+
Use the Matrix plugin or a declarative pipeline with matrix stages. Example:
Test an
application on multiple OS and Java versions.
How do you back up and restore Jenkins jobs
+
Back up the $JENKINS_HOME/jobs directory. Example: Automate backups using a
cron job
or tools like thinBackup .
What steps would you follow to restore Jenkins jobs
from
backup
+
Stop Jenkins, copy the backed-up job configurations to the
$JENKINS_HOME/jobs
directory, and restart Jenkins. Example: Verify job configurations and
plugin
dependenciespost-restoration.
How do you use Jenkins to validate Infrastructure as
Code(IaC)
+
Integrate tools like Terraform or CloudFormation with Jenkinspipelines.
Example: Add
a stage to validate Terraform plans using terraform validate .
How do you implement automated provis ioning using
Jenkins
+
Use Jenkins to trigger Terraform or Ansible scripts for provis
ioninginfrastructure.
Example: Provis ion an AWS EC2 instance and deploy an application onit as
part of
the pipeline.
How do you test across multiple environments
simultaneously inJenkins
+
Use parallel stages in declarative pipelines. Example: Run tests on Dev, QA,
and
Staging environments inparallel.
How do you configure Jenkins to run parallel builds
for
multiple branches
+
Use multibranch pipelines to detect and execute builds for allbranches.
Example:
Each branch builds independently in its pipeline.
How do you securely pass secrets to a Jenkins job
+
Use the Credentials plugin to inject secrets into the pipeline.Example: Use
withCredentials to pass a secret API key to ashell script:
withCredentials([string(credentialsId: 'api-key', variable:'API_KEY')]) { sh
'curl
-H "Authorization: $API_KEY"https://api.example.com' }
How do you audit the usage of credentials in Jenkins
+
Enable auditing through the Audit Trail plugin and monitor credentialusage
logs.
Example: Identify unauthorized access to sensitivecredentials.
How do you manage a situation where a Jenkins job is
stuckindefinitely
+
Identify the is sue by reviewing the build logs and system resourceusage.
Example:
Terminate the stuck process on the agent and re-trigger thejob.
How do you handle pipeline execution that consumes
excessive resources
+
Use resource quotas or throttle settings tolimit resource usage. Example:
Assign
builds to low-resource agents for non-criticaljobs.
How do you implement multi-cloud deployments
usingJenkins
+
Configure multiple cloud credentials and deploy to each
providerconditionally.
Example: Deploy to AWS, Azure, and GCP using environment-specificdeployment
scripts.
How do you monitor Jenkins pipeline performance
+
Use plugins like Build Monitor, Prometheus, or Performance Publis herto
track
performance metrics. Example: Analyze pipeline execution time trends to
optimize
slowstages.
How do you generate build trend reports in Jenkins
+
Use the Test Results Analyzer or Dashboard View plugin. Example: Vis ualize
the
number of passed, failed, and skipped testsover time.
How do you create dynamic stages in a Jenkinspipeline
+
Use Groovy scripting in a scripted pipeline to define stagesdynamically.
Example:
Loop through a lis t of services and create a build stage foreach.
How do you dynamically load environment configurations
in Jenkins
+
Use configuration files stored in a repository or as a Jenkins
sharedlibrary.
Example: Load environment-specific variables from a JSON file duringthe
pipeline
execution.
How do you implement build caching in Jenkinspipelines
+
Use tools like Docker cache or Gradle/Maven build caches. Example: Use a
shared
cache directory for dependencies acrossbuilds.
How do you handle incremental builds in Jenkins
+
Configure the pipeline to build only the modified components usingtools like
Git
diff. Example: Trigger builds for only the microservices that havechanged.
How do you set up Jenkins for multitenant usage
acrossteams
+
Use folders, RBAC, and dedicated agents for each team. Example: Team A and
Team B
have separate folders with is olatedpipelines and credentials.
How do you handle conflicts when multiple teams use
shared Jenkins resources
+
Use the Lockable Resources plugin to serializeaccess to shared resources.
Example:
Ensure only one team can deploy to the staging environmentat a time.
How do you recover a pipeline that fails due to a
transientis sue
+
Use retry blocks to automatically retry thefailed step. Example: Retry a
deployment
step up to three times if it fails due tonetwork is sues.
How do you resume a pipeline after fixing an error
+
Use the Restart from Stage feature indeclarative pipelines. Example: Resume
the
pipeline from the Deploy stage after fixing a configuration is sue.
How do you integrate Jenkins with JIRA for is
suetracking
+
Use the JIRA plugin to update is sue status automatically after abuild.
Example:
Transition a JIRA ticket to "In Progress" when thebuild starts.
How do you integrate Jenkins with a service bus or
message queue
+
Use custom scripts or plugins to publis h messages to RabbitMQ, Kafka,or AWS
SQS.
Example: Notify downstream systems after a successful deployment bysending a
message
to a queue.
How do you use Jenkins to build and test
containerizedapplications
+
Use the Docker Pipeline plugin to build and test images. Example: Build a
Docker
image in one stage and run tests in acontainerized environment in the next
stage.
How do you manage container orchestration with Jenkins
+
Use Kubernetes or Docker Compose to orchestrate multi-containerenvironments.
Example: Deploy an application and database containers together
forintegration
tests.
How do you allocate specific agents for
certainpipelines
+
Use agent labels in the pipeline configuration. Example: Assign a pipeline
to the
high-memory agent for resource-intensive builds.
How do you ensure efficient resource utilization
across
Jenkins agents
+
Use the Load Balancer plugin or Jenkins Cloud Agents for dynamicscaling.
Example:
Scale down idle agents during off-peak hours.
How do you manage Jenkins configurations
acrossenvironments
+
Use tools like Jenkins Configuration as Code (JCasC) or custom
Groovyscripts.
Example: Use a YAML configuration file to define jobs, credentials,
andplugins.
How do you version controlJenkins jobs and pipelines
+
Store pipeline scripts in a Git repository. Example: Use Jenkinsfiles to
define
pipelines, making them portableand traceable.
How do you implement rolling deployments withJenkins
+
Deploy updates incrementally to a subset of servers or pods. Example: Update
10% of
the pods in Kubernetes before proceeding tothe next batch.
How do you automate blue-green deployments in Jenkins
+
Use separate environments for blue and green and switch traffic
post-deployment.
Example: Use a load balancer to toggle between environments aftersuccessful
tests.
How do you integrate Jenkins with API testing tools
likePostman
+
Use Newman (Postman CLI) in the pipeline to executecollections. Example: Run
newman
run collection.json in atest stage.
How do you handle test data for automated testing in
Jenkins
+
Use environment variables or configuration files to provide testdata.
Example: Pass
database credentials as environment variables duringtest execution.
How do you automate release notes generation inJenkins
+
Use a custom script or plugin to fetch Git commit messages or JIRAupdates.
Example:
Generate release notes from commits tagged with [release] .
How do you implement versioning in a CI/CD pipeline
+
Use Git tags or build numbers to version artifacts. Example: Create a
version string
like 1.0.${BUILD_NUMBER} for every build.
What steps would you take if Jenkins builds suddenly
start failingacross all jobs
+
Check global configurations, credentials, and plugin updates. Example:
Investigate
whether a recent plugin update causedcompatibility is sues.
How do you handle Jenkins agent dis connections during
builds
+
Configure a reconnect strategy or reassign the job to anotheragent. Example:
Use a
script to auto-restart dis connected agents.
How do you design pipelines to handle varying
deploymentstrategies
+
Use parameters to define the deployment type (e.g., rolling,canary).
Example: A
pipeline prompts the user to select the strategy beforedeployment.
How do you configure pipelines for multiple repository
triggers
+
Use a webhook aggregator to trigger the pipeline for changes inmultiple
repositories. Example: Trigger a build when changes are made to either the
frontendor backend repositories.
How do you ensure compliance with Jenkins pipelines
+
Use tools like SonarQube for code quality checks and enforce policieswith
shared
libraries. Example: Ensure every pipeline includes a security scan stage.
How do you audit pipeline execution in Jenkins
+
Use the Audit Trail plugin to track changes and executionhis tory. Example:
Identify
who triggered a job and when.
How do you set up Jenkins for high availability
+
Use a clustered setup with multiple Jenkins masters and sharedstorage.
Example:
Configure an NFS share for $JENKINS_HOME to ensure consis tency across
masters.
What’s your approach to restoring Jenkins from a dis
aster
+
Restore configurations and data from backups, then validate pluginsand jobs.
Example: Use thinBackup to quickly recover Jenkins data.
How do you implement Jenkins backups for
criticalenvironments
+
Use tools like thinBackup or JenkinsConfiguration as Code (JCasC) to back up
configurations, jobs, and plugins.Automate the process with cron jobs or
scripts.
Example: Automate daily backups of the $JENKINS_HOME directory and store
them on S3
or a secure location.
What strategies do you recommend for Jenkins dis aster
recovery
+
Use a secondary Jenkins instance as a standby master with replicateddata.
Example:
Periodically sync $JENKINS_HOME between primary and standby instances and
use a load
balancer forfailover.
How do you handle consis tent build failures caused by
flakytests
+
Identify flaky tests using test reports and is olate them intoseparate test
suites.
Example: Retry only the flaky tests multiple times in a dedicatedpipeline
stage.
What would you do if builds fail due to resource
exhaustion
+
Optimize resource allocation by reducing the number of concurrentbuilds or
increasing system capacity. Example: Add more Jenkins agents or limit
concurrent
jobs with theThrottle Concurrent Builds plugin.
How do you manage environment-specific variables in
Jenkinspipelines
+
Use environment variables defined in the Jenkinsfile or
externalconfiguration files.
Example: Load environment-specific files based on the selected parameter
using: def
config = readYaml file: "config/${env.ENVIRONMENT}.yaml"
How do you handle multi-environment deployments in a
single pipeline
+
Use declarative pipeline stages with conditional logic for
differentenvironments.
Example: Deploy to QA, Staging, and Production in sequence withmanual
approval gates
for Staging and Production.
How do you reduce pipeline execution time for
largeapplications
+
Use parallel stages, build caching, and pre-configuredenvironments. Example:
Parallelize unit tests, integration tests, and static codeanalysis stages.
How do you identify and fix bottlenecks in Jenkins
pipelines
+
Use performance plugins or monitor logs to detect slow stages. Example:
Split a
long-running build stage into smaller tasks oroptimize resource- intensive
scripts.
How do you ensure reproducibility in containerized
Jenkinspipelines
+
Use Docker images with all required dependenciespre-installed. Example:
Build and
test Node.js applications using a custom Docker image: agent { docker {
image
'custom-node:14' } }
How do you handle container orchestration in Jenkins
pipelines
+
Use Kubernetes plugins or tools like Helm for deploying and
managingcontainers.
Example: Deploy a Helm chart to Kubernetes as part of thepipeline.
How do you manage shared Jenkins resources across
multipleteams
+
Use the Folder and Role-Based Authorization Strategy plugins tois olate
team-
specific configurations. Example: Each team has a dedicated folder with
restricted
access totheir jobs and agents.
How do you create reusable components for different
team
pipelines
+
Use Jenkins Shared Libraries for common functionality like deploymentscripts
or
notifications. Example: Create a shared library to send Slack notifications:
def
sendNotification(String message) { slackSend(channel:'#builds', message:
message) }
How do you secure sensitive API keys and tokens
inJenkins
+
Use the Credentials plugin to securely store and retrieve
sensitiveinformation.
Example: Use withCredentials to pass an APItoken to a pipeline:
withCredentials([string(credentialsId: 'api-token', variable:'TOKEN')]) { sh
"curl
-H 'Authorization: Bearer ${TOKEN}'https://api.example.com" }
How do you implement secure access controlfor Jenkins
users
+
Use the Role-Based Authorization Strategy plugin to define roles andpermis
sions.
Example: Admins have full access, while developers have job-specificpermis
sions.
How do you handle integration testing in
Jenkinspipelines
+
Spin up test environments using Docker or Kubernetes for is olatedtesting.
Example:
Run integration tests against a temporary database containerin a pipeline
stage.
How do you automate regression testing in Jenkins
+
Use tools like Selenium or TestNG for regression tests triggeredafter every
build.
Example: Schedule nightly builds to run a regression testsuite.
How do you customize build notifications inJenkins
+
Use plugins like Email Extension or Slack Notification with customtemplates.
Example: Include build duration and commit messages in Slacknotifications.
How do you configure Jenkins to notify specific
stakeholders
+
Use the post-build step to send notifications to different recipientsbased
on
pipeline results. Example: Notify developers on failure and QA on success.
How do you integrate Jenkins with Terraform for
IaCautomation
+
Use the Terraform plugin or CLI to apply configurations. Example: Add a
stage to
validate, plan, and apply Terraformscripts.
How do you integrate Jenkins with Ansible for
configuration management
+
Trigger Ansible playbooks from the Jenkins pipeline using the Ansibleplugin
or CLI.
Example: Use ansiblePlaybook to deployconfigurations to a server.
How do you horizontally scale Jenkins to handle
highworkloads
+
Add multiple agents and dis tribute builds using labels or nodeaffinity.
Example:
Use Kubernetes agents to dynamically scale based on thebuild queue.
How do you optimize Jenkins for a dis tributed build
environment
+
Use dis tributed agents with pre-installed dependencies to reducesetup time.
Example: Assign resource-intensive jobs to dedicated high-performanceagents.
How do you handle multi-region deployments inJenkins
+
Use separate stages or pipelines for each region. Example: Deploy to US-East
and
EU-West regions using AWS CLIcommands.
How do you implement zero-downtime deployments in
Jenkins
+
Use rolling updates or blue-green deployments to ensureavailability.
Example:
Gradually replace instances in an auto-scaling group withthe new version.
How do you debug Jenkins pipeline is sues inreal-time
+
Use console logs and debug flags in pipeline steps. Example: Add set -x to
shell
commands fordetailed debugging.
How do you handle agent dis connect is sues during
builds
+
Implement retry logic and configure robust reconnect settings. Example:
Auto-restart
agents if they dis connect due to resourceconstraints.
How do you implement pipeline-as-code in Jenkins
+
Store Jenkinsfiles in the source code repository forversion-controlled
pipelines.
Example: Use checkout scm to pull theJenkinsfile from Git.
How do you integrate Jenkins with GitOps workflows
+
Use tools like ArgoCD or Flux in combination with Jenkins forGitOps.
Example:
Trigger a deployment when changes are committed to a Gitrepository.
How do you implement feature toggles in
Jenkinspipelines
+
Use environment variables or configuration files to toggle featuresduring
deployment. Example: Use a parameter in the pipeline to enable or dis able a
specific feature: if (params.ENABLE_FEATURE_X) { sh 'deploy-feature-x.sh' }
How do you automate multi-branch testing in Jenkins
+
Use multibranch pipelines to automatically detect and run tests onnew
branches.
Example: Configure branch-specific Jenkinsfiles to define uniquetesting
workflows.
How do you manage dependency trees in Jenkins for
largeprojects
+
Use build tools like Maven or Gradle with dependency managementfeatures.
Example:
Trigger dependent builds using the Parameterized Trigger plugin.
How do you build microservices with interdependencies
in
Jenkins
+
Use a parent pipeline to trigger builds for dependent microservicesin the
correct
order. Example: Build Service A, then trigger builds for Services B and
C,which
depend on it.
How do you deploy multiple services using Jenkins
inparallel
+
Use the parallel directive in a declarativepipeline. Example: Deploy
frontend,
backend, and database servicessimultaneously.
How do you sequence dependent service deployments in
Jenkins
+
Use pipeline stages with proper dependencies defined. Example: Deploy a
database
schema before deploying the backendservice.
How do you enforce code scanning in Jenkinspipelines
+
Integrate tools like Snyk, Checkmarx, or OWASPDependency-Check. Example: Add
a stage
to scan for vulnerabilities in dependencies andfail the build on
high-severity is
sues.
How do you prevent unauthorized pipeline modifications
+
Use Git repository branch protections and Jenkins accesscontrols. Example:
Require
pull requests to be reviewed before updatingJenkinsfiles in main .
How do you manage Jenkins jobs for legacy systems
+
Use parameterized freestyle jobs or convert them into pipelines forbetter
flexibility. Example: Migrate a job using shell scripts into a
scriptedpipeline.
How do you ensure compatibility between Jenkins and
legacy build tools
+
Use custom scripts or Dockerized environments that mimic the legacysystem.
Example:
Run builds in a container with legacy dependenciespre-installed.
How do you store and retrieve pipeline artifacts
inJenkins
+
Use the Archive the Artifacts plugin or storeartifacts in a dedicated
repository
like Nexus or Artifactory. Example: Archive build logs and binaries for
debugging
andauditing.
How do you handle large artifact storage in Jenkins
+
Use external storage solutions like S3 or Azure Blob Storage. Example:
Upload
artifacts to an S3 bucket as part of the post-buildstep.
How do you trigger Jenkins builds based on Git
tagcreation
+
Configure webhooks to trigger jobs when a tag is created. Example: Trigger a
release
pipeline for tags matching the pattern v* .
How do you implement Git submodule handling in Jenkins
+
Enable submodule support in the Git plugin configuration. Example: Clone and
update
submodules automatically during thecheckout process.
How do you implement cross-browser testing inJenkins
+
Use tools like Selenium Grid or BrowserStack for browsercompatibility
testing.
Example: Run tests across Chrome, Firefox, and Safari in parallelstages.
How do you manage test environments dynamically in
Jenkins
+
Use Docker or Kubernetes to spin up test environments during
pipelineexecution.
Example: Deploy test environments using Helm charts and tear themdown after
tests.
How do you customize notifications for specific
pipelinestages
+
Use conditional logic to send stage-specific notifications. Example: Notify
the QA
team only when the test stage fails.
How do you integrate Jenkins with Microsoft Teams for
notifications
+
Use a webhook to send notifications to Teams channels. Example: Post
pipeline
results to a Teams channel using a curl command.
How do you optimize Jenkins pipelines for
Docker-basedapplications
+
Use Docker caching and multis tage builds to speed up builds. Example: Build
and
push Docker images only if code changes aredetected.
How do you deploy containerized applications using
Jenkins
+
Use Kubernetes manifests or Docker Compose files in pipelinescripts.
Example: Deploy
to Kubernetes using kubectlapply .
How do you debug failed Jenkins jobs effectively
+
Analyze logs, enable debug mode, and rerun failing stepslocally. Example:
Use sh
'set -x' inpipeline steps to trace shell command execution.
How do you handle intermittent pipeline failures
+
Use retry mechanis ms and investigate logs to identify flakycomponents.
Example:
Retry a step with a maximum of three attempts: retry(3) { sh
'flaky-command.sh' }
How do you implement blue-green deployments in
Jenkinspipelines
+
Use separate environments for blue and green, then switch trafficusing a
load
balancer. Example: Deploy the new version to the green environment, test it,
and
redirect traffic from blue to green .
How do you roll back a blue-green deployment
+
Switch traffic back to the stable environment (e.g., blue ) in case of is
sues.
Example: Update load balancer settings to point to the previousversion.
How do you standardize pipeline templates for
multipleprojects
+
Use Jenkins Shared Libraries to define reusable pipelinefunctions. Example:
Define a
buildAndDeploy function forconsis tent CI/CD across projects.
How do you parameterize pipeline templates for
different
use cases
+
Use pipeline parameters to customize behavior dynamically. Example: Use a
DEPLOY_ENV
parameter to specifythe target environment.
How do you monitor long-running builds in Jenkins
+
Use the Build Monitor plugin or integrate with external monitoringtools.
Example:
Set up alerts for builds exceeding a specificduration.
How do you identify agents with high resource usage
+
Use the Monitoring plugin or analyze system metrics. Example: Identify
agents with
CPU or memory spikes duringbuilds.
How do you audit Jenkins pipelines for
regulatorycompliance
+
Use plugins like Audit Trail to log all pipeline changes andexecutions.
Example:
Ensure every production deployment is traceable with anaudit log.
How do you enforce compliance checks in Jenkins
pipelines
+
Integrate with compliance tools like HashiCorp Sentinel or customscripts.
Example:
Fail the pipeline if IaC templates do not meet compliancerequirements.
How do you configure Jenkins for auto-scaling in
cloudenvironments
+
Use Kubernetes or AWS plugins to dynamically scale agents based onthe build
queue.
Example: Configure a Kubernetes pod template to spin up agents ondemand.
How do you balance workloads in a dis tributed Jenkins
setup
+
Use node labels and assign jobs based on agent capabilities. Example: Assign
resource-intensive builds to high-memoryagents.
How do you analyze build success rates in Jenkins
+
Use the Build His tory Metrics plugin or integrate with externalanalytics
tools.
Example: Generate reports showing success and failure trends overtime.
How do you track pipeline execution times across
multiple jobs
+
Use the Pipeline Stage View plugin to vis ualize executiontimes. Example:
Identify
stages with consis tently high executiontimes.
How do you implement canary deployments in
Jenkinspipelines
+
Deploy updates to a small percentage of instances or users first,then
gradually
increase. Example: Route 5% of traffic to the new version using feature
flagsor load
balancer rules.
How do you deploy serverless applications using
Jenkins
+
Use CLI tools like AWS SAM or Azure Functions Core Tools. Example: Deploy a
Lambda
function using aws lambdaupdate-function-code .
How do you handle a Jenkins master node running out of
dis kspace
+
Clean up old build logs, artifacts, and workspace directories.Example: Use a
script
to automate periodic cleanup: find $JENKINS_HOME/workspace -type d -mtime
+30 -exec
rm -rf {}\;
How do you address slow Jenkins startup times
+
Optimize plugins by removing unused ones and upgrading to newerversions.
Example:
Use the Pipeline Speed/Durability Settings for lightweight pipeline
executions.
How do you migrate from Jenkins to a modern CI/CDtool
+
Export pipelines, convert them to the new tool's format, andtest the
migrated
workflows. Example: Migrate from Jenkins to GitHub Actions using
YAML-basedworkflows.
How do you ensure Jenkins pipelines remain
future-proof
+
Regularly update plugins, adopt new best practices, and refactoroutdated
pipelines.
Example: Transition from freestyle jobs to declarative pipelines forbetter
maintainability.